Blog

March 23rd, 2015

BusinessContinuity_Mar23_BBusinesses can face disasters at the most unexpected times, whether that’s a flash flood that takes down your servers or a sudden power outage during a thunderstorm. And when these events do happen, you as a business owner must have a business continuity plan (BCP) in place, to ensure that your company doesn’t go out of business for good. But for most people who are new to business continuity, words and terms used by BCP experts may sound like a different language. Here are some popular business continuity terms that are often tossed around.

Battle box - a tool box where necessary equipment and vital information are stored. These objects and pieces of information should be useful in a disaster. Typical items include a first aid kit, laptop, protective equipment, and communication devices.

Business impact analysis (BIA) - a process to evaluate the impact that a disaster may have on a business. The BIA shows what a business stands to lose if some parts of its functions are missing. It allows you to see the general picture of your business processes and determine which ones are the most important.

Call tree - a comprehensive list of employee contacts and their telephone numbers. Call trees are used to notify out-of-office employees about a disaster. Companies can use a software program to contact people on the call tree by sending automated emails and text messages. In order for a call tree to work, employees should provide alternative contact options and their information must be up to date.

Data mirroring - a duplication of data from its source to another physical storage solution or the cloud. Data mirroring ensures that crucial information is safe, and companies can use the copied data as backup during a disaster.

Exercise - a series of activities designed to test a company’s business continuity plan. When an exercise is carried out, there will be an evaluation to decide whether a BCP is meeting standards or not. An exercise can identify gaps in, and the drawbacks of, a BCP and is therefore used as a tool to revise and improve a business continuity plan.

Hot site - an alternate location equipped with computers, communication tools and infrastructures to help a business recover information systems affected by the disaster.

Plan maintenance - a process of maintaining a company’s business continuity plan so that it is in working order and up to date. Plan maintenance includes scheduled reviews and updates.

Recovery time objective (RTO) - a period of time in which companies must recover their systems and functions after a disaster. This is the target time for a business to ideally resume its delivery of products and services at an acceptable level. RTO may be specified in business time (e.g. one business day) or elapsed time (e.g. elapsed 24 hours).

Business continuity plans can be a hassle to design and implement without proper understanding of their requirements. If you want to learn how you can protect your business from disasters, give us a call today.

Published with permission from TechAdvisory.org. Source.

March 9th, 2015

BusinessContinuity_Mar09_AYou’ve been putting that business continuity plan off for months now, but you’ve finally decided to go through with it. You start by talking to members of your staff, partners and service providers. And it doesn’t take long to see that everyone has a different opinion about what to recover first when disaster strikes. The head of your IT department demands your servers are top priority, while your Vice President argues that without network security being reestablished pronto, your business is left vulnerable to even further damage. Who’s right? It may be difficult to decide. That’s why we’ve compiled these fundamental ideas to consider when drafting your business continuity plan.

Speak to many members of your organization

And not just your IT department - which may sound like a bit of an oxymoron coming from an IT provider’s blog. However, the reason behind this is simple. Suppose you have an IT staff member called Jane, who is responsible for a series of applications that automate your e-commerce system. If you call a business continuity meeting concerning to identify assets to prioritize during a disaster, what do you think Jane will say? She’ll likely point to her group of applications, since to her this is what she prioritizes and spends her days on. And it’s not just Jane; each staff member will probably voice that their particular job (whether that’s security, server maintenance or something entirely different) needs to be prioritized. It’s human nature to think of your responsibility and role first. We all do it.

The key is to get more than one opinion. It’s not a bad idea to start with the leaders of your company, and then work your way down. Leaders generally think in a broader sense about your organization as a whole, rather than one particular facet of it.

Consider where your business is going

When developing your business continuity plan, it’s easy to fall into the trap of thinking about your business as it is today. While you’ll draft your plan in the present, it needs to be created with the future in mind. For example, if you’re considering joining the Cloud or virtualizing your servers in the next year or so, how is this going to impact your plan? It’s smart to think of this sooner rather than later, as it could cause a major shift in your priorities. If you start deploying your business continuity plan but then have to switch gears further down the line, it’ll likely cost your company a lot of money.

