We saw all the signs of classic neglect when we started with a new client who had been dissatisfied with their previous service provider. The fact that updates were never installed was horrifying because the client was in a financial services field. We can’t say if there was willful or accidental neglect, but the lack of updates could have killed a business.
What we saw can happen in any office where a company owner or manager has lost trust with their IT service provider: They stumble onto an issue. In many cases, businesses trust their IT providers to the point that they don’t keep their passwords on-hand (much less up to date) and don’t learn how to check to make sure updates have been installed. For this client, it seems that automatic updates were turned on and then turned off.
We know that some IT providers and some users don’t like automatic updates because they want to be able to monitor how changes take effect or make sure all the bugs are out. We don’t agree with that practice, and this is an example why. When automatic updates are turned off, it’s too easy to miss a notification when one is available, and that can lead to all sorts of security risks. Bugs in updates are inevitable, and patches to fix them are issued pretty quickly.
In this case, the server hadn’t been updated for nearly two years (keep this time period in mind), but we didn’t learn that until the client forced the previous IT provider to send the passwords for the server and the firewall. Everyone should remember that you own your passwords – and remember that you should keep them stored in a safe but accessible place.
Once we got access, we learned that the physical server and firewall had not been updated for two years. The firewall had no security or operating system updates since 2012. We told the client they had to update everything immediately.
We also found that their Wi-Fi network was not properly segmented, and that allowed access to everything through their guest network. That was neglect on somebody’s part, and I’ll blame the previous provider. That’s something that should be taken care of without any excuses.
At that point, I took out my Dashlane password manager and immediately generated new passwords with random numbers, case-sensitive letters and special characters. I printed them out and reviewed them all with the client to make sure they knew all of them correctly.
You can avoid these problems by making sure you get automatic updates and by knowing all of your passwords. You can also make up for past neglect by checking yourself to see when the last updates were installed – as long as you have all of your passwords.
If you have a server, you can look at the date of your last update through your control panel. If you see a huge gap between the day you check and the last installation, that’s a bad sign. In the case of the new client, who had issues with a previous service provider, the last server update was nearly two years before we found the problem.
On a computer running Windows 10, you can simultaneously push Control, Alt and Delete to bring up Task Manager. Click on the Performance tab and highlight the CPU button on the left. You should see Uptime in the bottom center of the screen. The columns, looking left to right, measure days, hours, minutes and seconds. Uptime is calculated from the most recent restart. If your uptime is 30 days or more, it’s a sign that you likely are not getting updates or not rebooting to clear out trash from your system. In one case, we saw an uptime of 286 days.
You can set up automatic updates for Windows and many of your applications. If you see or believe that your updates are woefully out of date, call us – 973-433-6676 – or email us to set up an appointment to walk you through the update process free of charge. You can’t fall behind on security.