By NEIL HARTNELL
Tribune Business Editor
Bahamian businesses and information technology (IT) providers yesterday branded Friday’s global meltdown “a wake-up call” in exposing this nation’s vulnerability to events over which it has no control.
Debra Symonette, Super Value’s president, told Tribune Business that the impact from CrowdStrike’s faulty cyber security upgrade knocking all its clients’ Microsoft Windows’ systems offline could have been much worse for the supermarket chain, other businesses and the wider Bahamian economy. The only difficulties encountered were in processing card transactions for the customers of one bank she declined to name.
“Fortunately, by the time we got around to it, it was only that particular bank,” Ms Symonette said. “All the other banks seemed to be straightened out. I understand that it was all around. Our point-of-sale (POS) was up but the credit and debit card machine was the thing we had problems with. It was just one bank.
“I felt sorry for all the people at the airport. They had a hard time. That tells you what could possibly have happened. I think you always have to have a back-up plan because if something like this happens on a major scale we cannot close the doors completely. At least we wouldn’t want to. We’d have to process manually even if it means writing customers up manually and putting them in the system later.
“We cannot stop business completely.” Ms Symonette added that credit and debit cards are the “most popular form of payment” behind cash, with the latter accounting for 50 percent of transactions and the cards around 40 percent.
“Definitely it’s a wake-up call,” the Super Value chief said. “It’s not until it happens that you think you have to do something about it. Everything is now back to normal. Everybody was able to work with us and find some other way to pay.”
Mark S Turnquest, the 242 Small Business Association and Resource Centre’s (SBARC) founder, told Tribune Business that several of his members and clients reported losing sales because credit and debit card transactions could not be processed although the actual amounts are unknown.
“All the card machines were down. It was very rough,” he said. “They lost some sales because of that. There was nothing they could do. People couldn’t pay by card and had to leave. A lot of people came in and said they wanted to pay by credit and debut car but it couldn’t be done. People couldn’t do anything. They lost sales, one or two of them, who said it was disruptive.”
Vasco Bastian, the Bahamas Petroleum Retailers Association’s vice-president, told Tribune Business that the outage had a minor impact on his gas station where some customers had to be “turned away” because Royal Bank of Canada’s (RBC) platform was down.
“It’s just part of business. You have to take the good with the bad,” Mr Bastian said. “The whole world is embracing technology and this is just one of the glitches in the global advance of technology. The guys in technology will figure this out, correct it and resolve it. Embrace technology or get left behind. If you’re going to survive in this world you have to embrace technology. You have to take the good with the bad.”
Keith Roye II, Plato Alpha Design’s chief operating officer, told Tribune Business: “I think most definitely it’s a great wake-up cal not only for businesses globally but businesses in The Bahamas. I believe companies, first of all, need to look at the level of access and level of control vendors have, and what is done in terms of giving persons access to their systems.”
Calling for companies to maintain a “zero trust” stance when it comes to access to their data and systems, he added that the private sector may also need to consider outsourcing IT functions if they lack the necessary in-house expertise and resources.
“It is always important, and gets even more important as your company grows and you start to service more and more customers,” Mr Roye said. “When a company starts out, you may not have the resources to hire an internal IT team.
“But as time goes on and your revenue increases, company heads must put serious thought into hiring full time competent IT staff. It is also prudent to know where your team is strong and where you may have to continue outsourcing to external service providers.
“Data security is very important,” he added “Not only that but data ownership and system control. By doing this you then limit the damage an issue like this would cause. You wouldn’t allow auto updates to all of your systems, like what happened to many companies in this case, even if they are a trusted vendor without first persons on your internal staff reviewing and verifying the update.”
Duran Humes, Plato Alpha Design’s chief executive, added: “I look at it from the perspective of how fragile the world is due to our reliance on technology. All it took was one company making a mistake that caused a lot of havoc. All companies must reassess the level of access and control their vendors have to their internal systems, especially vendors that have software with access to multiple systems.
“Ideally, what comes out of this is a better understanding of what’s called zero trust in the cyber security world where you, by default, do not trust anyone inside or outside of your company without some sort of verification first.
“This highlights the importance of having a rock-solid testing and release plan that has multiple people involved with verification, so whatever the update is doesn’t damage mission critical systems,” Mr Humes added. “Along with that, having and thinking through failover systems or processes is important.
“What happens if my credit/debit card machine goes down? What happens when my staff are unable to access our point-of-sale or customer information system? These are critical things to think about and if you don’t have a continuity plan in place your business will suffer loses in situations like this.
“Having processes in place in the event something happens with your mission critical software could determine if you lose two percent of your revenue or up to 20 percent of your overall annual revenue due to a single incident like this.”
Comments
Use the comment form below to begin a discussion about this content.
Sign in to comment
OpenID