Your business is going to fail because you haven't sorted your technology risks!

​Well, maybe not the whole business but you're definitely going to take a hit, which could be critical if you aren’t prepared for it.  All around New Zealand businesses are being affected in different ways by different threats to their IT which in turn has a direct flow on to their business.

We’ve been talking to people around the Waikato, vendors and insurance brokers and have heard some horror stories.  Like the engineering firm being hit by a Cryptolocker virus demanding a ransom, locking them out of their own IT files – in the end costing close to $20,000 to get it sorted and in lost income. 

Or the trading website being hit by a targeted DDOS attack, crippling their site, meaning their customers could not trade.  After significant effort, they were able to address it and put in measures to negate/mitigate that and future attacks.  Of course only after $500,000 in lost profits and remedial costs.

Going further abroad, what about the company whose failed back up that ended up costing them $5.8 million.  Their core system and switched to the failover system, that’s great, however, the backup had failed too, losing them 72 hours of orders, mailings and collections. 

The risks around IT and the impacts continue to grow day-to-day as business become more and more reliant on technology.  Every process we put into a computer system, those spreadsheets, those IT programmes become a part of our business and its ability to run. 

How do avoid this risk? Do we stop putting things into computer systems, stop connecting our machinery to software that makes it run more efficiently?  Go back to pen and paper? Well no, the old pen and paper had its own risks (WINZ documents littering central Auckland anyone?) and definitely some problems with scale and accuracy.
No, we need to look at how we are using technology, understand each use and its risk profile.  What do we mean by risk profile? 

Well, each time you make use of a new piece of technology, that technology and the way you use it defines the risk you now have in its continued use.  Let’s take an example of a smartphone.  Pretty common, pretty useful too!  Some would say the most significant invention of the last 18-20 years (let's not start BlackBerry vs Apple…who created the smartphone first).

You give these to your staff, great, now you can talk to them when you need to.  Out on the job? No problem, ring-ring!  Now you think, wouldn’t it be great if I could email them? Super! Let’s turn that feature on.  Oh wait, your team lead left their phone on a site or in a meeting room.  Was the phone locked?  Can anyone see those emails? Now, someone you don’t know, your competitor say, can now see that spreadsheet you sent to good-old-bob with the costs and margins your running!  Or your employee starts using the phone for things they maybe shouldn’t. Uh-oh! A virus gets back to your email server.  Your handy phone just took out your communications for the next 48 hours while the IT staff frantically clear out the trojan horse virus running around your network.

Sound unlikely, not so much, Waikato DHB’s IT systems were attacked by a similar process (a USB drive with the virus on it plugged into a computer on their network), weeks later they finally evicted the virus.

Or, what if it's not about a person doing something wrong or accidentally, there's just plain old wear and tear that can take out a whole hospitals system.  Just recently another DHB (sounds like I’m picking on hospitals, honest I’m not, you might say it reflects the underinvestment in technology – don’t get me started on that!) had a fire in their server room.  They ended up running on paper for weeks.
​
Every time an IT risk is realised it has a financial impact on your business, sometimes small, sometimes significant!
So how do you establish your IT risk profile?  Here are a few questions you can ask yourself to do a self-assessment: 

• If that <insert name of technology> was unavailable for 1 hour, 2 hours, 24 hours or a week; Would my business still carry on? Would my clients be affected? Would it shake their confidence in me/the business?
• If that piece of hardware failed would it damage other equipment? Could I replace it? Could my supplier replace it? have you tested them on this? (we just observed a recent situation where a reputable technology supplier couldn’t get replacement parts for a core computer that was under warranty, three different attempts sourcing parts from as many countries, to get them going again)
• If the information in <insert name> computer system became public, would it impact your reputation? Would it expose your internal intellectual property and processes?
• If a fire happened, driving you from your current place of business, and you had to run your business from somewhere else, could you? Would your IT systems still be available? (we all remember those stories of people having to break the law by going back into collapsing buildings to get their computers out during the Christchurch quakes)

If you answered “yes” to any of these then you might need to look a bit closer at your risk profile and get help.  In the meantime here are some general tips to get you going:

• Test your backups regularly
• Trial your failover at least once a year
• We like to trust our suppliers but get them to demonstrate they have the replacement parts you need
• Have a conversation with your current technology vendor, make sure they understand how important certain parts of your technology systems are.  Review your support agreements to ensure your priorities are reflected in their response times
• Keep your warrantees up-to-date

Our team at IITC have been around the technology industry for a long time and understand the risk and benefits of technology.  We also understand the market and what each ICT vendor is offering.  We aren’t interested in selling you our backup technology or cloud software (we don’t sell stuff), but we are interested in understanding your business, your current and future technology needs and helping you find the right people and solutions to these problems.  We will help mitigate your risk and create the benefits you can get from taking full advantage of technology.
Call us for a free initial consultation about your business and technology or just to talk.