Blog

Blog Posts

A collection of articles and insights on AI, machine learning, and data science. Explore our latest blog posts to stay updated on industry trends, best practices, and innovative solutions.

Henry Mohn

Henry Mohn

Owner, Reboot Technology LLC

19 Jun, 2026

When Things Go Wrong: The Importance of a Backup and Recovery Plan

No IT system is immune to failure. Hardware ages, software updates introduce unexpected bugs, and configurations can drift in ways that cause problems that aren't immediately obvious. What separates a minor inconvenience from a serious business disruption is almost always the same thing: having a recovery plan in place before something goes wrong. A recent incident at a client site illustrated this perfectly. What Happened A monitoring alert came in indicating that a client's primary network router had gone offline. On the surface, that sounds alarming. In reality, the customer's site was still fully operational — traffic was flowing, employees could work, and internet access was uninterrupted. The problem was more subtle than a full outage. The management layer of the router — the software that allows IT staff to configure, monitor, and maintain the device — had stopped responding. The network itself was healthy, but the ability to manage and make changes to it was gone.A system that appears broken isn't always broken in the way you think. Diagnosis before action is critical.After working through standard troubleshooting steps without success, the resolution turned out to be straightforward: rolling back the network management application to a previously known good version restored full management access. The underlying infrastructure had never failed at all. Why This Matters for Every Business This scenario highlights something that businesses often overlook when thinking about backups and recovery. Most people think of backup and recovery in terms of files and data — making sure important documents aren't lost if a hard drive fails. That is absolutely important, but recovery planning goes much further than file backups. Recovery planning means having the ability to restore systems, software, and configurations to a known working state when something goes wrong. It means being able to answer the question: if this breaks today, how do we get back to working? For managed network infrastructure, that includes:Keeping records of software and firmware versions that are known to be stable Maintaining configuration backups so devices can be restored or replaced quickly Understanding which version to roll back to if an update causes problems Having documented procedures so that recovery steps are clear and repeatableWithout those things in place, a situation like this could have taken far longer to resolve — or required a complete device reset that would have caused a real, significant outage. The Cost of Not Having a Plan When businesses don't have recovery procedures documented, troubleshooting becomes improvised and slower. Staff spend time figuring out what version something was on before an update, searching for configuration exports that may not exist, or waiting on vendor support for answers that should already be at hand. That time has a real cost. Even a few hours of reduced management visibility or degraded capability can create risk — if something else had gone wrong on the network during that window, the ability to respond quickly would have been compromised. A recovery plan compresses that window dramatically. What a Good Recovery Plan Looks Like Every business is different, but the core elements of a solid IT recovery plan follow a common pattern. Know What You Have The foundation of any recovery plan is an accurate inventory. You cannot recover what you don't know exists. That means documenting hardware, software versions, firmware, and configurations for the systems your business depends on. This doesn't have to be complicated. A simple, maintained record of "what version is running on what device" is often enough to make recovery significantly faster when something breaks. Keep Configuration Backups For network equipment, servers, and other infrastructure, configuration backups are as important as data backups. If a device fails or needs to be replaced, having a current configuration export means restoration takes minutes instead of hours. Many modern network management platforms support automated configuration backups on a schedule. If yours doesn't, that's worth addressing. Test Your Ability to Recover A backup that has never been tested is a backup you can't fully trust. Recovery procedures that have never been practiced take longer and introduce more risk when they're needed under pressure. Periodically verifying that backups are complete and that recovery steps actually work is a basic but often skipped part of maintaining a resilient environment. Document the Steps When something breaks, the people resolving it may not be the same people who set it up. Written runbooks — even simple ones — ensure that recovery steps are followed consistently and that institutional knowledge isn't locked in one person's head. Maintain Rollback Capability Software updates are one of the most common causes of unexpected behavior in otherwise stable systems. Vendors release updates with good intentions, but bugs and compatibility issues happen. Wherever possible, maintain the ability to roll back software or firmware to a previous version. This may mean keeping copies of prior installers, understanding your platform's rollback features, or staging updates in test environments before pushing them to production systems. Final Thoughts The incident at this client site ended well. Business operations were never interrupted, the management issue was identified and resolved quickly, and the customer experienced minimal disruption. That outcome wasn't luck — it was the result of having the right tools, the right information, and the right procedures available when they were needed. Recovery planning isn't just for enterprises with large IT budgets. Small and mid-sized businesses depend on their technology just as much, and the impact of extended downtime can be even more severe without the resources to absorb it. If your business doesn't have documented recovery procedures, configuration backups, or a clear plan for what happens when a critical system fails, now is the right time to build one. Reboot Technology helps businesses in the greater Milwaukee area assess and strengthen their IT resilience. Whether you're starting from scratch or looking to improve what you already have, we can help you build a recovery strategy that fits your environment and your needs.

