27 August 2024

Lessons Following the CrowdStrike Incident

Woman looking at her laptop, feeling frustrated

When the CrowdStrike fiasco took down millions of computers globally, there was a collective shift to how we approach cybersecurity, and our reliance on these systems.

The global disruption following the CrowdStrike outage serves as a stark reminder that even the most sophisticated cybersecurity organisations are not immune to IT risks. The lesson is clear: proactive risk management is essential to safeguard your business.

New Policies at Shropshire Computers

At Shropshire Computers we have a proactive approach to IT, which is why we’ve been implementing new processes and looking at ways to reduce risks and provide the best service.

We have begun rolling out a software from a company called NinjaOne (NinjaRMM) which is widely used by IT companies and it has impressed us. We can customise how it is implemented within our clients’ businesses.

For example, we have setup a script which secures the local administrators on the desktops and laptops by disabling local admins that were created manually at some point but who are no longer relevant.

The script creates a Shropshire Computers local admin and a customer specific local admin account. This means users can’t install software or run something without having to enter the local admin details, which is a safety precaution and best practice. If you were to do cyber essentials, it is a requirement.

Shropshire Computers now recommends its use to all our customers, and we view it as important as antivirus software.

Modern cybersecurity policies are all about not trusting any new software or processes, and verifying them first. This is in contrast to the old way of working where it is assumed everything within a company’s network is safe – the problem with that is that our networks now cover people working from home and data stored in the Cloud, so the parameters are much wider, creating more vulnerabilities.

We’ve also introduced a new policy to prompt users to restart their computers once a week if Windows updates, Microsoft Office, or Google Chrome require it.

Following recommendations, we have also delayed feature and lower security updates that aren’t critical to give Microsoft a chance to iron out any problems. That ensures they are stable before they are applied. Critical security updates will still be applied as normal.

The CrowdStrike outage was caused by a security software company not properly testing their software before pushing it out. Once it had happened the only way to get Windows to load again was to go into safe mode and carry out a manual process of removing files.

At this point there was no remote access to get into safe mode, and it’s difficult to access safe mode. We have enabled the F8 menu to display for 5 seconds before Windows starts as normal, which allows quick access into safe if anything like this happens to our clients.

There will be lots more we can do with this in the future but having better visibility and to automate some of the fixes helps us to provide better support and be aware of an issue so we can fix it.

Our comprehensive cybersecurity plan includes regular security assessments to identify vulnerabilities, implementing threat detection tools, providing employee training, and incident response protocols. By being proactive rather than reactive, businesses can significantly reduce the likelihood of a cyberattack.

Data backup and recovery plans are another essential component of a robust risk mitigation strategy. In the event of a cyberattack or data breach, having a reliable backup system in place can mean the difference between a minor inconvenience and a catastrophic loss.

By partnering with a reputable IT service provider, businesses can access the expertise and tools needed to protect their systems and data.

The CrowdStrike incident highlights the reality that no business is entirely immune to IT risks, but by taking a proactive approach to cybersecurity, businesses can significantly reduce their exposure and protect their operations from potentially devastating incidents.

If you’d like to find out more about our services, get in touch with the team today.

Subscribe to email news

Get occasional news, tips and tricks from us. We won’t use your email address for any other purpose.

More blog posts