Well, maybe not the whole business but you're definitely going to take a hit, which could be critical if you aren’t prepared for it. All around New Zealand businesses are being affected in different ways by different threats to their IT which in turn has a direct flow on to their business.
We’ve been talking to people around the Waikato, vendors and insurance brokers and have heard some horror stories. Like the engineering firm being hit by a Cryptolocker virus demanding a ransom, locking them out of their own IT files – in the end costing close to $20,000 to get it sorted and in lost income.
Or the trading website being hit by a targeted DDOS attack, crippling their site, meaning their customers could not trade. After significant effort, they were able to address it and put in measures to negate/mitigate that and future attacks. Of course only after $500,000 in lost profits and remedial costs.
Going further abroad, what about the company whose failed back up that ended up costing them $5.8 million. Their core system and switched to the failover system, that’s great, however, the backup had failed too, losing them 72 hours of orders, mailings and collections.
The risks around IT and the impacts continue to grow day-to-day as business become more and more reliant on technology. Every process we put into a computer system, those spreadsheets, those IT programmes become a part of our business and its ability to run.
How do avoid this risk? Do we stop putting things into computer systems, stop connecting our machinery to software that makes it run more efficiently? Go back to pen and paper? Well no, the old pen and paper had its own risks (WINZ documents littering central Auckland anyone?) and definitely some problems with scale and accuracy.
No, we need to look at how we are using technology, understand each use and its risk profile. What do we mean by risk profile?
Well, each time you make use of a new piece of technology, that technology and the way you use it defines the risk you now have in its continued use. Let’s take an example of a smartphone. Pretty common, pretty useful too! Some would say the most significant invention of the last 18-20 years (let's not start BlackBerry vs Apple…who created the smartphone first).
You give these to your staff, great, now you can talk to them when you need to. Out on the job? No problem, ring-ring! Now you think, wouldn’t it be great if I could email them? Super! Let’s turn that feature on. Oh wait, your team lead left their phone on a site or in a meeting room. Was the phone locked? Can anyone see those emails? Now, someone you don’t know, your competitor say, can now see that spreadsheet you sent to good-old-bob with the costs and margins your running! Or your employee starts using the phone for things they maybe shouldn’t. Uh-oh! A virus gets back to your email server. Your handy phone just took out your communications for the next 48 hours while the IT staff frantically clear out the trojan horse virus running around your network.
Sound unlikely, not so much, Waikato DHB’s IT systems were attacked by a similar process (a USB drive with the virus on it plugged into a computer on their network), weeks later they finally evicted the virus.
Or, what if it's not about a person doing something wrong or accidentally, there's just plain old wear and tear that can take out a whole hospitals system. Just recently another DHB (sounds like I’m picking on hospitals, honest I’m not, you might say it reflects the underinvestment in technology – don’t get me started on that!) had a fire in their server room. They ended up running on paper for weeks.
Every time an IT risk is realised it has a financial impact on your business, sometimes small, sometimes significant!
So how do you establish your IT risk profile? Here are a few questions you can ask yourself to do a self-assessment:
Call us for a free initial consultation about your business and technology or just to talk.