Common Failure Scenarios We See

The Pattern of Preventable Failures

Over the past decade of supporting businesses, we've noticed something interesting: the same handful of IT failures keep appearing. These aren't exotic edge cases or zero-day exploits. They're mundane, preventable issues that organizations continue to encounter because they don't realize how common they are.

1. The Single Point of Failure Server

This is perhaps the most common scenario we encounter. A business has a single physical server running everything: file shares, accounting software, email (if not on Microsoft 365), and sometimes even their line-of-business application.

When that server fails—and it will fail—everything stops. We've seen:

• Hard drive failures taking down entire businesses for 2-3 days
• Power supply failures during critical month-end processing
• Ransomware encrypting the only copy of company data

The fix: Proper backup validation (testing restores monthly), consideration of cloud alternatives for critical services, and basic redundancy for mission-critical systems. This doesn't require enterprise budgets—just planning.

2. The "We Have Backups" Myth

We regularly encounter businesses who believe they have working backups because their backup software shows green checkmarks. Then disaster strikes and they discover:

• The backup hasn't actually run in 6 months (monitoring alerts were being ignored)
• The backup completes but the data is corrupted and can't be restored
• The backup exists but nobody knows the restore procedure under pressure
• The backup worked but didn't include the database that changed daily

The fix: Regular test restores. Not quarterly "let's check the backup software is running" but actual file and system restores to verify the process works. If you haven't restored it, you don't have a backup.

3. The Password Spreadsheet

Despite years of awareness campaigns, we still regularly discover critical business passwords stored in Excel spreadsheets shared via email or network drives. Sometimes with helpful filenames like "Passwords.xlsx".

This creates multiple problems:

• Anyone with network access can see admin credentials
• Passwords never get changed because updating the spreadsheet is tedious
• When someone leaves, nobody knows which passwords they had access to
• The spreadsheet itself becomes a ransomware target

The fix: Even a basic password manager (1Password, Bitwarden, or similar) is exponentially better than a spreadsheet. Costs less than £5/user/month and can be deployed in an afternoon.

4. The Forgotten Firewall

We encounter this scenario frequently during initial assessments: a business has a firewall that was installed 5-8 years ago and hasn't been touched since. The original IT person who configured it has long since moved on.

Common issues:

• Firmware hasn't been updated in years, missing critical security patches
• Port forwards that were "temporary" are still active
• Nobody has admin access anymore (passwords lost)
• Rules have accumulated to the point where nobody understands what they do

The fix: Document your network. Schedule quarterly firewall reviews. Budget for replacement before end-of-life. These aren't exciting tasks, but they prevent catastrophic failures.

5. Microsoft 365 Without MFA

In 2025, we still encounter businesses running Microsoft 365 without multi-factor authentication enabled. This is essentially leaving your front door unlocked in a high-crime area.

The typical scenario:

1. Employee uses same password for Microsoft 365 as other websites
2. One of those websites gets breached, passwords leaked
3. Attacker tries leaked credentials against Microsoft 365
4. Access granted—no second factor required
5. Attacker sets up forwarding rules, downloads emails, pivots to other systems

The fix: Enable MFA for all users. Microsoft provides this free with all M365 subscriptions. The productivity impact is minimal (users authenticate once per device) but the security improvement is massive.

6. The Cloud Migration That Wasn't

A business migrates to Microsoft 365 or other cloud services but keeps running critical systems on-premise "temporarily." Years later, that temporary setup is still in place, creating a complex hybrid environment nobody fully understands.

This leads to:

• Files scattered across cloud and local storage with no clear authority
• Backup strategies that cover some systems but not others
• Confusion about where data lives and who can access it
• Higher costs (paying for cloud AND maintaining on-premise infrastructure)

The fix: Commit to the migration properly or don't migrate at all. Hybrid environments can work, but they need proper planning, documentation, and ongoing management. "Temporary" in IT is often permanent.

Common Threads

Looking at these scenarios, several patterns emerge:

• Documentation matters: Most failures are compounded by nobody remembering how things were set up
• Testing matters: Backups, disaster recovery, password resets—if you haven't tested it, it doesn't work
• Assumptions are dangerous: "We have backups" or "our firewall is fine" are statements that need verification
• Technical debt accumulates: That "temporary" solution from 2018 is now a critical dependency

The Good News

None of these failures require enormous budgets or exotic expertise to prevent. They require:

• Regular attention (quarterly reviews beat annual fire drills)
• Basic documentation (even a shared OneNote is better than tribal knowledge)
• Testing procedures (monthly backup tests, annual DR simulations)
• Proper handovers when IT people change roles

The businesses that avoid these failures aren't necessarily the ones with the biggest IT budgets. They're the ones who treat IT infrastructure as a business asset that requires ongoing maintenance, not a one-time installation that should "just work."