10 IT Nightmares and How to Avoid Them
By Paul Chard, Technical Architect Aavanade
Thursday, 21 October 2004 08:16 EST
Most companies’ IT support departments have a difficult enough time balancing operational and support requirements amidst staff turn-over, holidays, sick-leave, training, etc. Add to that, unforeseen incidents, technical issues and security breaches and you have an instant recipe for pandemonium amongst your critical systems.
The users are still there of course; blissfully unaware of the problems being faced by their humble IT support team… until… something big goes wrong. We all know that you can’t protect against absolutely everything; that your IT infrastructure can’t be 100 percent protected at all times, but what would be your answer the question? You know, the one asking what you could have done to prevent the service outage – should you have done something to prevent the disaster from impacting your IT systems and more importantly your company’s workforce productivity. Don’t wait until it happens to begin thinking about your answer – take a look at the common disasters below which affect companies that are unprepared. Take heed of the mistakes of others and make sure that your infrastructure is protected, so hopefully you'll never have to answer that painful question.
1. Critical site disaster
If your company lost one or more of its main sites due to a disastrous event such as a local emergency, bombing, fire or flood, would the rest of your business be able to continue operation? If your main site was unusable, where would your staff go to do their work? Would your business be able to recover from the incident in one week, two weeks, a month? Post-September 11th, most organisations are aware of the need for disaster recovery capabilities and response plans. However, it is still surprising how many companies do not have these capabilities in place. Many IT managers have a hard time convincing the finance people just how worthwhile investment into a well planned and tested Disaster Recovery response is. Disaster recovery is just like insurance – you won’t get any perceivable benefit from the money you spend, until you have an incident and need to make a claim. Unbelievably, some companies who do invest in disaster recovery capabilities don’t go far enough to ensure that the capability is tested regularly and that they have a full set of procedures in place to make sure that their response is appropriate. So check out your company’s Disaster Recovery response capabilities and make sure that you have the right systems and procedures in place that will actually work if and when you need to call on them. The peace of mind that your business gets from having the protection against a disaster will go a long way towards helping you sleep well at night.
2. Natural disasters or terrorist strike
Another undesirable, yet possible scenario is some form of disaster or terrorist action in an area where your business is usually conducted. Although your business premises may not be damaged, you may need to consider the possibility of your staff not being able to come to work in the normal location. The area affected could be a single building, street, suburb or even an entire city. National and multi-national companies are most likely to be affected when critical business functions cannot be continued in one location due to some form of disaster preventing staff from getting to work. In order to avoid this, it is important to have a business continuity plan in place that will allow your staff to know exactly what to do in such an emergency and where they should go in order to resume work. Having multiple sites, support for working from home, dedicated business continuity sites, backup business practices, redirecting work to other offices and flexible working staff, are all appropriate methods for responding to these incidents. Having the appropriate solution in place for your business will ensure that business can go on despite the impact of the emergency.
3. Major virus outbreak
Many companies have recently become painfully aware of the threat that virus and worm attacks pose to continued business operation. Good planning and appropriate use of available tools to secure corporate networks does ensure effective protection against viruses, but all too often, companies neglect the responsibilities they have for securing their networks. Not surprisingly, as a result, many companies are regularly caught short by a virus that manages to spread on the corporate network and bring it to its knees. Companies committed to investing in the right tools and procedures for preventing virus outbreaks and who engage the experts to develop incident response plans and procedures around preventing virus incidents do have a high degree of success against these outbreaks that so easily cripple unprotected networks. Success in this area comes down to getting the right advice and making the right choices to protect your IT systems. If you don’t do the work to secure your infrastructure ahead of time, you’re likely to become a victim of malicious viruses at some point in the near future. By not letting your guard down and taking the time to ensure that your network is protected, you can be sure that your time and budget can be devoted to more constructive areas.
4. Security breach and exposure of sensitive information
If you were to think about what information ‘crown jewels’ exist in your company and what the implications would be if that sensitive information was to make it’s way into the public domain, you may well be faced with the unpleasant task of writing your resignation. Information such as customer credit card details, financial information, personal details, secret documents, etc. is often stored and accessible on IT systems within a company without any specific measures being taken to secure those systems. By analysing the information assets that exist in your organisation and taking the appropriate steps to secure and control access to that information, you will be able to ensure that your company won’t become the next victim of a damaging and embarrassing security breach. Maintain your vigilance and protect your sensitive data so you can stop worrying about who may gain unauthorised access to your information assets.
5. Hacking attacks
No matter what time of the year it is, your corporate network and company communications are targets for hacking. Take your attention off the threat at any point in time and you risk exposing your corporate network to unseen dangers. Hacking is not some mysterious activity that only happens to fortune 500 companies – it is a deliberate attempt to infiltrate laxed security of any accessible network system. Hackers may be trying to obtain information, abuse resources, misrepresent organisations, take over web sites and servers, or simply create havoc. In order to be successful at these activities, hackers need to find vulnerabilities. The less vulnerabilities that exist in your corporate network, the more likely hackers are going to go elsewhere to find easier targets. Keep in mind also that staff changes, busy schedules, sick leave and other personnel issues may introduce distractions for your IT support team and allow hackers to find your easy ways in to your network. If your staff are not constantly looking for evidence of security breaches, chances are that you won’t even know you've been hit – until it’s too late. By keeping your guard up and keeping an eye on things, you can make sure there are no unexpected guests in your corporate network.
