Many of you know that a month or so ago, we were attacked by a sophisticated, complex virus that affected all QCloud customers. This is the first time in 7 years that a virus has successfully penetrated our QCloud environment.
We learned some important things during this difficult experience that are applicable to all QFloors customers, not just those on QCloud. I feel it is imperative to share some universal takeaways with all of you.
-
RDP Connections could be at risk. Apparently the virus we contracted exploited a weakness in Microsoft’s RDP protocol that is used to connect with Microsoft terminal servers. Anyone using a terminal server should make sure they have the latest security patches in place.
It appears that Microsoft knew about these vulnerabilities a while ago and unfortunately did not fully divulge the weakness to the IT world. They have released a security patch within the past month or so to better protect against this RDP vulnerability. Make sure that your system has been updated. If you are on QCloud, we are taking care of that for you.
The same virus that infected us through our RDP port took down some very large international companies in the same manner. As a side note, because of Microsoft’s lapse in communicating the threat, there has been some talk about a class action suit against them.
-
Secondly, nobody is completely immune from a virus, no matter how secure you think you are. Back in 2015, research showed that 1 million new malware threats were released every day, and the numbers have dramatically increased since then. Another study shows businesses are attacked every 40 seconds.
Whether you are on QCloud or a local system, if you are connected to the internet, that’s the reality. Cyberspace is filled with very smart, devious criminals, relentlessly working to hack and attack each and every computer. No one can honestly promise that you have complete protection against a computer virus, any more than they can guarantee that no one will ever try to break into your home, business, or car. Again, it’s a sad reality of today’s world.
However, you can do everything in your power to protect yourself. While you cannot eradicate viruses (or the criminals who create them), you can take every possible measure to protect yourself from being victimized. Just as you can guard against being robbed by locking doors, not leaving valuables in plain sight, and putting in a good security system, you can be proactive in guarding against viruses and malware.
Here’s a sobering scenario. What if you have a disgruntled employee who wants to do damage to your business, and who has a buddy that knows something about viruses? That’s an extreme case, but it illustrates the point that nobody can say they are 100% protected. You just have to make it as difficult as possible for it to happen. And you need to have a good recovery system if (heaven forbid) it does happen.
-
Which brings us to how essential backups are. One positive thing we did learn through the virus attack is that the backup procedures we’d put in place previous to this incident worked. Although QCloud customers went down, we were fortunately able to restore everything with no data loss. So consider this an important reminder for all of you who are not on QCloud to make sure your backups are in place and working. Ron Cluff gives some great How To suggestions about this in his article in this newsletter. Whether you are hit with a virus, a natural disaster, fire, theft, or failure, your backup system will save you. It is so important in today’s world to have this in place. This was powerfully cemented in our mind as we recovered from the virus attack.
-
The fourth takeaway lesson is that everyone should have emergency workarounds in place so that you can carry on business during technology outages. Many of our QCloud customers were able to do this. Obviously, it tends to be much easier for smaller stores. Generally speaking, the larger the store, the more painful it is to find ways to continue business as normal during these difficult situations.
So it’s good emergency preparedness planning to set some backup procedures in place today. You have to consider how you would do simple things without QFloors such as:
- You must be able to write up a sales order. (You should probably have some backup manual sales order processes and sales tickets.)
- You must be able to take a credit card payment if your power, internet, or technology goes down. This could include running credit cards from another location.
- You need to know what your installation schedule is. If your labor installation schedule is only within QFloors, you may want to consider keeping a copy somewhere else.
We realize these emergency workarounds will not be as efficient as using QFloors. It will likely require both extra hours and extra work. But if you have these manual backup systems in place, you can weather the storms (literally and figuratively) that come, without it significantly hurting your business. You will not be as helpless when these difficulties strike.
Transparency is an important part of who we are as a company. We have tried to be completely open about what happened and why throughout this experience – just as we have throughout our company’s history. Bringing the virus up again, after the fact, is not intended to beat a dead horse, but to share these important cautions with our entire customer base.
Although this virus was a painful experience for us and most particularly for our QCloud clients, we feel like if we can all take the opportunity to learn from this, to be better protected and prepared, perhaps the pain will not all be in vain.