What Business Owners Can Learn from the CrowdStrike Outage

On Friday, July 19th, a severe outage affecting Microsoft’s operating system shut down large sectors globally. Travel, healthcare, and emergency services were hit especially hard and, while the core issue has been resolved, the consequences of this outage are still being realized. Let’s go over what small business owners can learn.

The CrowdStrike outage

Despite the immediate and widespread effects of the outage being well known, many people don’t fully understand what system failed to cause the dreaded Blue Screen Of Death (BSOD). The outage was not caused by an issue with Microsoft’s software, but rather with third-party company CrowdStrike, which Microsoft partners with to handle their cybersecurity needs. The primary cause was a failure in CrowdStrike’s antivirus software, called Falcon.

Why cybersecurity matters

It can’t be understated just how important cybersecurity is in the digital age. Protecting sensitive data, ensuring smooth operation, and even maintaining national security are all dependent on solid cybersecurity strategies.

For small business owners, thorough and thoughtful cybersecurity protocols keep you safe from:

• scams and other cybercrimes which can financially cripple small businesses
• clients’ sensitive data ending up in the hands of online data brokers
• malware, ransomware and viruses which can be very costly to repair and recover from, along with halting production and interrupting sales

While Microsoft and Crowdstrike had a very robust approach to their security measures, the scope of the ordeal the world faced is due in large part to high dependency on CrowdStrike’s service. Being a company with a very unique set of capabilities and products, many leaders in the tech space have partnered with CrowdStrike in the same way Microsoft has. This makes sense, as CrowdStrike are considered the best of breed when it comes to digital safety. This dependency means, however, that when problems happen, they are amplified greatly.

Best IT practices during global outages

In the case of the outage caused by the Falcon software failing, there was, unfortunately, not much in the way of preventative measures that could have been implemented by the average business or website owner. Being such a reputable company, CrowdStrike is trusted by many of the largest companies in the technology space, leading to the effect of it’s crash being felt far and wide.

There are, however, some best practices and lessons to learn from the global outage.

Keep regular, local backups

One of the timeless laws of IT is the rule of a backup. You should store backups of the following items on local storage (like an external hard drive):

• Backups of your website
• Crucial digital files your company depends on
• A full copy of all your computer’s files

Regularly updating these backups can provide insurance and a means of preventing most lost data in the event your operating system fails, like in the case of the CrowdStrike outage. While most didn’t experience much data loss because of this event, the possibility was very real, especially for older systems.

Utilize SSL Certificates

SSL (Secure Sockets Layer) is an internet security protocol that encrypts data sent from your website, ensuring sensitive information remains secure. Simply put, it masks the data or information you send from your website so that those trying to steal your personal and private information won’t actually have access to any sensitive data. Developed in the mid-90s and trusted for decades, SSL security should be a staple if your company has any active presence on the internet.

Northwest does the most when it comes to our clients’ safety. With Privacy by Default® being the backbone of our operation, and safety options like SSL security offered with our web hosting and email hosting services, we’ve got the tools to empower you from formation to function.

Vet who you work with

Consider choosing vendors that meet your needs and quality standards, but tread a different path than most. Like we mentioned previously, the scope of the outcome from Falcon’s failure is the widespread implementation of CrowdStrike’s software, as it’s considered the best for cybersecurity. Before committing to a relationship with a particular company or system to provide a service your business needs, make sure they aren’t partnering with other third parties which could create additional vulnerability.

Remain vigilant in the wake of disaster

While most Microsoft users are busy reeling from the fallout of this outage, there are those who would seek to capitalize on the drama. Scammers will likely be on the prowl, impersonating representatives from CrowdStrike and Microsoft in an attempt to steal sensitive data from users like you.

Be wary of these common scams following the CrowdStrike Outage:

• Email phishing scams from seemingly legitimate email addresses associated to Microsoft or CrowdStrike asking for account information.
• Scam phone calls from individuals claiming to represent CrowdStrike or Microsoft, promising solutions or reparations if you’d only share your banking details.
• Online advertisements or posts on forums linking to downloadable files that promise to fix the outage. We promise, you won’t find a fix deployed by CrowdStrike on a sketchy subreddit.

Ensure you, as well as your employees, have guards up and eyes open for these kinds of traps. Don’t give out sensitive information to anyone claiming to be a representative from either Microsoft or Crowdstrike, even if pressured by them or threatened with extended downtime if you don’t comply. The best practice here is to remain vigilant in the wake of disaster, and don’t let your company fall victim to a double-whammy of downtime and data theft.

What Northwest does different

As a company run proudly on a build it, don’t buy it mentality, we’ve been doing things differently for a while. While no one person or company can control all possible variables, a core company tenet has been eliminating reliance on third parties as often as possible since Northwest came to be.

With servers and data storage all being maintained in-house, we go the extra mile to keep things private and secure. This requires more hands-on effort than outsourcing these systems, but we feel safer knowing the services we provide our clients are not dependent on anyone but us.