During good times, businesses usually operate IT on the just enough and just in time standard. Often, this includes putting off upgrades and license renewals until the last moment in favor of cash-on-hand or other investments. However, much like a hospital that routinely operates at 98% of their bed capacity, when a downturn hits – like a global pandemic – there’s no surge capacity on hand.
When that happens, you find yourself playing a game of cash crunch. It goes like this: you’re tightrope-walking your budget while juggling priorities like thrashing chainsaws.
Though you might be tempted to cut all of your IT spending cold, doing so will end up costing you more than you aim to save.
CUTTING BUDGETS? DON’T CUT ESSENTIALS LIKE NETWORK SECURITY
Prevention and preparation are the best cure. In healthcare, that means vaccination and quarantine. In IT terms, it means:
- Avoiding surprises – plan for updates and budget for your needs to avoid shocks and outages
- Keeping warranties and licenses current – do not let these lapse
- Installing the latest patches
- Building out your infrastructure with a 30% cushion to accommodate surges in bandwidth needs
When your Fort Worth-area business faces a downturn, cutting the budget is usually necessary and there are some reasonable, risk-appropriate ways to reduce your IT costs. However, some IT assets should be protected at all costs because the risks are much higher than the savings.
These are the risks that a project-based client neglected to weigh before suffering a nightmarish ransomware attack that, while tragic, perfectly illustrates why you need network security.
THE CONSEQUENCES OF CUTTING THE WRONG IT ASSETS FROM THE BUDGET
The client, a 300-employee bank with $1B in assets, was struck with ransomware shortly after Texas enacted shelter-in-place orders. In the months leading up to the lockdown, we advised the bank about their expiring backup contract and urged them to renew before they lapsed. Feeling comfortable that their files were already backed up, they opted not to spend the money – with severe consequences.
One click causes big trouble
Amidst the flurry of legitimate COVID-19 related emails the bank received, an employee clicked on a phishing attack and the hacker got ahold of 30% of the bank’s data and demanded a ransom. As proof of their successful breach, the hacker posted a spreadsheet from the CFO’s system that contained all of the bank’s vendor passwords.
Insufficient data backup exacerbated the damage
Immediately upon identifying the breach, VersaTrust took measures to lock down the bank’s systems and access their data backup. With their storage contract lapsed, the vendor did not have all the backup data available. Days would go by until their support would handle the case.
A very costly click, indeed
As a result, a breach that shouldn’t have happened produced a system outage that lasted 24 hours. During that time, no ATM transactions, loans or other sources of revenue could take place for the bank. Moreover, with their vendor password list fully exposed, they had no choice but to pay tens of thousands to ransom their data.
6 IT ESSENTIALS YOU SHOULD NOT CUT – NOW OR EVER
When budgets do need to be thinned out, we strongly encourage you to engage your managed IT services provider to work with you to consider all the risks and make a new IT plan without leaving you exposed. The real-life example of our regional bank client illustrates how missing just one of these IT assets is too big a risk to take while reducing your budget.
- Firewalls and internet connections
During the tumult of the COVID-19 crisis, connectivity infrastructure has proven to be very difficult to ramp up. Many vendors and service providers are short-staffed and overwhelmed with requests while, at the same time, businesses shifting to remote work setups usually require a substantial expansion in bandwidth and connectivity hardware. - Warranties and service subscriptions
Allowing the warranties and essential subscriptions to lapse on critical devices is extremely risky during a downturn and crisis. Servers, critical computers, core network components, and main switches are essential to maintain business operations. Running these devices without a warranty is like driving without insurance or headlights during a midnight hailstorm. - Upgrades and patches
Outdated systems are more prone to crashes. This is precisely what happened to a healthcare prospect of ours. It caused an outage that prevented them from seeing patients, and they lost desperately needed revenue during the coronavirus crisis. - Basic network security
Disruption of any kind creates an opportunity-rich environment for hackers. In these moments, they nearly always go after the easiest targets, not the most cash-heavy ones. That’s why downturns and periods of disruption are the times to tighten your cybersecurity measures, rather than cut them as our bank client learned. - Backups
Keeping your network secure requires backups. Our bank client lost an entire day of revenue because of not having a current backup service plan which would have allowed them to immediately recover from the attack and keep their revenues coming in. - Employee cybersecurity training
Most breaches happen or are exacerbated by a lack of cybersecurity training for employees. During a disruptive event like a global pandemic, employee cybersecurity training becomes even more important because employees are distracted.
It’s clear that a little bit of cybersecurity awareness training would have gone a long way to stop the bank’s tellers, clerks, and loan officers from opening an unexpected PDF attachment from the CFO, who had previously never emailed most of them. Few had the training, and most were preoccupied like so many of us are. Consequently, many employees clicked the link and were exposed.
3 AREAS YOU CAN REDUCE YOUR IT SPEND RIGHT NOW
These are the times that any good business knows to tighten the belt and avoid unnecessary expenses.
- Don’t support people who aren’t there
Engage your IT provider in a review, or true-up, of your IT situation. You’re paying your IT services for a certain number of employees – and if you’ve let some go, or furloughed any, you don’t need to support that same number. A reputable IT partner will work with you to reduce your support costs accordingly – at least temporarily. - Eliminate extra licenses
Similarly, if you’ve reduced your workforce, then you may have software licenses that you no longer need to pay for. If you’ve increased your workforce, there may be a more affordable per-person price you are entitled to. - Defer network upgrades – but extend warranties
Though we normally recommend a lifespan of 5 years for most equipment, we’d be the first to advise that if you don’t have an IT budget, this isn’t the time to upgrade otherwise functioning and warrantied equipment. A temporary, but low-risk option, might be to defer the upgrade while extending the warranty on the existing hardware. If the warranty is going to expire without renewal options, plan to replace the equipment.
PREPARE FOR THE NEXT CRISIS AND A COVID-19 SECOND WAVE
You never know when a global pandemic might come out of China. Even though we’re all getting back to work, we recognize that many businesses are figuring out how to stay solvent, and we’re all wondering what impact the extended shelter-in-place orders will have on the economy.
Don’t cut anything from your IT budget without the support of a trusted security-focused IT professional first. Call us (817) 595-0111 or contact us online. We’ll help retool your IT budget safely and strategically.