Disaster recovery is top of mind for many people this week.
When businesses face emergency situations that force them out of their offices or storefronts — sometimes temporarily, sometimes indefinitely — many are able to draw on digital tools to quickly reboot their operations. Having a good data backup and recovery system in place is critical — as is a reliable IT person to make it happen seamlessly.
But aside from natural disasters, data breaches or cyber attacks can have just as devastating effects on organizations.
This was my key takeaway from the annual BCNET Conference in Vancouver. A gathering of higher education IT professionals in BC, this event has become one of the most important technology education and networking events in the province. As well as reinforcing the importance of having the right data governance and backup policies in place, many sessions looked at best practices for cybersecurity.
IT workers are on the front lines of malware and hacker attacks, dealing with crises every day that no else ever hears about.
I attended a fascinating panel talk on Cyber Security delivered by administration, auditing and investigation practitioners from the University of British Columbia (UBC), BC’s provincial government, and the RCMP. It was noted early on by Larry Carson, the Associate Director of Information Security Management at UBC, that ten years ago IT professionals were talking about how to prevent hackers from getting in; now they’re talking about how to contain the hackers who have inevitably gotten in.
Malware and Denial of Service attacks plague almost every institution with an online connection, at a scale that would have seemed unimaginable decades ago (we’re talking about multiple attacks daily).
Amazingly, many of the biggest issues that IT professionals have to deal with are caused by mistakes or missteps by the company’s (usually well-meaning) staff. Gary Perkins, Chief Information Security Officer for the Province of BC, described a particularly effective phishing email that was clicked on by 2,000 government employees simultaneously. This led to him shutting down the entire government’s mail server to contain the damage.
Another panelist noted that his organization still faces issues with staff members finding USBs in the parking lot and plugging them into their work computer because, “Hey, free USB!”
There clearly needs to be continual education for all staff of any organization on cyber security do’s and don’ts. And I think it’s worth regularly reinforcing how awesome our IT teams are at combatting the bad guys on a daily basis, and keeping everything running as effectively as possible. I don’t think we can tell them enough how important their work is!