Examine the interdependency of your business

Remember to connect the dots between your IT department and business processes. For instance, if your email system can’t run without the use of a particular IT application, it will do no good for you to have your email system as a priority 1 issue and that IT application as a priority 3. In this scenario, the IT application would need the same priority as the email system - if not higher, or else your email system will simply not work.

The point is to map out the interdepencies of your business processes and IT, so that you know what depends on what. That way you’re not left in a pickle when disaster strikes.

Need help getting started with your business continuity plan? Contact us today to learn how we can help.

Published with permission from TechAdvisory.org. Source.

March 2nd, 2015

Trouble aheadIn the unexpected event that a disaster strikes, you need to have a continuity plan to keep your business running. If you don’t have one, or if your existing plan is outdated and ineffective, your business is at risk of losing potential clients and credibility. Imagine you’re halfway through a product presentation, when suddenly the whole building’s power goes out and the screen goes pitch black. Not impressive at all. This is why you must have a business continuity plan in place to minimize damage and prepare for emergencies.

Relevant factors such as your business’s resources, location, suppliers, customers, and employees must be carefully analyzed before a business continuity plan can be formed. It is also necessary to test the plan and check whether it’s working or not. Here are some proven methods to test your continuity plan’s efficiency.

Review the BCP

You have a business continuity plan ready with all the necessary information, contingency locations, personnel, contacts and service companies. The question is can you really pull it off? Have the plan reviewed regularly, or at least quarterly. Gather a team of individuals, heads of departments and managers to discuss the plan. Focus on the business continuity plan’s feasibility and pinpoint any areas where it might be strengthened.

Determine time and duration to test the plan

You should decide how often you test your business continuity plan, and for how long. Even if you have a solid plan in place, it’s still wise to review it again after a few months. Come up with a schedule for testing the plan and share it with employees. Testing time may take anywhere from one day to two weeks. However it can also take as little as three hours to determine the effectiveness of the plan by monitoring employees’ responses and decision-making abilities, based on the guidelines of the business continuity plan.

Outline objectives to employees

Most business continuity plans fail because they have never been properly relayed to employees. Emphasizing the plan’s importance to your business and demonstrating it to employees is crucial. You need to outline objectives for the business continuity test to your employees, informing them how you plan to measure its success and failure, so that they get a general idea of their roles and your expectations.

Create a scenario

Create a fake scenario that affects your business - whether it’s setting off fire alarms or announcing another disaster. Employees should act as though the scenario is genuine, and refer to their duties in the business continuity plan, going through it step by step. Monitor the time it takes to get everything under control, from contacting customers to checking business resources and temporary meeting locations.

Evaluation

After the business continuity plan is put to test, gather your employees to discuss the plan’s overall performance. Identify where it needs improvement and encourage the parts that worked best. Make changes to key persons and actions where necessary, to ensure that the continuity plan is working at its best.

Having a business continuity plan is good, but testing it regularly is equally important. Contact us today and see how we can help you cope with unexpected disasters.

Published with permission from TechAdvisory.org. Source.

February 13th, 2015

BC_164_BDisasters, whether man-made or natural, can happen to anyone. While most people will admit this, a lot of us still have the mindset of “it won’t happen to me.” However, according to one study, storms and extreme weather alone have personally affected one-third of small business owners. And that doesn’t include other disasters such as earthquakes, fires or theft. So if you don’t want your business disrupted in the event of a catastrophe, it’s time to prepare for the worst. Here are a few ideas to get started with a business continuity plan that will ensure you are ready.

The difference between disaster recovery and business continuity

While it’s easy to overlook the differences between a disaster recovery and business continuity plan, there are actually some key variations you should be aware of.

