Posts

8 Cold Hard Truths for SMBs Not Worried About Disaster Recovery and Business Continuity

27 The foundation of any successful business continuity solution is the ability to retrieve data from any point in time from anywhere. When the topic of data recovery and business continuity comes up, you get the feeling that many decision makers at smaller businesses and organizations wish they could channel their inner six year old, simply cover their ears, and sing “La, la, la. I Can’t Hear You. I’m Not Listening.” Everybody things bad things only happen to other people. Just because we hear about a fatal car accident on the morning news, doesn’t mean we fixate on that news when we ourselves get into a car and drive to work. So no matter how many times the owner or CIO of a small to midsize business (SMB) hears of other small businesses being crippled by hurricanes, tornados, fires, or flooding, they aren’t necessarily overcome with fear to the point that they feel an urgency to take action. Sure, they may think about backup and data recovery solutions a little more that day, but not enough to initiate immediate change or reverse a lenient approach to their processes. If you fall into this category, here are eight cold hard truths to consider

  1. It isn’t natural disasters or catastrophic losses like fires that take down small businesses but something far more sinister – malware. Cyber attacks through malware have grown exponentially in the past four years. Malware is hitting everything from PCs to Macs to mobile devices and it’s inflicting damage.
  2. Over half of the small businesses in the U.S. have experienced disruptions in day-to-day business operations. 81% of these incidents have led to downtime that has lasted anywhere from one to three days.
  3. According to data compiled by the Hughes Marketing Group, 90% of companies employing less than 100 people spend fewer than eight hours a month on their business continuity plan.
  4. 80% of businesses that have experienced a major disaster are out of business within three years. Meanwhile, 40% of businesses impacted by critical IT failure cease operations within one year. 44% of businesses ravaged by a fire fail to ever reopen, and only 33% of those that do reopen survive any longer than three years.
  5. Disaster recovery solution providers estimate that 60% to 70% of all business disruptions originate internally – most likely due to hardware or software failure or human error.
  6. 93% of businesses unable to access their data center for ten or more days filed for bankruptcy within twelve months of the incident.
  7. In the United States alone, there are over 140,000 hard drive crashes each week.
  8. 34% of SMBs never test their backup and recovery solutions – of those who do, over 75% found holes and failures in their strategies.

It’s critical that small businesses review their backup and disaster recovery processes and take business continuity seriously. Given the vulnerabilities associated with the cloud and workforce mobility, the risk of critical data loss today is quite serious and firms must be truly prepared for the unexpected.

CLICK HERE for a free network assessment.

Prevent Data Loss With IT You Can Trust

7 Small business has changed dramatically within the last decade. No change has been more profound than our dependency on information technology (IT) systems to support critical day-to-day business functions.

In today’s increasingly competitive high-tech environment, it is critical that all business operations run smoothly and efficiently. Business momentum, employee productivity and customer service all depend on an IT infrastructure that must be both accessible and secure at all times. Constant network availability has become essential to most small and midsize businesses (SMBs) today.

This reliance on IT systems has also created a stronger link between data center accessibility and total cost of ownership (TCO). Even minimal amounts of unplanned downtime today will result in lost revenue, productivity and negatively impact overall brand reputation.

Preventing or rebounding from downtime was once deemed the IT team’s problem, however, this unprecedented modern day dependence on technology has made the frequency and costs of downtime more of a business problem. Prolonged or recurring downtime can cripple small businesses and requires the attention and understanding of C-suite management in order to be properly addressed.

Unfortunately, many executives at SMBs are still not as tuned into daily network operations as they need to be. For this reason, they lack a true awareness of the frequency of downtime. This lack of insight and visibility is regrettably putting far too many SMB sat an increased risk for downtime and the costs associated with it.

Prevent detrimental downtime. CLICK HERE for a free network assessment.

4 Essential Pieces to Any Small Business BYOD Strategy

Believe it or not, once upon a time, kids at the bus stop didn’t have cell phones and the mobile device strategy of many businesses was typically you’ll take what you’re given, refrain from using it for any personal use, and the data may be scrubbed clean whenever we please.

We’ve come a long way.  Today, businesses really have no choice but to let employees use personal devices for work purposes.  Blurred lines now make it difficult to differentiate between what is professional and what is personal.  A company or organization may partially pay for an employee’s tablet computer or smartphone, but that same device is used to upload photos to Facebook or download torrents of this season of Game of Thrones.

Naturally, security and privacy issues are a concern since these devices synch to the company network.  Larger corporations may be able to hire IT support or produce sophisticated BYOD guidelines for employees to adhere to but smaller businesses have limited resources.

