I was inspired to write this blog because it’s a topic that’s often neglected and an area of IT where there’s no winners if it’s not given the attention it deserves.
We all know there are many great IT products in the technology marketplace that have a loyal following and an excellent reputation; and the majority of SMEs do invest in quality hardware, cloud services, software and security products. However, there’s one piece of the puzzle that’s often missing, an important one, it all needs to be monitored!
Here are a few examples to illustrate my point…
Storage – There’s still a lot of on-premise servers out there, and 99% of them (I made that statistic up!) use some form of RAID*. Without getting too technical, having RAID in your server means that should one hard disk fail, there’s another hard disk to take over the job and your colleagues simply carry on with their work day completely unaware that anything ever happened. If your IT support is also unaware of this magic that just happened, they also don’t know that they need to replace the failed disk. If the failed disk is not replaced, when a second disk fails (it does happen), your data and applications are no longer available and you’ll need to restore from your backup (assuming the backup is monitored and working).
Estimated unplanned disruption without monitoring in place – ½ day to 1 day
Storage capacity – If your server runs out of disk space, all sorts of unwanted things happen. Your computers could exhibit odd behaviour, print jobs could disappear, data corruption can occur and all your virtual servers could suddenly stop and the business has to grind to a halt. In most cases, but not all, the fix is simple, but from the point in time of recognising there’s a problem, reporting it to your IT support, IT support diagnosing the issue, IT support resolving the issue and reporting back to you, it can still have a big impact on your working day for you and your colleagues.
Estimated unplanned disruption without monitoring in place – 30 minutes to ½ day
Performance – It’s fairly unlikely that monitoring the performance of your servers, your network, your SQL databases 24/7/365 will prevent any unplanned disruption to your business. However, in the likely event that you do ask for assistance from IT support because of a performance issue, having performance monitoring already in place could save you days, weeks and possibly even months of pain before getting to a resolution plus you’ll have a much happier workforce, all because of the metrics the monitoring can provide your IT support and the picture it builds up.
Anti-virus software today is far more than the name implies it is, we just stubbornly keep calling it so. Most anti-virus software in 2023 is a sophisticated and multi-layered piece of security software operating at many different levels. It does an excellent job at protecting your files, your network traffic and your web browsing, but only if it’s working correctly! Does anyone in your business monitor that the latest version of the AV client is installed on every computer, or that every computer has the AV client installed at all, or that the latest definitions from the AV vendor are correctly downloaded and distributed, or that no one has deliberately disabled their local AV protection to make their job easier but simultaneously making their computer (and your business) vulnerable? If a malicious piece of software is allowed to enter your network, the consequences for your operation can be huge, both financially and reputationally. It’s paramount that your AV software is monitored all the time and that there’s someone who is skilled and experienced enough to know how to react to any security incidents logged or any gaps in protection.
Estimated unplanned disruption without monitoring in place – ½ day to ? Days
Firewall – A common attack vector for cyber criminals to deploy ransomware is the Remote Desktop (TCP 3389) protocol, so it’s a good idea to keep this port on the router closed. In fact, ALL unnecessary ports open on the router should be closed; the less holes you have in your firewall that cybercriminals can exploit, the better. Most IT support companies know this of course, but it’s the accidental open ports on a firewall that are a real concern and it does happen often, especially when multiple parties have access to the router’s admin interface. Your firewall should be monitored all the time or at minimum, audited regularly to check for unnecessary open ports.
Estimated unplanned disruption without monitoring in place – ½ day to ? Days
Patch Management – It’s good practice to install the latest security updates on any piece of IT equipment or software within at least 14 days of their release, if not sooner. A cybercriminal will always look for the weakest link in a computer network to attack your business and make a profit from you and that weak link could be a single computer that hasn’t got the latest security updates installed. Having a patch management solution in place will not only give you a mechanism to deploy the latest security updates promptly, but it will also constantly monitor your security update status and give you visibility of your business as a whole.
Estimated unplanned disruption without monitoring in place – ½ day to ? Days
Security event logs – every time a cybercriminal tries to get into your network and gets the username and password wrong, a log of this event is created. If you have hundreds and thousands of these events logged each day, you’d want to know about it because a) you want to know how they’re doing it so you can stop them and b) before too long they’ll wreak havoc in your business in any way they wish. Monitoring your security event logs for logon failures should be an important part of your monitoring strategy.
Estimated unplanned disruption without monitoring in place – ½ day to ? Days
Backups – At minimum, you should have in place a daily backup routine to protect your data from fire, flood, theft, cybercrime, accidental deletion etc. Often, you are notified by e-mail each time this backup operation completes so you know whether it was successful or not. There are a couple of pitfalls to consider though, 1) The recipient of the e-mails could be on holiday or sick and 2) If you receive no backup reports at all because the e-mail system that sent them wasn’t working properly, would you know there was a problem? It’s important you have in place a robust and clear backup monitoring system so that in the event that you need to restore, you can be confident your data is available.
Estimated unplanned disruption without monitoring in place – 2 days to ? Days
To conclude, prevention is always better than the cure and in today’s tech world, you cannot simply install hardware and software and forget about it for 5 years if you want to get the most out of your investment and protect your business, it all needs constant monitoring. Speak to me, Chris Lord, The Virtual IT Director to take a deeper dive or to help you with your monitoring strategy.
- RAID – Redundant Array of Inexpensive Disks – https://en.wikipedia.org/wiki/RAID