We saw all the signs of classic neglect when we started
with a new client who had been dissatisfied with their previous service
provider. The fact that updates were never installed was horrifying because the
client was in a financial services field. We can’t say if there was willful or
accidental neglect, but the lack of updates could have killed a business.
What we saw can happen in any office where a company
owner or manager has lost trust with their IT service provider: They stumble
onto an issue. In many cases, businesses trust their IT providers to the point
that they don’t keep their passwords on-hand (much less up to date) and don’t
learn how to check to make sure updates have been installed. For this client,
it seems that automatic updates were turned on and then turned off.
We know that some IT providers and some users don’t like
automatic updates because they want to be able to monitor how changes take
effect or make sure all the bugs are out. We don’t agree with that practice, and
this is an example why. When automatic updates are turned off, it’s too easy to
miss a notification when one is available, and that can lead to all sorts of
security risks. Bugs in updates are inevitable, and patches to fix them are issued
In this case, the server hadn’t been updated for nearly
two years (keep this time period in mind), but we didn’t learn that until the
client forced the previous IT provider to send the passwords for the server and
the firewall. Everyone should remember that you own your passwords – and
remember that you should keep them stored in a safe but accessible place.
Once we got access, we learned that the physical server
and firewall had not been updated for two years. The firewall had no security
or operating system updates since 2012. We told the client they had to update
We also found that their Wi-Fi network was not properly segmented, and that allowed access to everything through their guest network. That was neglect on somebody’s part, and I’ll blame the previous provider. That’s something that should be taken care of without any excuses.
At that point, I took out my Dashlane password manager
and immediately generated new passwords with random numbers, case-sensitive
letters and special characters. I printed them out and reviewed them all with
the client to make sure they knew all of them correctly.
You can avoid these problems by making sure you get
automatic updates and by knowing all of your passwords. You can also make up
for past neglect by checking yourself to see when the last updates were
installed – as long as you have all of your passwords.
If you have a server, you can look at the date of your
last update through your control panel. If you see a huge gap between the day
you check and the last installation, that’s a bad sign. In the case of the new
client, who had issues with a previous service provider, the last server update
was nearly two years before we found the problem.
On a computer running Windows 10, you can simultaneously
push Control, Alt and Delete to bring up Task Manager. Click on the Performance
tab and highlight the CPU button on the left. You should see Uptime in the
bottom center of the screen. The columns, looking left to right, measure days,
hours, minutes and seconds. Uptime is calculated from the most recent restart.
If your uptime is 30 days or more, it’s a sign that you likely are not getting
updates or not rebooting to clear out trash from your system. In one case, we
saw an uptime of 286 days.
You can set up automatic updates for Windows and many of
your applications. If you see or believe that your updates are woefully out of
date, call us – 973-433-6676 – or email
us to set up an appointment to walk you through the update process free of
charge. You can’t fall behind on security.