In fact, recent surveys suggest that the small business sector is doing very little to preemptively prepare for potential network security risks that could arise with the use of BYOD devices.  This could prove to be disastrous.

According to market stats from a survey conducted by Cisco in 2012, approximately 88% of employees are doing business on personal devices.     However, only 17% of companies currently have a BYOD security policy in place, and only 29% of companies have plans to implement a mobile device security plan in the near future. 22

Implementing a comprehensive BYOD policy right now, rather than when it’s too late, is important.  We’ve compiled a list of four items that any business currently building a BYOD strategy must consider.

  1. It must clearly be outlined what specific devices are permitted for work use.
  2. The company/organization must have the ability to remotely delete company-sensitive data from mobile devices without the device owner’s permission.  Remote deletion capabilities are much more refined these days; simplifying the removal of enterprise-related data from devices, while leaving other content like personal photos, contacts, apps and music downloads intact.
  3. Written policies should be put into effect that correspond with terms of use policies and any guidelines pertaining to remote/telecommute workers or the sharing of sensitive data.   There should be clearly defined consequences for violating any or all policies.
  4. Employee privacy should be discussed within the BYOD policy since employees often use these devices to check personal email, browse or post to Facebook and Twitter feeds, instant message, and store personal documents, photos, music and movie downloads.   Employees must understand that employers still have access to the content stored on these devices.  Location tracking, which gives employers the ability to locate employees, is also something to discuss since many people don’t necessarily welcome that kind of surveillance.

It is understandable that BYOD and more mobile employees have some small business owners feeling anxious and nervous.  But mobile management tools, periodic conversation, security checks, and research will do wonders when it comes to keeping small businesses safe.

Maintain security and safe BYOD practices. CLICK HERE for a free network and technology assessment.

The Technology Pains of Small Business

Small business owners are faced with quite the dilemma these days. While a reliable and secure network is a critical component to success, business owners are also being forced to scale back on costs and overhead as a means of basic survival in today’s economy.

Having a fully staffed IT department simply isn’t a viable option for a majority of small business owners. Many small businesses either have one full-time employee devoted to IT services or none at all. Both scenarios are recipes for disaster in an increasingly complex high-tech society.

One IT person, even a very small team, will likely be overworked and burdened by too many responsibilities. This can make a company’s business infrastructure increasingly vulnerable to breakdown, not from technology, but from human error.

13 A recent study conducted by Gartner projected that through 2015, people – not technology, will be responsible for up to 80% of technology failure. This number coincides with findings reported in the IT Process Institute’s Visible Ops Handbook stating that 80% of unexpected outages are due to poorly planned changes implemented by administrators and developers.

The forecast is even stormier for businesses with absolutely no IT support on payroll. These business owners have subscribed to the break/fix model of technology management. While this model can sometimes be out of necessity due to budget restraints, it can also stem from a state of ignorance or denial that their business is truly susceptible to technology failure. The overall health and profitability of their business is directly affected by the performance, reliability and security of its technology systems.

With the break/fix model, there is absolutely no proactive monitoring or management of their network. The only emergency plan for data loss or downtime is to call upon an IT specialist in an emergency 9-1-1 situation.

On average, these IT consultants charge $100 an hour. This doesn’t even factor in trip fees, surcharges, and standard repair costs in the range of $500 to $1000, or the costs of hardware and software upgrades. This method also results in more downtime, lost productivity, lost revenue, and a loss in overall customer satisfaction. Major network repairs require a minimum of 8-24 hours on average and most on-call IT consultants cannot get on site for up to 24-48 hours.

One has to also wonder if these consultants truly have the business owners’ best interest in mind. After all, they make their money when technology breaks down. Are they truly motivated to keep a client’s network running optimally and efficiently?

Well Cognocape is. CLICK HERE for a free network assessment.

Five Tips to Safe BYOD for SMBs

  1. Create a Mobile Device Policy and Enforce It

Don’t be afraid to spell out what employees are expected to do – and not do – with their mobile devices. It’s important to remember you aren’t only managing devices but people as well. This is where you define acceptable and unacceptable behaviors and make it clear that there will be no exceptions.

Clearly define what types of devices are allowed. While you want to support a mix of the devices employees are most likely to carry, a line has to be drawn somewhere to prevent things from becoming unmanageable. No company, especially a small one, needs to open up things to 30 mobile devices. Minimum standards for device age and capabilities should be set. Newer technology will obviously have better security features. For instance, anything before the iPhone 3G will not permit device-level encryption.

Every policy should address acceptable personal device use when it comes to webbrowsing, app downloads/usage, public Wi-Fi protocol, and data transmission/storage guidelines.

