Three IT horror stories that will make you scream!
In insight / By Lydia Cooper / 25 October 2019
With today being Halloween, we look back on the three biggest IT disasters that have kept IT professionals up at night in recent years – and give advice on how to avoid similar nightmare situations.
The first disaster affected millions of TSB customers who back in April 2018, were locked out of their accounts after an IT upgrade led to an online banking outage. A planned system upgrade was expected to shut internet and mobile banking services down for one weekend but ended up causing months of disruption.
The problems arose from TSB’s move to a new banking platform following its split from Lloyds Banking Group. Immediately after the new system was switched on, many customers reported experiencing problems logging in to their online banking portal, while even more seriously, others reported being shown details from other people’s accounts or inaccurate credits and debits on their own accounts. Customers remained locked out of their accounts two weeks after the initial outage.
Unfortunately, three months later whilst TSB were still working their way through the backlog of complaints, another outage struck. TSB claimed the issue was solved later that day, however, the knock-on effect affected the bank’s relationship with parent company, Sabadell who are now reported to be considering selling TSB.
System and software updates are a necessary fact of life to improve service delivery, however, they can cause downtime and are not always straightforward. When you outsource your IT to a managed service provider like Nasstar, software updates are managed by your provider with experts specifically working on how to improve the solution delivered. This means that businesses no longer have to manage the time and cost needed to look after onsite servers and ensure they are updated enough; the IT partner does all the hard work for you. An outsourced solution also allows for easy expansion, allowing a business to grow without the fear that internal servers can’t support the additional workload.
Next up, in May 2017, a large ransomware attack called WannaCry hit NHS England and various organisations in the UK and around the world. The attack was due to vulnerabilities found in Microsoft operating systems installed in millions of computers around the world. According to Microsoft, the Windows versions that were vulnerable to the attack were versions which were no longer supported by Microsoft such as Windows 8 and Windows XP, which the NHS trusts and affected companies seemed to be running.
We all know that cyber-incidents are inevitable today. There are simply too many threats out there, too much exposure and too many determined parties for any organisation to be 100% secure, 100% of the time. So, the key to mitigating risk, aside from reacting quickly and effectively to any incident, is learning from it so it’s less likely to happen again. Managed service providers have many layers of security to protect client’s services including constant updates, patching, firewalls, and firmware, however, a business needs to adopt a cyber-savvy culture from top to bottom to stand the best chance of protecting itself. The focus needs to be on education and training as well as regular updates to ensure best practice is always front of mind for staff.
Nation state campaigns or sophisticated digital skimming operations often grab the headlines; however, they don’t always tell the full story. Lost and stolen devices also are a major source of trouble when it comes to cybercrime. Just ask Heathrow Airport which was recently fined £120,000 by the regulator after losing a USB drive containing highly sensitive information.
The USB stick was found by a member of the public in October last year and contained more than 1,000 files and was not encrypted or password protected. The ICO said it contained the details of up to 50 Heathrow security personnel. Reports at the time suggested it contained files revealing information such as security measures used to protect the Queen at Europe’s busiest airport, the types of ID needed to access restricted areas and the locations of CCTV cameras and tunnels linked to the Heathrow Express.
When you consider the popularity of BYOD in modern organisations, the risk of lost or stolen devices increases further. The bottom line is that humans make mistakes and with BYOD and corporate-sanctioned devices either storing large amounts of sensitive data or offering easy access to networks, cloud services, and official apps, there’s an urgent need to lock down risk.
It starts with drawing up a watertight policy governing all mobile devices and removable media in the workplace. Now you need a way to enforce it down to every single device. This is where mobile device management platforms can help to encrypt data, remotely wipe devices, back up and manage password protection. Now add to this cyber security training and awareness programmes and cyber-insurance for those devices and you should have the makings of a decent mobile security strategy.
As a managed service provider, Nasstar ensures that security is present as every level of our organisation, and it can be in yours too.