Disaster recovery is the restoration of business operations and IT infrastructure after a disaster has already occurred. Business continuity, on the other hand, is focused on maintaining business operations and profits throughout a disaster. While disaster recovery is mainly focused on the slice of time immediately following a disaster (how you replace your equipment and restore IT infrastructure asap), business continuity looks at the bigger picture - the continuity of the company as a whole. It ensures you can run your business and maintain profits during the process of recovering from a catastrophe. It generally includes a disaster recovery plan as part of it.

Creating your business continuity plan

The first step in creating your plan is to identify which of your IT assets are vulnerable to disaster. To do this, you need to ask yourself some important questions, starting with what might happen if you were to lose the functionality of a specific asset for a day, a week or even longer. Answering this question will help you identify your most critical IT assets; the ones that are integral to your business operations.

Here are some other important questions to ask when drafting your business continuity plan:

  • What is the purpose of my business continuity plan?
  • What disasters can affect my IT infrastructure?
  • What are my key business areas?
  • Which different business areas, assets and departments depend on each other?
  • What is the longest amount of time I can go without functionality of IT assets?
Once you can answer these, it’s time to start planning. Write down your thoughts, and then contact an IT provider like us for assistance. We’ve helped countless businesses just like yours prepare themselves in order to remain operational throughout catastrophes. We can also help you identify potential problems that you may not have thought of.

Need help creating your business continuity plan? Contact us today to see how we can help you stay running and turning profits when disaster hits.

Published with permission from TechAdvisory.org. Source.

December 30th, 2014

BCP_Dec23_BWith a Disaster Recovery Plan and Business Continuity Plan, businesses need to ensure that a proper data and system backup solution is in place. There are many different ways to implement a backup solution, with one of the most common being online or cloud-based backup. While these systems are popular, there is still confusion over what exactly it is.

What exactly is online backup?

In a wide sense, online backup is a backup system where your files, folders, and even systems, are backed up to an offsite storage server over your Internet connection. Tech experts also refer to this service as remote or cloud-based backup.

When you back up your files and systems to an online solution, your files are stored off site, usually in redundant data centers. This means that should something happen to your files you can access the system via another computer and restore your backups onto that computer, as long as you have an Internet connection.

For many companies, this is arguably the most efficient form of backup, not because of the backup method itself, but because of the fact that your backups are stored remotely The chance your data will be accessible if your business faces disaster increase, as data can be recovered quicker than most other systems.

How do online backups work

Like most other technical systems out there, there are numerous varieties of online backups. Some of the most effective are image-based, which take a snapshot of a computer or server at a specific time and then upload this to the remote backup servers. This snapshot contains the whole system as it is and can be easily recovered.

Other solutions can be automated to back up specific files and folders, and run through a Web-based interface that can execute a backup from almost anywhere. Beyond this, many systems can be managed by a company like us. We can implement a system that works best for your company and your data, and then manage it so that your data will always be available when you need it. Should something go wrong, we can even help you recover your systems.

4 Benefits of online backup

Companies that implement an online-based backup have been able to realize the following benefits:
  1. Decreased recovery time - Because your data is stored online, as long as you have an Internet connection you can begin recovery at the click of a button; there is no having to go find your backup, then figure out how to recover it. Most companies see a generally reduced backup recovery time when they implement an online system.
  2. Increased backup reliability - Over time, physical systems break and need to be replaced, and this can happen at any time. Because online systems are managed by other companies, whose main job is to ensure backups are always available, you see increased reliability with these systems.
  3. Decreased costs - Physical backup systems can be costly, especially if you have a large number of systems or a large amount of data to back up. Many online providers charge a flat monthly fee that often works out to be less costly than other solutions. Beyond this, you don't need to invest in physical backup solutions and the storage space to house and maintain these. As a result you should see lower costs.
  4. Increased data availability - As long as you have an Internet connection, your data will be available. This means you don't have to worry about your offsite physical data being okay, if you have a problem or disaster strikes on your premises. With online services data is available when you need it.
If you would like to learn more about online backup, contact us today and let us reveal just how dynamic and effective our solutions can be. Don't wait until you have to face a backup issue to back up your vital data!
Published with permission from TechAdvisory.org. Source.

