Posts

Data Loss Can Cause You To Shut Down

52 Small and medium sized businesses today are relying more than ever on IT systems to efficiently run their business, support customers and optimize productivity. These systems house sensitive digital data ranging from employee and customer information, to internal emails, documents and financial records, sales orders and transaction histories. This is in addition to applications and programs critical to daily business functions and customer service.

While corporate-level data losses and insider theft are well publicized, many smaller businesses have also become casualties of data loss and theft. Following a significant data loss, it is estimated that a small-to-medium sized business can lose up to 25% in daily revenue by the end of the first week. Projected lost daily revenue increases to 40% one month into a major data loss.

According to The National Archives & Records Administration in Washington, 93% of companies that have experienced data loss, coupled with prolonged downtime for ten or more days, have filed for bankruptcy within twelve months of the incident while 50% wasted no time and filed for bankruptcy immediately. Finally, 43% of companies with no data recovery and business continuity plan actually go out of business following a major data loss.

Still, a survey conducted by Symantec SMB revealed that fewer than half of SMBs surveyed backup their data each week. Only 23% of those surveyed said they backup data every day and have a business continuity plan in place.

Businesses play on a much bigger playing field than they did two decades ago. Any disruptive technological event – even the smallest of incidents – can have an amplified impact on day-to-day business and profitability. Being proactive with data recovery solutions, and having emergency response procedures in place prior to a disruption or data disaster, is the only way to minimize downtime and soften the impact of such events. CLICK HERE for a free network assessment.

Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe

69 Not too long ago, the New York Times’ website experienced a well-publicized attack, which raises the question – how can this happen to such a world-renowned corporation? If this can happen to the New York Times, what does this bode for the security of a small company’s website? What’s to stop someone from sending visitors of your site to an adult site or something equally offensive?

The short answer to that question is nothing. In the New York Times’ attack, the attackers changed the newspapers’ Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let’s get into the specifics of the attack and explain what DNS is.

The perpetrators of the New York Times’ attack targeted the site’s Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.

Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Times’ site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted.  Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.

For now… There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road. Here are a few ways to stay safe:

Select a Registrar with a Solid Reputation for Security

Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site’s files. Nonetheless, recent DNS attacks are concerning because they’re far more than the average password hack.

It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar’s directory. What’s particularly frightening is the registrars attacked had solid reputations. The New York Times, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.

So what else can be done?

Set Up a Registry Lock & Inquire About Other Optional Security

A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.

Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.

While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.

CLICK HERE for a free network assessment and avoid cybercrime with Cognoscape.

6 Steps to Better Data Backup Practices

  1. Think Quicker Recovery Time, Not Quicker Backup – While incremental backups are much faster than executing a full-backup, they also prolong recovery time. In the event of data loss, a full restore will require loading the most recent full backup and then each incremental backup tape. Having too many incremental backup tapes not only adds time to this restoration process, but it also increases the probability of not recovering all of your data. A tape could be lost, unintentionally skipped over, or contain corrupted data. Be sure to focus on optimizing the restore time to ensure faster data recovery. A quicker recovery time should be the main objective, not the need for a quicker backup process.

43

  1. Maintain Sufficient Backup History – Within the blink of an eye, current data files can become corrupted and inaccessible. This will necessitate the loading of an earlier data backup that is clean of corruption. Many smaller companies make the mistake of failing to keep a sufficient backup history.
  1. Be Sure to Backup Essential Data AND Applications – Some businesses don’t feel the need to backup all data, but be sure essential databases, documents and records are backed up frequently. Don’t overlook applications that are critical to day-to-day business operations either. Many companies fail to backup applications, only to realize when it’s too late that they don’t have access to the original installation disks when they’re trying to recover from data loss or an outage.
  1. Have Off-Site or Online Backup – Some businesses backup data simply by moving essential files to tapes or external hard drives that are then stored somewhere onsite. But if they’re kept onsite, what happens if a fire, flood or other natural disaster takes out not just your server but your backup tapes and drives? Onsite backups can also be susceptible to theft. Having secure off-site, or even online backup, is simply the smart thing to do to ensure quick recovery when trouble comes to town.
  1. Fix Broken Access Controls on Your File Server – Many businesses have folders with confidential data residing on a file server with overly permissive access controls. Why take the risk of having a disgruntled – even former – employee access and misuse this data when access can be limited to only those in the company who need it?
  1. Be Sure to Test Restores – It happens time and time again. Business owners think they have a data backup plan in place. Tapes are changed diligently each day and everything appears to be backed up and good to go. However, it turns out the backups haven’t been working for months, sometimes even years, right at the very moment they’re needed. Either the backups had become corrupt and useless, or large segments of data were not being backed up. This happens often. Don’t let it happen to you.