  1. Keep Devices Lock & Password Protected

Your employees are using devices they take with them everywhere. You have no idea where they are at any given moment of the day. More importantly, you can only hope that their mobile device is either with them or stored away safely. Devices that aren’t password protected, which are left out in the open unattended, pose a huge risk.

Keep in mind that 46% of people who use their mobile device for work admit to letting others use it from time to time. Many devices have free built-in security controls such as locked screens, the ability to remotely wipe out the device after multiple successive failed authentication attempts, and even GPS trackability.

Passwords should be strong and frequently updated. Employees should also be advised to not keep written passwords lying around.

  1. Immediately Disconnect Terminated Employees or Voluntary Leaves

Be sure to remotely wipe company data from the personal device of any employee who is terminated or voluntarily leavesthe company. Ideally, this data should be retrieved. This is one reason a SMBs mobile device policy must address where employees are to edit and save files. Many SMBs these days require all files to be shared, edited, and saved on Cloudbased software like Dropbox.

  1. Use Available Encryption Technologies

Business critical files, folders, and hard drives should be encrypted for reliable protection against unauthorized access. Encryption prevents sensitive data from being read by potential hackers as content is transferred to and from mobile devices. 21

  1. Use a Mobile Device Management (MDM) Solution

MDM solutions are a cost-effective means to ensure that any mobile device accessing their network is identified, controlled, and monitored. This method of centralized management makes it easy to configure devices for enterprise access, stipulates password policy and encryption settings, locates and remotely clears and locks any lost or stolen device, automates security updates, and proactively identifies and resolves device or app issues.

CLICK HERE for a free network assessment.

 

 

Common Causes of Downtime

Chart Zero In On Infrastructure Vulnerability to Data Center Downtime

Leading Causes of Downtime

  • Power Outages – 48%
  • Accidental Data Deletion – 31%
  • Employee Created – 29%
  • Virus/Malware – 25%
  • Application Failure – 20%

Power Related Outages – Vulnerabilities to a data center’s power still rank as one of the leading causes of unplanned network outages and can often be catastrophic. Particularly costly are UPS (Uninterrupted Power Supply) related failures (this includes batteries) and generator failures.

ZERO IN

To minimize the impact that power outages have on data center operations, and to prevent a potentially catastrophic unavailability of the data center, a dependable backup system is needed. This ensures the backup of critical data and applications is always in place in the event of equipment failure.

The integration of comprehensive infrastructure monitoring and management tools also minimizes the costs associated with identifying and repairing power system failures. Accidental Data Deletion and

Employee Created Downtime

Simple human error is a prevalent cause of downtime. Whether months of data is unintentionally lost in a backup error, a power cord is unplugged, a busy IT technician overlooks routine maintenance and alert monitoring, or there is an error in judgment during an emergency, to err is human and apparently quite frequent as well.

A study by the Gartner Group, an IT research and advisory firm, projected that through 2015, 80% of downtime will be due to people and process issues.

In the fall of 2010, foursquare – a widely used mobile check-in app – had a highly publicized outage of eleven hours, followed by another shorter service disruption the next day. All three million users of the app were affected and it was a chain of human mistakes that led to both outages. IT techs noticed that a server was storing too much data, but as the support team tried to resolve the issue, all the servers went down.

9 ZERO IN

Regardless of proper training, or the quality of IT technician hires, human mistakes will likely always lead to instances of a downed data center or network, especially considering the expected learning curve of adapting to new technologies. Ensuring proper communication amongst team members and adequate training at all levels is critical. Of course, it goes without saying that having a comprehensive backup strategy is also a necessity to counteract downtime and ensure business continuity regardless of who is having a bad day.

 

Virus/Malware/Hacks – SMBs are often guilty of thinking they are immune to hackers, viruses and malware. According to a National Cyber Alliance and Symantec survey, 77% of SMBs don’t believe they’re at risk for cybercrime while 83% admit to having no formal measures in place to counter these threats. This isn’t merely a threat to your data; it puts your bank account and the sensitive data of your customers at risk.

ZERO IN

Passwords should be regularly changed every few months. They should also be strong. This means no more passwords like “password” or “1234567.” Employees must be educated on security and precautionary measures. And there is no excuse for not having data backed up in this era of cloud computing and virtualization – where the entire contents of physical server – including the operating system, applications, patches and all data – can easily and cost-effectively be grouped into one software bundle or virtual server.

 

Application Failure – Many applications or their components contribute to recurring downtime. While virtualization offers many multi-faceted advantages it has also further exacerbated overlapping applications in the infrastructure. One small application component failure is now likely to impact many applications.

