The world of information technology can be confusing and overwhelming. Companies that sell information technology solutions will be quick to declare themselves as experts - but are they really providing the best advice for your business? Is it worth paying for professional advice?

Keeping the lights on

What could possibly go wrong if you find a cheap alternative for your information technology solutions? For example, anyone can create a website, right?

Wrong. You get what you pay for – and a website created on the cheap can cause no end of headaches for your business.

Last week I heard about a sole provider who'd been hosting websites and email accounts for clients that disappeared. The provider unfortunately died, but it wasn't unexpected, she'd been ill with cancer for some time. But there was no business continuity plan in place, so when she died no-one else had access to the servers that her clients' websites and email accounts were hosted on. When the bills for hosting went unpaid, the websites and email accounts completely disappeared and could not be recovered.

There are tools (such as the Wayback Machine) to view historic snapshots of websites, from which the websites can be recreated from scratch. But in the meantime the affected clients are left without a web presence. Investigations are ongoing as to how to recover the lost emails!

The lesson to learn from this… ask your information technology providers about their business continuity plans and how they'll ensure your services aren't interrupted if something goes wrong at their end!

Recovering from attack

You think you're too small to be targeted by hackers. So backups aren't that important are they? Why bother with the hassle of being disciplined with taking backup copies of every last little piece of information your business uses?

I've heard of two cases in the last month or so of Adelaide not-for-profits being targeted by crypto-locking ransomware attacks. These are attacks which freeze the computer of the person who clicks on the hacker's link and activate the virus. Everything gets locked and a message asking for a ransom payment to unlock the computer is displayed on the screen. The virus propagates itself throughout the network of computers within seconds, infecting every computer and effectively bringing your business to its knees.

Recovering from such a disaster can take days, and you may never fully recover all of your information if you haven't been disciplined with backups!

The first thing to do if you think you're computer's been hacked is to pull out the network plug. Immediately tell everyone in your business that there's a suspected problem, to try to limit the reach of the virus. Then ask a professional for help, don't delay, and don't try to fix the problem yourself.

If you've been diligent with backups and have '€˜air-gaps' between the network and your backup devices you'll have a good chance of recovery from the disaster Don't rely on cloud-based backups as these are connected via your networks and can become infected by the virus too! You should have information backed up onto devices that can be unplugged and taken off site. For a small business that can be as simple as an external hard-drive that you take home from the office every night. These cost as little as $77 from Officeworks.

Don't be the source of attacks

What's wrong with using free, open-source development platforms to create software systems? Nothing as such, but be aware that these platforms are constantly under attack by hackers looking for an easy way to infiltrate your business and your clients' businesses.

WordPress, one of the open-source website development platforms, has had some alarming security breaches with its plug-ins recently.

If your website's been developed in WordPress and is compromised it can be very costly in terms of brand damage for your business and in remediation costs to remove the problem.

Last month it was revealed the WordPress Custom Content Type Manager plug-in created security nightmares. When this was included in WordPress websites it created backdoors into the sites, giving hackers access to change your website pages and make them the source of ransomware attacks!

(read more about the Custom Content Type Manager security breach)

This is by no means not the first time a WordPress plug-in has been compromised. In June 2015 another WordPress plugin, SweetCaptcha, was used to distribute Adware. The plugin's script was the cause of unwanted and potentially malicious pop-ups and pop-unders that promoted scams, dating sites or offers to install malicious software laden with viruses.

(read more about SweetCaptcha's security breach)

The scariest thing about the problems with these plug-ins was that they had been approved by WordPress as virus free, so people had added them to their websites and set them up to automatically update when new versions were released. Hackers then attacked and compromised the updates to the plug-ins, so a trusted source of software was used as the source of spreading virus infections.

Tell us your stories!

What horror stories have you heard about or been involved with where you've seen businesses take a gamble with their information technology?

The more we are all aware of what can go wrong, the better chance we have of mitigating the risks.

Wiser Technology Advice is here to help

Our consultants have many years' experience in the industry and we are here to help.

For wise, independent advice on finding information technology solutions that are right for your organisation, contact Wiser Technology Advice today to learn about how we can deliver results for you.