Avoid data loss before it happens. CLICK HERE for a free network assessment.

Cybercrime and SMBs

 WHAT HAPPENS ON MAIN STREET STAYS ON MAIN STREET

When hackers breach the security of corporations it makes headlines, yet there is rarely a mention when cybercrime hits small to medium sized businesses (SMBs). Very few people are even aware that today’s cybercriminals are targeting SMBs, not just supersized global businesses. According to Verizon’s 2013 Data Breach Investigations Report, 71% of the data breaches investigated by the company’s forensic analysis unit targeted small businesses with fewer than 100 employees. Of that group, businesses with less than 10 employees were the most frequently attacked.

55 EVERYONE IS A VICTIM WHEN IT COMES TO CYBERCRIME

The loss and exposure of confidential data from a cyber-attack is costly to both the people victimized and the businesses whose data was compromised.

For the victim, hackers typically retrieve personal information, bank account, credit card and social security numbers, resulting in identity fraud. The stress and time involved to reclaim their identity and get their financial house back in order is beyond measure.

For businesses, there are 47 state-specific DBN (Data Breach Notification) laws in effect in the United States. Adding to the complexity and costs of this process is the fact that laws and compliance obligations vary from state to state. A breach of customer data in Pennsylvania will have different breach notification and follow-up requirements than a breach involving a customer in Massachusetts. This means firms servicing customers and clients from more than one state are responsible for these duplicative legal, regulatory and compliance burdens.

CYBERCRIME COMES AT A HIGH PRICE FOR SMBs

According to research compiled by the Ponemon Institute in their 2nd Annual Cost of Cyber Crime Study, the average cost per breached record in the U.S. is anywhere between $150 to $200. This amount factors in the costs of the investigation and notification process, fixing the issue that led to the breach, possible liability and litigation costs, lost business, and the time and effort that go into damage control. In many cases, a damaged reputation may prove to be irreparable. Nearly two-thirds of victimized companies are out of business within six months of a significant cyber-attack, making cybercrime the death knell for many SMBs. This is because the consequences of cybercrime extend well beyond the actual incident and have long-lasting implications.

Small businesses obviously don’t have the same financial footing to rebound and carry on with business as usual in the way organizations like Target, Amazon, Apple, or Citibank can.

Symantec’s research found that customers affected by security breaches are generally less forgiving of smaller businesses, especially smaller online retailers, than larger companies. SMBs are contending not only with lost revenue and expenses, but also the possibility of never regaining the trust of customers, clients and business partners.

Symantec’s 2012 State of Information Survey found that nearly half of all SMBs admitted to a data breach damaging their reputation and driving customers away. 53

The trend of cybercriminals preying on smaller businesses doesn’t seem to be waning. According to Symantec, the number of cybercrime attacks targeting firms with fewer than 250 employees jumped from 18 percent of all attacks in 2011 to 31 percent in 2012.

WHY CYBERCRIMINALS ARE ZEROING IN ON SMALL BUSINESSES

Large corporations have the resources to invest heavily in the most sophisticated security strategies and successfully stop most cybercrime attempts. A typical large enterprise may have over twenty in-house IT dedicated employees ensuring that every device connecting to their network is adequately protected.

