I wish the networks I manage were MY networks to manage. But they are not. I may be contracted to do everything regarding a business network – I consult, I make recommendations, I quote, I sell, I install, I implement, I support – but it is not my network. There are always some hurdles which are hard for me to overcome. The most common of which is the client’s reluctance to change anything. If I am managing a network, the business network owners still have the power to prevent certain best practices from occurring. But when something happens as a result of the relaxed configuration of their network, then we all end up paying for it with unwanted and costly downtime and business stoppage.
If these were my networks, I would just make the right choices and say, “This is what you need to do, conform or perish”.
I have been working with a long time client. The client moves slowly, but after some time reasserting my recommendations and goals, I can sometime push them through making the decision to affect the needed changes. I have slowly been able to push through changes, server upgrades, software upgrades, firewall upgrades, switch upgrades, WiFi upgrades…. all is well. Or at least was…. they have been lacking in one of the most important security measures in their network. And it came to bite us in the ass today.
PROPER PASSWORD POLICY.
Oh…. we have talked about it. I have been saying for months, years actually, that their password policy (or lack thereof) is going to eventually cause a major disruption. Basically, this user has had simple password of as little as four characters. You can imagine the worst.
I have said we need to beef up these policies. We need long password minimum lengths. We need complexity. We need them to change periodically. Clients push back. “I don’t want to have to remember a long password”. “I don’t want to have to put in weird characters”. “I don’t want to have to change my password every so often”. So we don’t make it happen, I let their desires stand. Why, because ultimately it is their network. Not mine.
But what ALWAYS happens is that they have to experience the disaster I warned them about for them to “get it”.
Well, it happened today for this client. Once I was able to describe to them exactly how their network was hacked by a hacker using the poorly thought out short password of one of their users and how their network server and many workstations became crypto-locked by what appeared to be Ukrainians, they got it! “What do we do?”, they asked. They had no trouble absorbing the information about what we needed to do and that they’ll have to work with their users to deal with these new policies for the continued protection of their network. Suddenly now, one of the evils is not as bad as the other as they once thought.
It not just the password policy argument where this can happen. I have to explain to client always about WHY things should be the way they should be.
- A proper backup just seems like a lot of expense and worry for something that might happen, and when free solutions exist. And clients don’t want to spend the right money to protect their servers against loss … until they’ve lost it.
- A proper antivirus solution just seems like a lot of expense and worry for something that might happen, and when free versions exist. And clients don’t want to spend the right money to protect their servers and workstations against viral attack … until they’ve they’ve been attacked.
- A proper Email spam and virus solution just seems like a lot of expense and worry for something that might happen. And clients don’t want to spend the right money to protect their Email flow against spam and viral attack … until they’ve they’ve been attacked.
- A proper Internet content filter solution just seems like a lot of expense and worry for something that might happen. And clients don’t want to spend the right money to protect their user’s Internet browsing habits against viral attack … until they’ve they’ve been attacked.
You see the trend here. It is NEVER a matter of “IF”, it is ALWAYS a matter of “WHEN”. Don’t wait to be attacked to do something to protect your business network against being attacked. You need to prepare to preserve your business network’s continuity. These services, like the services I provide here – http://www.nmjtechnology.com/?page_id=3250 – are like insurance. You may hate paying that bill, but when you need it, it is there, and it protects you. And in fact, it is better than insurance. My services won’t drop you after using it too many times. My services are always on, always there, and always protecting the network.
Call NMJ Technology LLC today at 330-283-6902 or write us at firstname.lastname@example.org to learn how you should be protected.