humility | Mike Falconer

For all the time that I have been managing veterinary hospitals I have also had oversight responsibility for the computers and technological systems (I.T.) employed at those hospitals. Coming from a technical background in the entertainment lighting world, this just seemed to be a natural extension of my existing skill sets – the things that make me good (hopefully) at what I do.

One of the things that I have always been passionate about is data security. I’ve written articles and had them published on the subject. I made sure my hospitals had proper backup procedures, good anti-virus protection, updates ran regularly, and great firewalls. I’d always felt that there is always an element of carelessness, or lack of understanding of the risks, when hearing about those that have fallen foul of hardware failures or ransomware. Nothing in my years of experience did anything to dissuade me from this impression.

Until one of my hospitals was hacked.

The story starts first thing on a Sunday morning when I get a call from the office manager on site saying that they are unable to get their practice management software up and running. I try logging in remotely and get nowhere so I make the five-minute drive to take a look. What meets me on the screen of the server is a message that runs my blood cold and leads to feeling of despair sinking into my stomach.

“Your System has been hacked. All of your data has been encrypted. To release your, data payment must be made via Bitcoin….”

We have backups, we have a replication server, we’ll be fine.

We were not.

The ransomware attack had been possible due to one the connections that we used to allow doctors to write up their medical records from home. In addition, there had been an old user with administrator rights that had somehow been overlooked and led to the hacker being able to access the server. The height of irony was that we were in the process of moving over to a more secure system to allow remote access when this attack took place. If we had been a couple of weeks further along this attack would not have been possible as it unfolded.

Our server was encrypted, our replication server was encrypted, our daily incremental backup drive was encrypted, our weekly full backup drive was encrypted, and several workstations were also encrypted. We had no internet, no practice management software, and so no access to medical records, schedule, email, or files.

Paying was not an option on general principles.

Our last hope was offsite cloud backup.

This backup had been fully protected and within 24 hours we were able to have remote access to this so we could access schedule and records.

We tried for three days to download the massive database onto a drive to allow us to restore the server. After three days of failure, in part cause by file size, an inopportune Windows automatic update, and network / computer stability issues, our cloud backup vendor arranged for a physical drive to be sent to us. Once the drive arrived (at 8PM at night several days later) the instructions were unclear as to how to access what had been sent to us and the cloud backup provider did not have anyone on staff late at night who knew how the drive had been prepared. We finally restored functionality to most of the hospital on the seventh day after the attack.

Lessons learned

Our I.T. vendor had, for the most part, been great. They understood the position we were in and I, in turn, protected them from the owners and staff who were rightly upset and frustrated. I had several moments of frustration myself , particularly when it came to getting a physical drive from the cloud backup vendor which turned into a comedy of errors. But both sides were able to work on the problem and maintain a professional atmosphere. We’ve had a long relationship with our I.T. support vendor and they have been very good to us in turn. They understood our need to go with other suppliers for things such as phone systems and servers but were still being prepared to help support those items and the overall health of our networks. Without that long term relationship, and atmosphere of mutual trust, things could have been very difficult indeed.

We used our barely functioning network to try and download a huge amount of data. We should have done this offsite, at one of our other locations. We should have also immediately requested a physical drive to be sent to us. I offered multiple times to get on plane and courier the drive personally, however, this was turned down but did add to the pressure on the cloud backup company to get their act together.

Try to be calm. After all was said the done the total loss of business for the week that we were unable to either take care of that week or squeeze into the following week was estimated at 4% – well within the normal variation from week to week. Not even close to the amount to bother our insurance company with. Clients will understand. Deal with what you can, improvise, and communicate as much as possible with everyone.

The major lesson that I learned, however, was one of humility. Anything can he hacked. All it takes is time and a willingness to spend that time. There was, in the heat of the moment, a number of times when the blame game reared its head. I made the decision to not allow that from anyone, feeling that if there was any blame it was the wrong time to even talk about it. What I ultimately realized that what is important was not in preventing a hack, but our resilience if the face of that attack. It is not a matter of if, but when. We lost no data – I consider that a great victory. We lost little to no business – I also consider that a victory. We also came out the other side of the ransomware attack with a much stronger awareness and agreement on the importance of cyber security.

Humility is not an excuse, or a reason to not try everything possible to prevent issues. But it helps with the realization that all systems are vulnerable. That the very things that make I.T. systems so great and useful, are also the things that can lead to vulnerabilities.

Humility is directly related to resilience. When bad things happen what is important is that we can recover from them as quickly and easily as possible- not to pretend that there are no bad things or that we are immune to them.

advice trap

When the nice people at MBS Works sent me a copy of The Advice Trap to review, I was intrigued by its premise: That we all have an inner advice monster that gets in the way of us getting better results from the people we manage, coach, or mentor, because we talk too much.

This is me in a nutshell. And while I freely admit it, I find it difficult to do anything about it.

Mr. Bungay Stanier is also the author of The Coaching Habit which I have not read. This is unfortunate, because a failing of the Advice trap is to act as too much of a sequel / advertisement for Mr. Bungay’s other book. But if you can look past this, and its other main issue (see below) there is actually valuable and worthwhile advice for all those who are routinely asked their opinion. This is, of course, the central paradox behind the Advice Trap, it is a book about how giving advice is a trap and a monster, which can only relay this idea by… giving advice. To Mr. Bungay Stanier’s credit he does freely admit and deal with this irony.

A central theme of The Advice Trap is that giving advice is generally more about the person giving the advice and does not actually solve the issue at hand, never mind actually benefit the person who is doing the asking. What the Advice trap does is give the reader tools to help them stop immediately leaping to give their own take on what they have been asked, but to dig deeper, be more curious about the issue, and see if by working with the questioner that a better solution cannot be arrived at. It also makes the point that the best solution may very well not be arrived at by the yourself and how to be prepared for that.

These are powerful and useful tools and ideas. Framing them as “The Advice Monster” is actually close to genius. It also goes deep into why as leaders and managers we often fall back on giving advice when it does not work as well as we think it does, and rarely does anything for our team’s growth.

That managers need to be more empathetic and have humility is not new to anyone who has read a business book in the past twenty years. Where the Advice Trap succeeds is in actually giving practical advice (there’s that paradox again) on how to do that while in the middle of leading a team or coaching an employee.

This brings me to The Advice Trap’s main failing: it is so jargon heavy that it becomes overwhelming at a couple of points, and gets in the way of what the author is trying to achieve. That Mr. Bungay Stanier has created a useful toolbox is not in doubt, but that tool box can be very difficult to open and to remember which tool to use when is a problem.

This is a book to take ideas from and to adapt and use them for your work environment. Which indeed seems to be how the book was written in the first place given the references to other works. The Advice Trap is a good book for both new and experienced managers, because we are human and we all fall into the same trap – The Advice Trap. It makes for uncomfortable reading in places; its never nice to see one’s unconscious motivations laid bare, but The Advice Trap is important because business books so rarely challenge our own assumptions about ourselves.

This is a challenging book on multiple levels, but that should not let that stop you using it to tame your advice monster. Those monsters need taming and the Advice Trap has the tools to help.

Book Review: The Advice Trap by Michael Bungay Stanier

Follow me on Twitter!

Copyright Notice

Subscribe to Blog via Email

On the Web