In comparison, SMBs have neither the money nor the manpower of large enterprises and can’t afford the same level of security. Very few SMBs have fulltime IT dedicated personnel on hand to run routine security checks. Even those who do have in-house IT support often find that their internal resources are too bogged down with other tasks to properly address security upkeep.

A joint survey of 1000 SMBs conducted in September of 2013 by McAfee Internet Security and Office Depot further confirms how lax many SMBs are when it comes to protecting their data. 54

Not only have SMBs become easy prey for cybercriminals, but their sheer abundance also makes them an alluring target. There are roughly 23 million SMBs in the United States alone. Half of that figure is comprised of home-based businesses. Even in a struggling economy, it’s projected that there are still an estimated 500,000 startups launching every month with only a handful of employees.

SMBs ARE NOT “TOO SMALL TO MATTER”

Since most cybercrimes affecting smaller businesses go unreported by the media, there is no sense of urgency by SMBs to prepare for cyber-attacks. Too many SMBs mistakenly view their operations and data as trivial to hackers. They feel that large online retailers, global banks, and government entities are much more attractive targets for hackers.

The goals and methods of cyber attackers are evolving and will continue to evolve. The era of one “big heist” for hackers is over. Cybercriminals today often prefer to infiltrate the data of many small businesses at once, stealing from victims in tiny increments over time so as to not set off an immediate alarm. This method takes advantage of those SMBs who are especially lax with their security processes and may not even realize there has been a security breach for days or sometimes even weeks. SMBs must end the “It will never happen to us” mindset. For instance, political “hactivists” have been responsible for a number of high-profile Denial-of-Service (DDoS) attacks in recent years. The goal of a hactivist is to disrupt the status quo and wreak havoc on the technology infrastructure of larger corporations and government entities. It’s a form of cyber anarchy: A “stick it to the man” philosophy spearheaded by groups like 4chan, Anonymous, LulzSec, and Anti-Sec.

An owner or Chief Information Office (CIO) at a SMB may read of these high publicized attacks in the press and not think anything of it. They aren’t Sony, Apple, or the Department of Defense, so why would a hactivist target their data? But it’s estimated that there are on average 1.29 DDoS attacks throughout the world every two minutes and such activity is much broader in scope than the press may lead us to believe.

SMBs- THE ACCESS RAMP TO BIGGER & BETTER DATA

One reason small businesses are more vulnerable is they’re often the inroad to larger better-protected entities. They are often sub-contracted as a vendor, supplier, or service provider to a larger organization. This makes SMBs an attractive entry point for raiding the data of a larger company. Since larger enterprises have more sophisticated security processes in place to thwart cyber-attacks, SMBs often unknowingly become a Trojan horse used by hackers to gain backdoor access to a bigger company’s data. There is malware specifically designed to use a SMBs website as a means to crack the database of a larger business partner.

For this reason, many potential clients or business partners may ask for specifics on how their data will be safeguarded before they sign an agreement. Some may require an independent security audit be conducted. They may also ask SMBs to fill out a legally binding questionnaire pertaining to their security practices.

Moving forward, a SMB that is unable to prove they’re on top of their infrastructure’s security will likely lose out on potentially significant deals and business relationships. More large enterprises are being careful to vet any business partners they’re entrusting their data to.

CLICK HERE for a free network assessment.

Understanding How Data Loss Happens – The Four Main Reasons

43 Small business owners are often worried about data loss. Rightly so, because data loss has the potential to wipe out a business. We have identified the most common forms of data loss so you can see how they fit into your business and assess the risks related to each of these pitfalls.

1. Human Error – Human error – by way of unintentional data deletion, modification, and overwrites – has become much more prevalent in recent years. Much of this is the result of carelessly managed virtualization technology. While virtualization and cloud computing have enabled improved business continuity planning for many businesses and organizations, humans must still instruct this technology how to perform. The complexity of these systems often presents a learning curve that can involve quite a bit of trial and error. For instance, a support engineer may accidentally overwrite the backup when they forget to power off the replication software prior to formatting volumes on the primary site. They will be sure to never do that ever again, but preventing it from happening in the first place would be more ideal.