ZERO IN

It is critical that all components are profiled and there is a general understanding as to what each application does – the hardware resources used by the application and the software it integrates with. Identifying an owner will allow for better monitoring and recognition of failure points.

10

SMBs can benefit from a little help when it comes to properly implementing and leveraging this new technology to strengthen their disaster recovery efforts. Access to a 24/7 NOC (Network Operations Center) team offering remote monitoring and management solutions, along with a 24/7 help desk, can help SMBs improve backup, monitoring and troubleshooting processes for maximum uptime and business continuity.

CLICK HERE for a free network assessment.

 

Breach at eBay – Change Your Password Now

The following article is from krebsonsecurity.com

“eBay is asking users to pick new passwords following a data breach earlier this year that exposed the personal information of an untold number of the auction giant’s 145 million customers.

In a blog post published this morning, eBay said it had “no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.”

Assisted by federal investigators, eBay determined that the intrusion happened in late February and early march, after a “small number of employee log-in credentials” that allowed attackers access to eBay’s corporate network were compromised. The company said the information compromised included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. eBay also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users.

The company said it will begin pushing out emails today asking customers to change their passwords. eBay has not said what type of encryption it used to protect customer passwords, but it previous breaches are any indication, the attackers are probably hard at work trying to crack them.

If you’re an eBay user, don’t wait for the email; change your password now, and make it a good one. Most importantly, don’t re-use your eBay or PayPal password elsewhere. If you did that prior to today, it’s a good idea to change that password to something unique at the other sites that shared it. And be extra wary of phishing emails that spoof eBay and PayPal and ask you to click on some link or download some security tool; attackers are likely to capitalize on this incident to spread malware and to hijack accounts.

eBay and PayPal users who haven’t already done so should consider using the PayPal Security Key, a two-factor authentication solution that can be used to add for additional security on both sites.”

With as many breaches occurring in only the first half of 2014, the necessity for internet and information security is at an all time high. SMBs and healthcare providers dealing with sensitive information need to protect this info from security breaches and potential data loss as a result. CLICK HERE to sign up for a security audit.

Five Ways SMBs Can Minimize Data Loss

  1. Enforce Data Security – This is more or less the managing of the “human factor.” CIOs and those in SMB management roles must communicate data protection policies to staff and ensure their implementation. Rules must be set, particularly with personal devices, to enforce security policies. It can be as simple as sending reminders to not open email attachments from unknown sources, requiring passwords be reset every few months or the banning of specific file sharing or social networking sites. In May of 2012, security concerns led to over 400,000 IBM employees being banned from using the cloud storage service Dropbox and Siri – the iPhone personal assistant. While far from an SMB, if IBM can go that far and make such a demand to so many employees, an insurance agent can certainly remind his or her marketing representative to not play Farmville on Facebook if they’re using a laptop containing company and customer/client data.
  2. Stress the consequences – both personal and business – of not properly protecting confidential data. Encourage employees to make passwords difficult to crack. Patch holes in the infrastructure’s walls by identifying the most critical data. Perhaps a trusted IT advisor can help implement processes to better protect that data’s security perimeters.
  3. Mobile Device Management – Mobile Device Management grants SMBs a semblance of control over the mobile devices used within the company. Devices tapping into company system are identified and remotely monitored and managed 24/7. More importantly, they are proactively secured via specified password policies, encryption settings, and automated compliance actions. Lost or stolen devices can be located and either locked or stripped of all SMB-related data.
  4. Snapshots – Fully backing up large amounts of data can be a lengthy process. The data being backed up is also vulnerable to file corruption from read errors. This means sizeable chunks of data may not be stored in the backup and be unavailable in the event of a full restore. This can be avoided by backing up critical data as snapshots, which are read-only copies of data frozen to a specific point in time and stored using minimal disk space. These virtual snapshots are immediately available for restores in the event of data loss.
  5. Cloud Replication and Disaster Recovery Services – The cloud provides SMBs who consider data backup to be too costly, time consuming and complex with a cost-effective, automated off-site data replication process that provides continuous availability to business-critical data and applications. Cloud replication can often get systems back online in under an hour following a data loss.

6

CLICK HERE for a free network assessment.

Data Security Threats Every SMB Must Be Aware of

Human Error and Employee Negligence

1 Human error, by way of unintentional data deletion, modification, and overwrites, has become much more prevalent in recent years. Much of this is the result of carelessly managed virtualization technology. Virtualization and cloud computing have enabled improved business continuity by allowing entire servers – including all data, operating systems, applications, and patches to be grouped into one software bundle or virtual server and subsequently backed up. The catch is humans must still instruct this technology how to perform, which is why so much of today’s data loss is linked to human error. The complexity of these systems often presents a learning curve that involves quite a bit of trial by error. For example, a support engineer can accidentally overwrite his backup when he forgets to power off his replication software prior to formatting volumes on the primary site.

