Apr 10, 2025
.jpg)
One of the largest IT outages ever happened on July 19. A now-infamous CrowdStrike update caused chaos across the globe as 8.5 million business computers that had updated their software suddenly saw the so-called blue screen of death. While some businesses recovered quickly and were able to resume operations, others were not so lucky.
You may know the background: CrowdStrike provides cybersecurity services to Windows-based computer systems. The incident occurred when the company issued a flawed update to its CrowdStrike Falcon Sensor platform. How did that happen? There seems to have been a logic error that caused the application to fail. Such consequences of flawed control processes are not unheard of but are usually not so dramatic.
The event provides businesses with a reminder to reassess their cybersecurity protocols. Companies should review the following as they seek to improve their protocols and procedures:
1. Reassess automatic updates. Automatic updates are intended to ensure security updates are installed quickly and easily. End users rely on vendors to test those updates before they are launched automatically to be sure they are safe. But the CrowdStrike failure raises the question of whether it would be better to have the company's IT department test all updates and patches on a test server and then manually install the updates at the company level.
2. Revisit cloud strategy. As we have seen, relying on a single cloud provider — whether CrowdStrike, Microsoft Azure, AWS or Google — can result in far-reaching problems. This may be the time to consider switching to a different approach, such as a hybrid cloud environment in which public clouds, such as those mentioned above, are combined with private clouds, either hosted by the company itself or a third-party provider.
3. Vet vendors. In a world with bad actors and deep fakes, cybersecurity is increasingly important. Consequently, due diligence with a software vendor should be expanded to include questions concerning how updates are tested, verified and rolled out; how data privacy protocols are maintained; and what disaster recovery systems are offered.
4. Create backup communication systems. The CrowdStrike failure disrupted Delta airlines for five days in part because the company could not communicate with its flight crews. This highlights the necessity of having backup communication systems. Companies need to be able to reach employees in the event of a company-wide tech disruption.
5. Ensure applicable disaster recovery and business continuity plans. Companies should assess their cybersecurity-related disaster recovery and business continuity plans. Part of this endeavor should include reviewing whether it is possible to roll back to previous working versions of critical software, which can decrease any downtime.
It is critical to remember that when a cybersecurity breach happens, bad actors are ready to take advantage of businesses harmed by the event. Never respond to phone calls or emails supposedly from the vendor whose software went down. Instead, reach out through official channels to verify the communication's authenticity.
The CrowdStrike event was significant, widespread and disruptive to many businesses. Companies need to look at it as an example of what can happen if a company is not prepared for an IT disruption.
©2025
Jul 31, 2025
Employers conduct exit interviews with departing employees during the final days of offboarding. If done right, these interviews can be a source of valuable information to help the company improve.
Jul 30, 2025
One of the most important ways for an employee to feel valued by their company is to receive a salary increase. This also helps with retention! Read through for ideas on deciding how much of a salary increase should be awarded to your employees.
Jul 29, 2025
Business owners lose about $50 million a year to employee theft and fraud, according to the U.S. Chamber of Commerce. Read through for a glimpse at some of the many ways employees could be stealing from you.
Jul 28, 2025
The recently passed law has a lot of complex provisions, which have led to a lot of misinformation! Fortunately, the IRS has just published a guide to many of the new rules. Read through to read about them, so you can discuss them with your tax advisor.
Jul 03, 2025
When you provide workers with additional benefits on top of their regular pay, some may be taxable. As the rules can get complicated, it pays to familiarize yourself with the requirements. Read through for an overview of which benefits are taxable.
Jul 02, 2025
Disputes over unpaid work time often arise from tasks performed outside official hours — for example, answering emails, traveling between jobsites or changing into work clothes. Employers must understand when these activities count as compensable work. Read through to learn how exempt and nonexempt statuses affect wage obligations.
More News & Press can be found in our Archive.
