It is very common for companies to have computers with operating systems and software that are not in the latest available versions, even in versions that no longer have official support for a long time. In these cases, you must have a well-established update plan with the steps to follow, times, contingency plans, and other actions.
In this blog article, we will see this topic with a real case of a company that had problems updating one of its servers.
The story that we will tell today takes place in a small family business dedicated to expertise and auditing. Their offices have two critical systems: a NAS ( Network Attached Storage ) storage system and a database. These two services, before this incident, had outdated versions, as they had long ignored updates and security patches.
The company used them to store reports, sensitive customer and company data, expert reports, and personal files. In this way, the staff could work more agile since they could share files more quickly and even, allowing them to telework more easily.
A father, his two sons, and two others worked in the company. Being such a small company, they did not have a specialized team. The eldest son was in charge of the simpler computer functions since he considered that he “was good at it.”
However, his cybersecurity knowledge was not enough, and, consulting with a computer friend, he warned him about the dangers of not updating the systems. So without knowing much more and without having the help of an expert, he launched himself to update the database and the NAS server.
It was decided to carry out this update on a Monday, first the NAS, accessing its panel on the network, and then the database, making a jump of more than two versions in each of the two services. Despite being considered a very large version jump, he went ahead with the update without thoroughly ensuring that this update did not modify the saved data.
When starting the upgrade process of the NAS server, an error occurred mid-upgrade, corrupting the operating system. What could have happened? In his ignorance, the person responsible had downloaded the operating system version from an unreliable source instead of the official one, a practice associated with numerous risks.
To make the NAS server operational, the operating system had to be reinstalled again, with its correct configuration and the latest version. This action lasted several work days. During that time, the employees had to work with files on their local computers without being able to access the files on the NAS, many of them essential. This was a waste of time and required more effort, which would have been saved if planning had been done correctly.
Subsequently, the database was updated using a procedure similar to the NAS. The problem arose when the update was finished since much of the data had problems with the format and special characters, such as the “ñ” or the tildes.
This caused a blockage of the database, which prevented its correct operation, generating a significant delay in the generation of reports and the correct treatment of the data. The blocking of the database and the possible loss of information set off alarm bells.
It was necessary to develop a specific program to recover these data and modify them to be correct. During this process, the database and the corresponding application were partially inoperative, hindering the normal workflow.
These problems and delays could have been avoided with proper planning and support teams. In addition, after an incident like this, it is convenient to check the impact of updating equipment, especially those considered critical for business continuity.
For this, it is necessary to develop a step-by-step plan for the update, consult the technical manuals, apply updates at off-peak times to minimize business impact and download exclusively from official sources.
In situations like this, we can see that having a Contingency and Business Continuity Plan in our company is also essential in case an update fails and alleviates the consequences of any other event that endangers the continuity of our business.