2. File Corruption – Unintended changes to data can occur during writing, reading, storage, transmission and processing – making the data within the file inaccessible. Software failure is a leading cause of data loss and is typically the result of bugs in the code. Viruses and malware can also lead to individual data files being deleted and hard drive partitions being damaged or erased.

3. Hardware Failure – Storage devices may be at risk due to age, or they may fall victim to irreparable hard-disk failure. Viruses and hackers can also potentially shut down a hard drive by inserting undeletable malicious code and huge files via open, unprotected ports. If these malicious programs cannot be deleted, the entire hard drive may have to be reformatted, wiping out all the data.

4. Catastrophic Events/Theft – The threat of catastrophic events such as fire, flooding, lightning and power failure is always a concern. Such events can wipe out data in a millisecond with no warning. Theft is also a data loss risk that companies must address. While advances in technology like anytime/anywhere connectivity, portability and the communication/information sharing capabilities of social media and crowdsourcing have revolutionized business – the risk for theft is even greater due to this increased accessibility. More people are doing daily business on their laptop, iPad and mobile phones. They are also carrying around portable media like thumb drives, USB sticks and CDs. Physical theft of any of these devices can spell big trouble.

Data loss is as unique as the various sources from which it comes. The key is to identify the areas in which your business is weak and work towards a mitigation plan for each one of them. An MSP can act as a trusted partner in such cases, holding your hand through the process of safeguarding your data.

Prevent data loss with Cognoscape. CLICK HERE for a free network assessment.

Business Continuity and Disaster Recovery for Small Businesses

31 As a small business owner, you owe it to yourself, your employees, stakeholders, and any customer you serve to honestly answer this one question: Is your business resilient enough to withstand short or long-term interruptions to its operations?

The answer should be immediate. If you have to pause or think for one second before responding, the answer is no. Each day of business brings with it unforeseen risk. Whether it’s catastrophic weather conditions, cyber- security threats, or the vulnerabilities of the technology we’re dependent on to perform daily work functions, there must be both a business continuity (BC) and disaster recovery (DR) plan in place. There must also be complete confidence in the effectiveness of the BC/DR strategies that are implemented.

The truth of the matter is most small-to-medium sized businesses (SMBs) aren’t doing nearly enough when it comes to continuity and disaster planning. It’s inconceivable that in this era where smaller businesses store more sensitive data than ever before, and the risk of losing this data is so great, that a 2011 Systematic survey revealed that up to 57% of small businesses still have no business continuity or disaster recovery plan in place.

A few years ago, a study conducted by Forrester Research concluded that 66% of businesses with fewer than one hundred employees admitted to having no tested response to not just tech issues like a downed server or network but disasters, emergencies, and power outages.

Let’s break down some of the potential costs of short and long-term business interruptions, why far too many SMBs don’t have a solid business continuity/recovery plan in place, and the necessary steps SMBs can take to get prepared.

 

A Competent BC/DR Strategy Is a Must

Often misconceived as a problem for the “big guys,” business continuity is a concern for businesses and organizations of all sizes – whether there are 5 or 5,000 employees. The costs of having no solutions in place are too high for many smaller companies to rebound from.

Several hours of unplanned downtime can result in thousands of dollars lost each hour. That’s the kind disruption a small business may face from a shorter-duration tech issue or power outage. Imagine the consequences of longer lasting outages, where a business may be down for days or weeks, as seen in natural disasters like Hurricane Sandy and Hurricane Katrina, or acts of terror like the 2001 World Trade Center attack.

