Let me tell you a deep, dark secret about some of your employees… one that you might be a little surprised to hear:
They aren’t reporting issues to you.
This can snowball into much larger problems. Let’s discuss.
I’m being pretty general here—for a moment I’m taking off my “computer guru” hat and putting on my “business owner” hat. This problem is something that transcends IT. Problems within a business can fester because employees don’t speak up. It’s how serious issues arise and it’s been a problem for a long time.
What kinds of serious issues?
Productivity issues, creep issues, HR issues—you name it. Problems can range from the small and benign to the “get a lawyer involved” emergency.
As your business grows and becomes more complex, there is more of a chance that this could happen. That’s why larger organizations hire teams of human resource professionals and other dedicated staff that exist simply to keep the gears spinning smoothly.
Why Don’t Some Employees Report Issues?
It’s going to differ based on the person, but some employees don’t want to ruffle any feathers. They’ll make do with what they have as long as it doesn’t cost them a raise or promotion or get in their way too much.
Other employees simply don’t air their grievances or feel they have the weight to get something to change.
You might feel like stopping me right here and telling me, “now wait a minute, as a business owner/manager, a pretty decent portion of my day is dealing with internal affairs!”
The squeaky wheels squeak pretty loudly. Ask yourself though—are the issues being brought up by certain individuals? Are there some employees that never mention anything? What are the chances that they never have a single problem?
That’s the thing—we’re all human and we all have problems eventually. What’s my point?
Unreported IT Problems Can Lead to Bigger Issues Later On
Okay, not just unreported IT problems—any unreported problem could gradually snowball into something bigger, but IT problems can affect your entire organization if left unchecked.
Here’s a perfect example, and it’s actually the reason why I’m writing this blog post:
(I’ve changed the person’s name to protect all those involved)
Mary knows that when she needs IT to help her with her computer, they usually remote in, take over her screen, and check on things or walk her through something. She recognizes the notification that pops up on the screen when this happens.
This is why one morning, she didn’t really question it when someone logged into her computer while she was working. She figured it was IT or an admin doing something. After all, the remote notification only popped up for a few seconds.
It happened two or three times throughout the morning. That notification came up that someone was accessing her PC. After a few seconds, the remote session ended. Mary continued to work, ignoring it.
When Mary returned to her desk after lunch, her computer had a big threatening window.
It read the following:
Your personal files are encrypted!
Many of your important documents are no longer accessible because they have been encrypted. If you want to decrypt your files, you must purchase a decryption code. Payment is accepted in Bitcoin only. Please send $600 worth of Bitcoin to this address:
The window had a clock counting down the seconds with 2 days, 23 hours and 39 minutes remaining.
Ransomware. This is the most common cybersecurity attack these days, because it is extremely effective for the cybercriminal. It’s extremely difficult and often impossible to reverse, unless you have your data backed up properly or fork over the ransom money. Individuals, businesses, and even municipalities are strung up by their feet and shaken down by cybercriminals like this every day.
Ransomware can infect a computer much like any other virus—clicking the wrong link, opening the wrong attachment, or allowing a cybercriminal to have access to your computer are all typical vectors for ransomware.
In Mary’s case, a cybercriminal somehow hijacked the remote access software her company uses. This software wasn’t locked down with multi-factor authentication, and was likely not using strong password best practices. The cybercriminal was able to log into the remote access account, log into Mary’s PC (and possibly others), and waited for Mary to step away from the computer to deploy the ransomware.
This is sort of an unconventional way a hacker would normally access a system, but it was effective.
When reviewing the incident with Mary, she mentioned noticing the remote access notifications. When asked why she didn’t report them, she mentioned she didn’t think much of it. To her, it looked as if her manager was trying to access her computer. Offhandedly, she added the most alarming comment:
“I didn’t want to get IT involved.”
We dissected this with Mary. To be clear, nobody in the room thought she was guilty of anything; she wasn’t in trouble. Fortunately, everything on the workstation was backed up, and the attack was isolated to just one device and didn’t spread throughout the network. However, the risks were still huge—some ransomware can spread throughout an entire organization and knock out every workstation and server. This can put a business out of commission for a few days, and that’s IF the backup is solid.
“I Didn’t Want to Get IT Involved.”
The phrase echoes in my head. If IT was notified of the suspicious login attempts, we would have investigated and potentially stopped the attacker from accessing the system to deploy the ransomware. It would have saved Mary from an unproductive afternoon, and could have potentially saved the business from dealing with a more brutal attack.
Employees have a stigma of dealing with tech support. They don’t want to bother someone, or look bad, or cost their company money. That’s why we establish IT management contracts with businesses—all of that typical day-to-day support is covered so your staff doesn’t need to stress out about needing tech support. This is actually something that Mary’s organization is just starting to transition into, so she and her coworkers have yet to experience the freedom that comes with unlimited helpdesk support. We made sure to make it clear that they can always reach out to our techs if they need any technical assistance at all.
All businesses that rely on computers everyday need this type of service and support. Keeping everything updated and patched is huge, and prevents a massive number of issues, but getting that support you need when you need it keeps your staff productive. Now that we’re handling the IT for Mary’s company, she can pick up the phone and talk to someone when her Microsoft Outlook isn’t working quite right, or she can report an error, and it’s all covered for her. She doesn’t need to get authorization from a manager, who has to get authorization from the boss, or anything that’s going to delay her getting the problem solved.
Give your staff the freedom to get the tech support they need, without the long wait times, robotic telephone prompts, or fear that they are racking up a big bill. On top of that, encourage them to report issues.
If you need help getting control over your IT, we can certainly help—and if you want to start preventing issues before they affect your business, give us a call today at PHONENUMBER.