November 25th, 2014

BCP_Nov24_BRegardless of your business's location and industry, there is always a chance that you may experience a disaster at any time. Be it man-made, or natural, any disaster, if not properly prepared for, could spell trouble for your company. That's why a Disaster Recovery Plan is essential. To help ensure that your plans can see you through the worst, here are five tips based on lessons learnt from businesses that have battled disaster.

1. Have a full copy of your data backed up outside of your operating region

Almost every company, regardless of size, has backup measures in place. These backups can be either physical or digital, and are supposed to be carried out on a regular basis. If a disaster strikes, having access to your data can help ensure that you can recover your systems and resume operations in the minimal amount of time.

While backups are great, if you keep your backups in the same area as your main systems, or even if your offsite backups are in the same region, there is a chance that a large disaster, like a flood, or power outage, could also affect these backups too. One of the best solutions is to keep a current backup offsite, and outside of your operating region, with most experts recommending at least 150 miles (250 km) away from your main business area.

How do you achieve this? The best option is to use cloud-backup. Many providers host their backup service at a number of different data centers in various locations, so that should a disaster strike both your business and a nearby data center, your data is still safe at other centers.

2. Realistically test your plan

It can be tempting to simply develop a plan and then test it in a closed environment once or twice a year, make some changes where necessary and then sit back and hope it works. In truth, for any plan to really be effective it needs to be tested in a realistic environment. If this is not carried out then there is a possibility that the plan could fail when activated.

Because disasters come in almost any form and size, you are going to want to first identify as many potential problems as possible. From here, test your recovery plans based on these scenarios and see how effective they are. Be sure to also involve your colleagues and employees, as they too will need to know what to do when disaster strikes and what their role in the recovery of data is.

A good way to look at these tests is to think of them more as practice runs. As with anything, the more your practice the easier and more effective it becomes. In this case, good practice could literally save your business.

3. Update your plan as you update your systems

When you develop a recovery plan, you need to base it on the systems and technology you currently have in your business. However, these systems and devices may not be in use six months, to a year from now, or you may introduce new systems and improvements.

As soon as you make any changes, your existing recovery plan could become obsolete. Therefore, you need to ensure that when you introduce new systems or technology you are also updating the recovery plan to cover and fit with these changes.

4. Create an accessible plan

Many experts agree that having a physical plan that employees can see and access during a disaster is one of the best ways of ensuring that it is actually implemented properly. Therefore, when you develop a Disaster Recovery Plan make sure that all of your employees can access it at any time. This includes during and immediately following a disaster.

Beyond this, you need to make sure that the plan is consistent. If you update the master plan, but fail to update the copies you store in say a public cloud, or at different worksites, this will lead to confusion and even an increased recovery time or complete recovery failure. When you do update your plan, let all parties involved know that it has been updated and remind them where they can find copies of the plan.

5. Don't be the only fully-trained disaster recovery expert in your company

As a business owner or manager it can be easy to try and run everything yourself. Afterall, it is your business and you know exactly how to look after everything, right?. The problem is that if you are the only fully-trained disaster recovery person you are making yourself the weakest link in the plan.
Published with permission from TechAdvisory.org. Source.

June 9th, 2014

businesscontinuity_June9_BHistorically the months of June, July, and August are when the vast majority of natural disasters strike. Regardless of your location, there is a chance that your business could be facing a real challenge if something bad happens. In order to limit the potential damage a disaster can create, it helps to be proactive and introduce a disaster strategy. One essential element that you might find useful is utilizing your mobile device, and looking at the benefit of disaster apps.

Both Android and Apple mobile devices offer a wide variety of apps that users rely on daily. Because of this, these devices have become an integral part of our lives and would no doubt be on hand if disaster struck. The upside to this is that there are apps that can help you and your employees whatever the disaster. Here are four of the best types of disaster related apps you and your colleagues should download in order to prepare.