Henry Mohn

Henry Mohn

Owner, Reboot Technology LLC

19 Jun, 2026

When MFA Isn’t Enough: A Real-World Phishing Attack Breakdown

Phishing attacks continue to evolve, and unfortunately many businesses still assume that enabling Multi-Factor Authentication (MFA) alone is enough to fully protect user accounts. A recent incident involving a fake voicemail notification demonstrates how sophisticated these attacks have become and why user awareness remains one of the most important layers of security. In this case, a client received an email claiming they had a voicemail message waiting to be downloaded. The email appeared legitimate enough to avoid immediate suspicion and even bypassed Microsoft's built-in phishing filtering protections in Microsoft 365. The user clicked the link provided in the email and was taken to a fake login page designed to imitate a trusted Microsoft sign-in experience. How the Attack Worked The phishing email attempted to create urgency by telling the user they had a voicemail waiting to review. This is a common tactic because voicemail notifications are familiar, routine, and often expected by business users. The user entered their credentials into the fake website and even completed their MFA challenge. This is an increasingly common technique known as an "MFA phishing" or "adversary-in-the-middle" attack, where attackers capture both the password and the temporary MFA session in real time. While MFA is still extremely important and should always be enabled, modern phishing kits are now specifically designed to bypass it by proxying the authentication session directly to the legitimate service.Cybersecurity is no longer just about passwords. Attackers now target trust, habits, and user behavior.Fortunately, the client quickly recognized that something felt suspicious after completing the login process and immediately contacted IT support for assistance. Immediate Response Actions Because the incident was identified quickly, several important defensive actions were taken before the attackers were able to gain meaningful access. The account was immediately disabled to stop any active session activity while the incident was investigated. Login and audit logs were reviewed to determine whether unauthorized access attempts had occurred. During this investigation, it was discovered that Microsoft had already detected and blocked several suspicious sign-in attempts associated with the compromised session. Existing sessions were revoked and the user was logged out of all active destinations and devices to invalidate any stolen authentication tokens. Password resets and additional verification steps were also performed to ensure the account was fully secured before reactivation. Why the Email Was Dangerous One of the most important takeaways from this incident is that the phishing email still made it through Microsoft 365's phishing and spam protections even though security checks were properly configured. No email filtering system is perfect. Attackers constantly modify domains, wording, formatting, and delivery methods to avoid detection. Businesses should absolutely use advanced email filtering and phishing protection tools, but technical protections alone cannot fully eliminate the risk. Human verification remains critical. Best Practices to Avoid Similar Attacks There are several important lessons businesses and users can take away from this incident. Never Trust Links in Unexpected Emails Even if an email appears legitimate, users should avoid clicking login links directly from messages whenever possible. Instead, users should:Open a new browser window Navigate directly to the known website they normally use Log in from there instead of using the provided linkThis simple habit dramatically reduces the likelihood of credential theft. MFA Is Important — But Not Bulletproof MFA should absolutely still be enabled on every business account. It blocks the overwhelming majority of automated attacks and password reuse attempts. However, businesses should understand that MFA is not a complete replacement for user awareness training and monitoring. Modern phishing attacks increasingly target authenticated sessions rather than just passwords. Rapid Reporting Matters The reason this incident had a positive outcome is because the user acted quickly after recognizing something unusual. Too often users hesitate out of embarrassment or uncertainty. In reality, reporting suspicious activity immediately gives IT teams the best chance to contain the situation before damage occurs. Quick action can mean the difference between a minor security event and a full business compromise. Final Thoughts Cybersecurity today requires layered protection:Strong passwords Multi-Factor Authentication Email filtering Endpoint protection User training Monitoring and rapid responseNo single tool completely eliminates risk. This incident serves as an excellent reminder that attackers are constantly adapting, and businesses must continue adapting as well. The good news is that with the right processes, user education, and rapid response procedures, many phishing attacks can still be stopped before serious damage occurs. If your business would like assistance reviewing Microsoft 365 security settings, phishing protections, or user awareness training, Reboot Technology can help evaluate your current environment and identify areas for improvement.

Henry Mohn

Henry Mohn

Owner, Reboot Technology LLC

28 May, 2026

Start building smarter solutions for your business

Unlock the full potential of automation, insights, and productivity with PowerAI