A Cautionary Tale: Why Recommendations Matter

It’s no secret that businesses face numerous vulnerabilities these days, including threats from cybercriminal that can cost them dearly – in lost time, resources, data, revenue, and, maybe worst of all, damaged reputation.

Companies such as The Network Support Company exist to help other businesses mitigate or minimize those risks. As a pro-active managed service provider, our primary mission with every one of our clients is to address their vulnerabilities before they turn into catastrophes. To do this, we routinely assess their network, and make recommendations on how to minimize their risk. And we take care to document everything we see, do and recommend. That’s us, doing our part. Our clients… well, for their part, they have to trust us, hear us, and then act on our recommendations.

When this isn’t the natural course of events, our clients sometimes pay a hefty price. Of course, we’d rather that never be the case.

Recently, we experienced an instance where one of our clients was hacked, with significant financial consequence, and the business owner wanted to know why TNSC wasn’t able to protect them. The owner said they had upgraded their firewall “less than a year ago” and followed other TNSC recommendations and protocols.

The owner was, unfortunately, mistaken. Because our techs are trained to carefully document every assessment, and spell out every recommendation and the reason for it, we were able to easily determine that this particular company had not taken action on the specific recommendations we put forth several months earlier – addressing this very vulnerability – and assigning it “high” priority.

I responded to the client’s inquiry with this note:

I am sorry to hear of the hack. The hackers got in through RDP and a weak password they were able to brute force break.

As to why it happened, the short story is that our support of [Client] has been very reactive due to cost considerations. A good firewall is just one piece of a good cyber defense. Things like our proactive managed services platform (AssistIT) which centrally manages antivirus, patching, and monitoring of key systems and our security product (SecureIT), which adds several more layers of cyber protection including a set of corporate cyber policies (like password, mobile and appropriate use) you can adopt, have not been approved. Even things like regular preventative maintenance visits required to keep the very basic security measures current, have not been approved, leaving you exposed to cyberattacks. You are not alone. Despite repeated warnings, a good portion of our clients have to have a bad experience before they act.

We understand that companies often have financial constraints. At TNSC, we’re careful to make only the recommendations that will most benefit our clients; in fact, we manage our clients’ resources like they’re our own. However, in a landscape where new virus and malware threats are deployed by the millions every day, businesses today are compelled to consider the potential cost of a security breach versus the relatively low cost of taking whatever steps are necessary to protect itself from them.