How to unlock the root cause of computer incidents

Whether your computer is attacked or you run into a technical difficulty, the usual methods are to be reactive in these circumstances. However, we can no longer afford to do that as hackers are becoming more sophisticated and people are understanding the costs behind reacting to every technological problem.

A proactive approach is more appropriate and there is one method that can come in handy in the coming years: root cause analysis (RCA). Below are some key steps to using RCA that will you and your business.

Why Use Root Cause Analysis

If companies are to have better protection against cyberattacks or other computer incidents, a response plan should be the first priority. These plans serve two major functions:

  • First is that it’s proactive enough to bring back business functions as quickly as possible.
  • And the second is that you’ll be able to analyze what happened and ensure the same mistakes don’t happen again.

While the best laid plans cannot guarantee the ultimate objective – preventing a reoccurring incident in it’s entirety – these plans can ensure that a repeat incident won’t happen in the exact same steps next time.

The reason for that is the second step is what RCA is at its core. The goal is to be able to analyze the root causes of these problems and is not an overly complex method. It’s a very useful tool for any organization since it doesn’t require an elaborate or expensive training to master this.

Furthermore it can save your business ample amount of time and money while keeping customer trust high.

Even if you’ve solved the original problem and started your business functions again, it’s still worth it to use this analysis as well. When you don’t identify the root cause or address it properly, you still leave yourself exposed and vulnerable for the same kind of attack.

Another way to look at this is that root cause analysis is like treating an illness. If you’re looking at the symptoms and treating based on that, you’re still at risk of getting the same symptoms again.

Proactive would be looking at what causes the symptoms to emerge in the first place and take measures to handle it.

How To Use Root Cause Analysis

RCA can be broken down into five steps, though it’s more like employing the “Five Whys” method. This method is a very powerful tool for problem-solving. This process will be able to divide between the symptoms of the problem and the actual causes.

In practice, it’s asking the question “Why?” five times with each iteration expanding on the answer given to the previous question.

For example, say that the oil for a machine is low. On the surface it’s a simple fix: fill up the machine with more oil. The problem with that is that it’s reactive and it’s only curing the symptoms.

Using RCA, you’d be asking “Why?” five times. The structure would look like this:

  • Why is this happening? The oil is low.
  • Why is the oil low? The oil level drops even after filling it up?
  • Why is the oil level dropping even after it’s filled? ….

The process continues on until you find the root cause. In this example, perhaps the root cause is a loose oil filter which if not fixed could lead to more oil leaking out and long-term loss of oil.

Applying this to computer incidents is along those same lanes. For demonstration, let’s say as a support department representative, you can’t access a browser-based application that lets you service your customers.

A reactive approach would be calling up tech support for that application or at your own business and state the problem. They’d then reload the browser – chalking up the incident as a browser compatibility issue.

A proactive approach would be analyzing the incident like this:

Why did the application stop working?

The browser that’s installed on the desktop computers involved didn’t have the proper extensions needed for the application to work properly.

Why was the browser changed?

There was a recent system software update that occurred over the weekend. It was scheduled to change.

Why didn’t the browser have the extensions it needed?

A technician was involved to perform the update. They clearly went with a standard update from the site of the manufacturer rather than using our own modified and tested update.

Why did the technician put in the wrong update?

We failed to inform him that we use custom updates when installing software.

Why wasn’t the technician aware of this?

The practice and the process itself has never been formally documented or discussed with any of the technicians.

What Is the best course of action?

Formally documenting the entire process, informing the staff of the changes and training new employees of these facts to prevent future issues.

A Simple Process

A lot of other real world scenarios play out in a similar fashion. When you are looking for root causes, it usually points to a failed control process or simply a gap in the skillset of the staff. These minor issues can cause a series of issues.

Going back to that scenario above, imagine several staff members calling technical support every time in order to do their work. This can lead to longer waiting times for customers with their own problems and can lead to people thinking your company delivers poor customer service.

But as that analysis points out, when you do a proper analysis and drill down to the finer details, you can address the root causes and ensure those issues never happen again.

Addressing the symptoms is the easy way out of course, but sooner or later you’ll spend more time and money covering the symptoms rather than handling the root causes.


Mtek Digital Managed Business Service

Mtek Digital provides help with virtually any business technology requirement. From IT services to Web and Video Marketing, we’re capable of servicing the tech industry throughout Canada. Contact us today.