Weather apps

It is always a good idea to know what the weather forecast is for your local area. This can help you predict what could happen and even prepare your business should say a big storm be rolling in. There are a wide variety of weather apps out there and it can be difficult to actually pick which is the best to use. We recommend:
  1. The NOAA Weather Radio - Available on iTunes for iPhone and iPad users, this app is the official app for the National Oceanic and Atmospheric Association. When installed, you can receive local weather forecasts based on your location and storm or severe weather warnings pushed directly to your device. The app can be found on iTunes and costs USD$3.99
  2. Weather Underground - This app is among the most powerful weather apps out there. Using a wide variety of weather stations and user submitted weather it is up to date and able to offer accurate forecasts. With a Weather Radio feature, and push notifications of weather alerts, you can easily track potential storms. There is also the WunderMap which has radar, reports and IR Sat views as well. The app is available for free on Google Play and iTunes, and is rumored to be coming soon for Windows Phone.
  3. Local weather apps - Many TV stations and weather organizations have localized weather apps that focus on just local conditions. If you live in a disaster prone area, it would be a good idea to see if your local TV station has a weather app, as this could be the quickest way to receive updates.

American Red Cross apps

The Red Cross has a number of excellent survival oriented apps that could really come in handy for when a disaster strikes. These apps provide tips on how to prepare yourself and your family, as well as buildings for disaster, and what to do during and after a disaster strikes.

The best part is that most of the information is available offline, so you will have access to it even if cell networks are down. Some of the apps even provide weather alerts that will sound even if the app isn't open, alerting you about any impending danger.

These apps are all available for free on Google Play and iTunes. The best thing to do is to visit the Red Cross website and look for the apps that are relevant to your local area e.g., if you are in the mountains the Forest Fire and First Aid apps may help. The apps are all free and can be downloaded by clicking the links for your device's app store on the Red Cross site.

Social media apps

Social media services could prove to be a good way to connect and communicate during a disaster. Try setting up a group for your employees to communicate and encourage them to use it when a disaster strikes to share information and enact plans. One of the biggest added advantages to using social networks is that the servers that host the service are located around the world, so the chances of the service being down is fairly slim. If you have Internet access, you will be able to access the service.

It would be a good idea to define which social network you want to use and establish your pages and connections ahead of time. Have each employee sign up for and join the group you have created and also download the app onto their mobile devices.

Google Public Alerts

Google Public Alerts is the company's alert platform that allows for the distribution of emergency messages and notices like evacuation notices, public alerts, and storm warnings. For users in the U.S., Australia, Canada, Colombia, Japan, Taiwan, and Indonesia alerts will appear in Google Searches, Maps and if you are an Android or iOS user, from Google Now.

Mobile users who have Google Now installed should see relevant alerts pop up when something happens. While you won't see alerts for absolutely everything, Google does a pretty good job at broadcasting useful information. On mobile devices, these alerts will usually pop up in your Notifications Center where they are easy to see.

To get these notifications on your Android device, you will need to download the Google Search app and activate it on your device. You can find it for free on the Google Play Store, and on iTunes. Android users can also download the Google Now Launcher which will add Google Now to your device's home screen, and can be accessed by swiping to the right from your Home Screen.

Tips for using your mobile during an emergency

Here are six tips to help you leverage your mobile device during a disaster.
  1. Install relevant apps - In order to be prepared, you should install the apps necessary to communicate during a disaster, along with a weather app and if necessary a survival app.
  2. Ensure your contacts are up to date - To be sure, you should periodically update your contacts. Should anything happen you will know how to contact people and have a higher chance of being able to get in touch.
  3. Ensure your employees have devices that work - Even if you don't allow mobile devices in the office, or employees to use their own devices, it would be a great idea to ensure that your employees have devices that are in working order so should they need to contact you, or vice versa, you will have a better chance of being able to.
  4. Establish procedures to follow during a disaster - This is arguably the most important preparation you can do. Take the time to establish procedures you and your employees should follow during an emergency. Include where people should meet, backup plans, contact suggestions and the roles you expect your employees to take.
  5. Keep your batteries topped up - