Event Logging: The Quiet System That Catches Breaches Before They Become Disasters

It's 9.30am on a Tuesday and one of your staff has just called to say they cannot log in. You reset their password and move on. But what if that failed login was not a forgotten password? What if it was someone probing your system for a way in? Without event logging in place, you would never know - and neither would anyone else until it was too late.

Event logging is simply the automatic recording of activity across your IT systems. Every login, every file opened, every system change gets recorded with a timestamp. On its own, that sounds unremarkable. But when something goes wrong - whether it is a ransomware attack, a data breach, or a staff member accessing records they should not - that log is the difference between understanding exactly what happened and having no idea where to start.

For healthcare practices and legal firms in Canterbury, this matters more than most. The NZ Privacy Act 2020 requires that personal information is kept secure and that you can demonstrate reasonable steps were taken to protect it. If a breach occurs and you cannot show what happened, when, and how it was contained, you are in a difficult position with the Office of the Privacy Commissioner. Event logging is part of how you demonstrate that you took security seriously.

When event logging is set up properly, your IT environment is constantly recording the things that matter - who is logging in, what files are being accessed, and what changes are being made to your systems. You do not need every digital footstep recorded. What matters is the activity most likely to signal a problem: failed login attempts, access to sensitive client records, software being installed outside normal hours. A good setup filters the noise and surfaces what is worth paying attention to.

Logs are also stored centrally and protected from tampering. This is important because attackers routinely try to delete or alter logs to cover their tracks. Encryption and write-once storage prevent that. It means that even if something does go wrong, you have an accurate record to work from - whether for your own investigation, a notification to CERT NZ, or a response to a privacy complaint.

The other piece that most small practices miss is review. Logs only help if someone is actually looking at them. Automated alerts flag critical events in real time - a string of failed logins, an account accessing files at 2am - so that action can be taken before damage is done. Periodic reviews catch slower-moving patterns that automated alerts might miss. Neither of these things requires your team to become IT experts. They require the right setup and the right people monitoring it. Understanding the difference between malware and ransomware helps your team know what kinds of events are worth escalating.

If your practice does not currently have event logging in place, or you are not sure whether what you have is actually being monitored, that is worth finding out. Managed IT support for professional services businesses typically includes log management as a core part of the service - not something you need to think about separately. A broader look at your cybersecurity posture for your business will often reveal gaps that go hand in hand with logging.

ITstuffed works with small professional services businesses across Canterbury. If you want to know whether your current setup has this covered, a 15-minute IT Fit Check is a good place to start.