While most CIOs at SMBs are generally accepting and understanding that mistakes happen, they must be more stringent when it comes to managing risky negligent employee behaviors in this era of mobility and accessibility. Employee negligence puts a company or organization’s critical business data at risk of being stolen by cybercriminals or malicious employees. Examples of this negligent behavior include:

  • Leaving computer systems unattended
  • Weak passwords (“password” or “12345”) or passwords that aren’t frequently changed
  • Opening email attachments or clicking hyperlinks embedded with spam
  • Visiting restricted websites

5 Employee Mobility & Data Exposure

In the modern-day BYOD workplace, more people are doing daily business on their personal laptops, iPads and Blackberrys. They are also carrying around portable media like thumb drives, USB sticks and CDs.

These devices are not always backed up or secured by IT administrators. There is not only the potential for these devices to be lost or stolen but there is also a very high probability that employees using them are also accessing personal email, downloading music, browsing the web, playing games and hanging out on Facebook. This makes sensitive data susceptible to malware, viruses and hackers. All of this substantially ups the likelihood of data loss incidents.

Prevent data loss. CLICK HERE for a free network assessment.

Decreasing Business Costs and Risks of Costly Data Loss

4 We live in a 24/7 global economy that is more dependent than ever on technology. Even the technology of small and medium sized businesses (SMBs) houses sensitive digital data – employee and customer information, internal emails, documents and financial records, sales orders and transaction histories. Not to mention applications and programs critical to daily business function and services. Employees at SMBs require continuous access to the critical business data needed to meet the demands of the customers or clients they service. They even want this access while they’re at home or on the go running errands. To satisfy this demand, many companies and organizations now allow employees to BYOD (Bring-Your-Own-Device) and “do business” using their personal laptops, tablets and mobile phones. The web, Wi-Fi networks and mobile devices with robust memory and battery life have made this constant access to a SMBs back office infrastructure a reality. Regrettably this flexibility and freedom is accompanied by an ominous risk of data loss.

Just a single data loss or breach can be costly to SMBs. Data losses and leaks come with lingering continuous costs that many SMBs cannot easily shake or overcome. Revenue is lost if employee productivity and customer accessibility/service are stalled by data loss. The expenses associated with internal research and investigation, system repair and maintenance, and data security protection are another heavy price SMBs must pay. If cybercrime is involved, affected customers must be notified, the potential exists for litigation, and many customers will likely never return due to mistrust.

While corporate-level data losses are well publicized, many SMBs mistakenly believe their data isn’t at risk. This mistake can prove to be a costly one.

3 Why C-Suite Management at SMBs Can No Longer Ignore Data Loss

  • Following a significant data loss, it is estimated that SMBs can lose up to 25% in daily revenue by the end of the first week.
  • According to the National Archives & Records Administration in Washington, 93% of companies that have experienced data loss, and prolonged downtime for ten or more days have filed for bankruptcy within twelve months of the incident. 50% wasted no time and filed for bankruptcy immediately. 43% of companies with no data recovery and business continuity plan actually go out of business following a major data loss. How quickly can your business be restored if critical data is lost? When was the last time backup processes were tested to ensure all data is recoverable and business operations are quickly restored?
  • A survey conducted by Symantec SMB revealed that fewer than half of SMBs surveyed backup their data each week. Only 23% of those surveyed said they backup data every day and have a business continuity plan in place.
  • The percentage of cybercriminal attacks targeting businesses with fewer than 250 employees doubled in 2012. The vulnerabilities of naïve small business owners have been noted, and hackers have now placed the proverbial bull’s-eye on these perceived weak links.

If sensitive customer data is leaked, SMBs may face overwhelming financial liabilities, which could include reimbursing affected customers and legal fees.

2

Businesses today are playing on a much bigger playing field than they were two decades ago. Any SMB that trusts the security and backup of critical business data with a limited and overburdened in-house IT team, or forsakes internal IT support altogether for emergency on-call help when things go bad (Break/Fix Mentality), is playing with fire and begging to be burned.

Any disruptive or invasive technological event – even the smallest of incidents – can have an amplified impact on day-to-day business and profitability. Being proactive with data recovery solutions, and having emergency response procedures in place prior to a disruption or data disaster, is the only way to get critical data restored immediately to the data center, minimize downtime, protect customer and client data and soften the impact of such events.

Don’t let this happen to you. CLICK HERE for a free network assessment.