Neglect – The Silent IT Killer

We saw all the signs of classic neglect when we started with a new client who had been dissatisfied with their previous service provider. The fact that updates were never installed was horrifying because the client was in a financial services field. We can’t say if there was willful or accidental neglect, but the lack of updates could have killed a business.

What we saw can happen in any office where a company owner or manager has lost trust with their IT service provider: They stumble onto an issue. In many cases, businesses trust their IT providers to the point that they don’t keep their passwords on-hand (much less up to date) and don’t learn how to check to make sure updates have been installed. For this client, it seems that automatic updates were turned on and then turned off.

We know that some IT providers and some users don’t like automatic updates because they want to be able to monitor how changes take effect or make sure all the bugs are out. We don’t agree with that practice, and this is an example why. When automatic updates are turned off, it’s too easy to miss a notification when one is available, and that can lead to all sorts of security risks. Bugs in updates are inevitable, and patches to fix them are issued pretty quickly.

In this case, the server hadn’t been updated for nearly two years (keep this time period in mind), but we didn’t learn that until the client forced the previous IT provider to send the passwords for the server and the firewall. Everyone should remember that you own your passwords – and remember that you should keep them stored in a safe but accessible place.

Once we got access, we learned that the physical server and firewall had not been updated for two years. The firewall had no security or operating system updates since 2012. We told the client they had to update everything immediately.

We also found that their Wi-Fi network was not properly segmented, and that allowed access to everything through their guest network. That was neglect on somebody’s part, and I’ll blame the previous provider. That’s something that should be taken care of without any excuses.

At that point, I took out my Dashlane password manager and immediately generated new passwords with random numbers, case-sensitive letters and special characters. I printed them out and reviewed them all with the client to make sure they knew all of them correctly.

You can avoid these problems by making sure you get automatic updates and by knowing all of your passwords. You can also make up for past neglect by checking yourself to see when the last updates were installed – as long as you have all of your passwords.

If you have a server, you can look at the date of your last update through your control panel. If you see a huge gap between the day you check and the last installation, that’s a bad sign. In the case of the new client, who had issues with a previous service provider, the last server update was nearly two years before we found the problem.

On a computer running Windows 10, you can simultaneously push Control, Alt and Delete to bring up Task Manager. Click on the Performance tab and highlight the CPU button on the left. You should see Uptime in the bottom center of the screen. The columns, looking left to right, measure days, hours, minutes and seconds. Uptime is calculated from the most recent restart. If your uptime is 30 days or more, it’s a sign that you likely are not getting updates or not rebooting to clear out trash from your system. In one case, we saw an uptime of 286 days.

You can set up automatic updates for Windows and many of your applications. If you see or believe that your updates are woefully out of date, call us – 973-433-6676 – or email us to set up an appointment to walk you through the update process free of charge. You can’t fall behind on security.

Inside the World of Updates

Facetime updates got a lot of face time recently with all the reports about how a 14-year-old discovered a bug that left a mic open even if a recipient didn’t answer a group Facetime call. It was shocking but not surprising, based on how updates are developed and implemented.

Apple, Microsoft, Google and other technology companies are huge corporations and, as such, are highly compartmentalized. When I visit trade shows and conferences and can find an engineer or software developer to discuss very specific issues related to hardware, firmware or software, the conversations very technical and very tightly focused. They are brilliant people, but they operate in silos.

So, when a problem like the Facetime issue surfaces, it’s likely to involve a piece of code that only one person or a small team worked on – based on instructions that may have come down through several layers of command. That person or team didn’t talk the public or get any feedback based on a personal interaction. Further, the amount of code needed to implement a feature such as a group Facetime session is massive. It’s written in sections and assembled in sections, and even though they are tested, errors can occur each time lines of code from various teams are put together. The people involved do a great job, and the percentage of errors to lines of code written is practically microscopic.

The bottom line is that bugs will show up in the real world, and they need to be found and fixed before any catastrophic consequences show up. But code is not the only factor in updating software for use on a computer or device. We see a lot of old computers and devices with old operating systems that simply cannot handle updates.

We were reminded of the technology gap that opens up when working with older systems. It involved a family business, and technical challenges arose as some family members wanted capabilities that were requested by others. The challenges came as we had to work with computers and devices with a wide range of ages and with differences between Windows 7 and Windows 10. We had to be mindful that Windows 7 is 12 years old and that we are six versions into Windows 10.

Our common thread in the solution had to be sealing up security breaks. We can’t emphasize enough that security patches are the biggest improvements in upgrades and updates, although we all get excited about new features and capabilities. And the problem is that an older system can only handle a limited number of security and feature updates.

At some point, it doesn’t pay for a software or hardware provider to support older systems. Their developers have to jump from one issue to another like playing Whac-A-Mole, and then there is a smaller universe of real-world users to provide feedback on the new code and then use it.

One of our missions is to make the most efficient use of your money. We’ll always do our best to avoid having you buy new equipment or software by trying to find a good workaround. But sometimes, buying new technology can give you a better return on your investment, and one of the reasons to do so is to take advantages of upgrades and updates that are used by a larger universe of people and businesses. That can be especially beneficial based on the how the update world lives.

We can help you install, configure and test updates, and we can advise you on whether to upgrade or keep your current technology. Call us – 973-433-6676 – or email us for a consultation.