Beyond the immediate tangible costs of outages like lost productivity and revenues, there is also an intangible domino effect that may be harder to quantify. The repercussions can greatly exacerbate the total losses over time, for instance:

  • Customers/Clients Jumping to a Competitor: The web hosting company1&1 Internet, Inc. reported that 72% ofweb users admit to abandoning a businessfor a competitor if they can’t instantlyaccess a company website or encounternumerous error messages, problemsplacing an order, or issues accessing onlinefeatures/support. People want immediategratification today and will take theirdollars elsewhere if they don’t get it.Even more alarming is the fact that 58%are likely to never return, which meansthe loss of long-term revenue streams.Perhaps they may be more forgiving inthe event of a crisis like a natural disasterbut there will still be those who go to acompetitor and never come back.
  • Word-of-Mouth/Negative Brand Reputation: Thanks to the power of socialmedia, those frustrated by instances ofdowntime will take to Facebook or Twitterto quickly spread their vitriol. Brandbuilding and reputation managementare critical to small businesses. Anynegative attention and publicity broughton by downtime can have long lasting consequences.
  • Disgruntled Employees: In small companies or organizations, the burden of troubleshooting recurring tech issues or getting a system back online will typically fall upon the shoulders of an already busy, possibly overworked, employee. This multi-tasking employee will have to sacrifice bigger priorities to constantly play damage control. He or she will sometimes have to do this outside of normal work hours and may be pulled away from projects that generate revenue. If they aren’t happy about this, they may seek employment elsewhere. Both high turnover and the inability to use an employee’s knowledge and skill set for revenue generating tasks are costly to small-to-medium sized businesses.

Too Many SMBs Aren’t Prioritizing BC/DR Plans

Businesses are fueled by information. They are defined by their ability to efficiently and safely handle the data and vital information they generate or process on a daily basis. It is this data that keeps their day-to-day business functioning, ensuring optimal customer service and interaction. While protecting data is a priority for large enterprises, small-to-midsize business owners have the same responsibility but are challenged by limited budgets. For a start-up, the entire focus must be customer-facing, with few resources directed at anything not driving short-term revenues.

This means far too many SMBs today are failing to employ some very basic safeguards to ensure BC/DR.

A September 2011 CDW Business Continuity Straw Poll suggested that 82% of U.S. service disruptions could be reduced or altogether eliminated by even the most basic BC/DR plan. So why aren’t more SMBs taking these precautions?

  • Failure to Recognize a Problem: Most SMBs don’t think about business continuity or disaster recovery until it’s too late and they’re scrambling to recover after being taken down. It’s ironic since so much focus goes into keeping a business sustainable by growing sales, or outdoing the competition, yet a vital part of “staying in business” is overlooked when it comes to their supporting technology.
  • Intimidating and Complex Planning Tools: SMBs looking to streamline costsand simplify procedures will sometimeswrite off BC/DR practices as unnecessary.Those who do recognize the importanceof preparedness are often overwhelmedby the complex technical jargon thataccompanies business continuity planningand don’t know where to begin when theyhear terms like “business impact analysis”and “risk assessments.”
  • They Feel as if They Can’t Afford It and They’re On Their Own: Decision-makers may know they’re living on theedge without a tested strategy, however,they don’t realize that new technologytrends, and the availability of productslike managed service providers (MSPs),can reduce costs and save on resources.MSPs can leverage their knowledge of anSMB’s specific needs with the numerouscloud and hosted backup and recoverytools currently available today.

Create a plan. CLICK HERE for a free network assessment.

 

Breach at eBay – Change Your Password Now

The following article is from krebsonsecurity.com

“eBay is asking users to pick new passwords following a data breach earlier this year that exposed the personal information of an untold number of the auction giant’s 145 million customers.

In a blog post published this morning, eBay said it had “no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.”

Assisted by federal investigators, eBay determined that the intrusion happened in late February and early march, after a “small number of employee log-in credentials” that allowed attackers access to eBay’s corporate network were compromised. The company said the information compromised included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. eBay also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users.

The company said it will begin pushing out emails today asking customers to change their passwords. eBay has not said what type of encryption it used to protect customer passwords, but it previous breaches are any indication, the attackers are probably hard at work trying to crack them.

