Shooting Yourself in Your IT Foot

We got a call recently from an MIA client who was trying to save money by relying on their “resident IT expert.” They could have shot themselves in the foot, but somehow, a few dance steps worked in their favor. They dodged this bullet, but not everyone is that lucky.

Our client is a multi-generational company, and one of its long-time employees served as their “resident IT expert.” A couple of members of the younger generation called us in because something didn’t seem to be right with their system. They thought their system was beyond repair for all intents and purposes. What concerned us most were two answers that we got for most of our questions:

  1. “I don’t know.”
  2. “We don’t have that information.”

When we logged into their system, we looked at their router and firewall and started to look at their setup. This time, we got some answers.

“Do you have another office?”

“Yes.”

“Does it connect to your system here?”

“Yes.”

The connection was made through a desktop computer that was sitting in a corner of the office – a computer that nobody ever touched. It was wide open; they allowed remote access to the desktop, and there was no protection against any kind of intruder. The hacker was able to get in and hijack their software by encrypting it.

We made phone calls to all of their application software vendors to learn how everything interacted, and we learned that they used Carbonite to back up their data. Trying to recover it was useless because all the data was corrupted, but we were able to get in. What we saw was eye-opening.

It turned out that they were hosting one small application that opened the door. Then we saw that nothing had been backed up for the entire year – and the ports were wide open. They also had an antiquated email system that was hijacked. Their in-house person never foresaw any issues with their setup and didn’t know the consequences of any settings that were tweaked or ignored.

We recommended they contact the hacker and see what it would cost to ransom their data, but they preferred to re-enter all of their data for the year. They had hard copies.

Before they began their recovery, we installed a new server and firewall, and while working with one of their software companies, we learned they had a copy of the data up to Aug. 1. Before they began any work, we set up a new email system and new log-in credentials.

It looked like they had dodged a hail of bullets, but within a day, their in-house person was already compromising their system by installing a bunch of utilities and other software. We put a stop to that, and that halted their system leaks and plugged their gaps. However, the whole process of investigating their processes and systems and buying and installing their new systems cost them almost $7,000 – plus their internal cost to re-enter what now amounted to one month’s worth of data. You could also add in a cost factor for aggravation.

In today’s age of a hacker-happy internet, you need a security audit to make sure your vulnerabilities are shored up. Call us – 973-433-6676 – or email us to set up your security audit. It will take an hour or two and cost less than $200. Hackers are highly sophisticated. How much could a breach of your system cost you? Don’t be penny wise and pound foolish.