6. Product vulnerabilities & patch management
Software vendors shoulder some of the blame for software bugs, security issues and the need to patch operating systems and applications. However, your company also has a responsibility to protect its own network using the tools, best practices and advice that is available. Companies who choose not to invest in developing an effective software update methodology and tool set are leaving themselves open to attack and abuse by parties seeking to take advantage of weakened security. Whether the result is a security breach, denial of service attack or other system compromise, many companies, which have fallen victim to such attacks, have simply been guilty of failing to apply the necessary patches to their systems – even despite advance warning. Nobody would claim that this is an easy thing to accomplish, considering the difficulty of distributing patches rapidly and trying to maintain production system services at the same time. However, the potential damage that can occur when a company chooses to do nothing is massive. The tools and practices required for developing an effective solution to patch management are available and any company that chooses to simply blame software vendors and ignore their responsibilities is asking for trouble. A significant benefit can be achieved by working with patch management experts and with software vendors to increase your ability to respond effectively in this area. By implementing thorough processes and a well-planned system, you can ensure that you will be able to deal with security patches calmly and confidently and ensure that your systems are protected.
7. eCommerce outages
For many companies, Internet sales or other Internet facing business interactions form a significant amount of business revenue and/or reputation. A major failure of eCommerce capabilities would therefore mean potentially massive losses of income or business opportunities, which could even be severe enough to ruin the business. Many companies today rely entirely on their ability to seamlessly interact with partners and suppliers in order for their business functions to flow successfully, yet they often do not invest enough in protecting these systems and components that they depend upon. Loss of these critical capabilities could be catastrophic. In order to prevent this happening in you company, it is important to assess the criticality of these systems and protect them with an appropriate level of investment. By ensuring that your customers and partners can continue to interact with you all the time, you'll be keeping everyone happy and ensuring that your business is not lost to competitors.
8. Corporate espionage & disaffected employees
In today’s competitive corporate environment, most companies could not afford to lose their edge by having their secrets or information assets divulged to their competitors or released in the public domain. It is often easy for staff to lose focus and to make mistakes when they are busy or stretched to complete many tasks. It is imperative that IT support staff maintain their focus on ensuring that procedures are followed and those costly mistakes are avoided. It’s easy to assume that someone outside of your organisation will perpetrate theft of information or damage to systems, but it is widely documented and supported by research that these threats are most likely to come from people who work within your organisation. Staff who are dissatisfied or angry are capable of damaging the company’s performance and/or reputation by theft of information or unauthorised tampering with systems. Define a strategy to eliminate vulnerabilities to corporate espionage or unauthorised access within your corporate network. Have clear practices and procedures to follow that support the technology that you have deployed to provide a comprehensive approach to your company’s information system security.
9. Network overloads
Your users are increasingly under pressure to get their work done quickly and in the easiest way. They also need to interact and share information with colleagues, customers and partners regularly and rely more and more on seamless communication every day. There are more and more demands being placed on your network infrastructure – downloading large files, live communications, backing up data to servers, browsing the internet, sending multimedia and large document attachments to colleagues and friends, etc. If your company network is not able to cope with the increase in additional demands, you may find that some parts of your business just cannot function correctly, or worse, that the entire network becomes so overloaded that it fails. Getting staff and/or replacement equipment in place at short notice to deal with these problems may prove difficult. The best plan of action is to address your company’s needs proactively and to avoid an outage all together. By accurately assessing your company’s information needs and developing a combination of technology and people practices that will avoid overloading your infrastructure will allow your IT support staff to network and to forecast expansion requirements rather than having to simply react to major issues on your network. Avoid to frustration of network outages and poor service delivery & plan for growth.
10. Failed hardware & backups
When something goes wrong in your infrastructure, you need to be able to respond to it with swift action. Problems caused by a hardware failure need to be eliminated by replacing or repairing the component quickly and in order to do that you need to have the right personnel and the right equipment available to your team immediately. If you have systems that you simply cannot do without, you should look to provide redundancy or to have standby equipment on hand. The last thing you need when something goes wrong is to be told by a hardware vendor that you will have to wait 2 months for a replacement component that you needed yesterday. The key here is to be proactive and protect your company against hardware faults. Start by analysing your infrastructure and prioritising the components that you simply cannot do without and what the impact of their loss would be on the business. In addition, you need to review your backup solution management. You rely on some form of backup technology to protect your critical data and to ensure that you can recover systems and information quickly in the event of a data corruption or system failure. It is always surprising just how many companies don’t bother to test their investment regularly to ensure that what is being backed up is what they think is being backed up and that it can actually be restored successfully. You need to make sure that there is a procedure to recover critical systems in the event that a critical backup tape fails. There is never a convenient time to discover that your backups have failed or that you have no way of recovering systems. If you haven’t already, invest in a decent backup system and make sure you test it for correct operation within your environment.
|
|
|
Latest News
5 laptop security tips
20.07.07 Laptop theft is a huge problem.
Essential Bluetooth hacking tools
25.05.07 Bluetooth provides an easy way for a wide range of mobile devices to communicate with each other without the need for cables or wires.
DEP for IE7 in Vista
22.05.07 Security tips blog, security-hacks, has posted details on how to enable DEP for Internet Explorer 7 in Vista.
SMB over SSH: Secure File Sharing
18.05.07 Security tips blog, security-hacks, has published an simple guide to share files securely in heterogeneous networks.
Avoid data leaks by clearing the page file
14.05.07 Security-Hacks publishes a useful tip to avoid potential data leaks when you run out of memory.
How to set Master Password in Firefox
11.05.07 Nowadays many web sites require you to type a user name and password before you can enter the site.
How to test your firewall?
10.05.07 Security tips blog, Security-Hacks, has published a compilation of tools to test your firewall: "We’ve compiled a list of tools we believe will be of value to both home users and advance users.
|
|