If you’re an eBay user, don’t wait for the email; change your password now, and make it a good one. Most importantly, don’t re-use your eBay or PayPal password elsewhere. If you did that prior to today, it’s a good idea to change that password to something unique at the other sites that shared it. And be extra wary of phishing emails that spoof eBay and PayPal and ask you to click on some link or download some security tool; attackers are likely to capitalize on this incident to spread malware and to hijack accounts.

eBay and PayPal users who haven’t already done so should consider using the PayPal Security Key, a two-factor authentication solution that can be used to add for additional security on both sites.”

With as many breaches occurring in only the first half of 2014, the necessity for internet and information security is at an all time high. SMBs and healthcare providers dealing with sensitive information need to protect this info from security breaches and potential data loss as a result. CLICK HERE to sign up for a security audit.

3 Points of Data Recovery

Doing data backup is easy.  Considering the needs for data recovery is where many go wrong.  There are 3 points of data recovery that must be considered when putting together a proper Backup and Disaster Recovery plan.

1. Recovery of a File – Very simple and straight forward, you must be able to recover data files.  Can you recover deleted files from every location people save files?  Most files reside on the server or in a document management system.  Are people saving these documents on their workstations while they edit them?  What happens if Microsoft Word crashes?  I am sure that the file server is backed up, but is it backed up often enough?  Daily backups taken over night are typically not sufficient in most modern networks.

2. Recovery of a Server – Many business owners take comfort in that fact their server is being backed up without ever considering what recovering the server really means.  How long will it take to get a replacement server?  Will the same type of server be available? How do people work while waiting for the hardware?  Once you have the replacement server, how long will it take to restore it to service?  With many backup solutions, restoring requires the server OS and applications to be reinstalled before the data is restored.  It adds another level of complexity (and time) when recovering to dissimilar computer hardware.

3. Recovery of a Site– Unfortunately, disasters do happen.  Here in Texas the media has been marking the ten year anniversary of the tornado that ripped through downtown Fort Worth destroying buildings and ravaging businesses.  We have also been seeing all the coverage of earthquakes.  And let’s not forget about fires.  A recent study discovered that, of companies experiencing a “major loss” of computer records, 43 percent never reopened, 51 percent closed within two years of the loss, and a mere 6 percent survived over the long-term.  Having a plan and being able to recover quickly can greatly improve the chances of the business surviving.

A Complete Solution that addresses all of these points –
A good backup system should allow for quick and flexible restores that allows for recovery of files, folders, partitions, mailboxes/messages, databases/tables using a quick and intuitive process.  A 15-minute incremental based backup allows restores to be done from any point in time, allowing for multiple versions of files, folders, messages/mailboxes, database/tables to be restored.

If any of your servers fail, a good data backup solution will include virtualization technology embedded in the Network Attached Storage (NAS) that allows customer servers and applications to be restored and rebooted in less than 30 minutes in most cases.  As you may sometimes wait several days in order to receive replacement servers from vendors, your NAS can have your business up and running.  The NAS multitasks so that, even while functioning as a virtual server, it can continue to back up data from other devices plugged into the NAS.  This technology thus allows you to remain in business without any significant loss of data backup, server functionality, or application downtime.  In case of a complete server failure the solution should support a bare metal restore to new hardware which has a different configuration, hardware and drivers as compared to the failed server.

Transmitting data to a remote site is another key component of a worthy Backup and Disaster Recovery Plan. It guarantees that, in case of physical damage to the client’s network or NAS, or even regional disaster, the data is safe. Encryption is required in transmitting data between the NAS and the remote sites, because it greatly reduces the risk of data loss incidents that plague magnetic tape and prevents man-in-the-middle attacks during transmission.  Of course a key consideration of off-site backup is the amount of time it could take to restore data over the Internet.   Solutions that offer both transmission as well as emergency delivery of a new device with the most recent image are doubly effective.

In summary, the most important aspects of Backup and Disaster Recovery are to first, have a specific plan, second have a well thought out and comprehensive plan that matches the requirements of your business and lastly, to consistently manage and test your BDR solution.   In an age of document management, EMR, paperless office, HIPAA, HITECH, Sarbanes Oxley, eDiscovery, etc., a reliable Backup and Disaster Recovery solution are paramount to the longevity of your business.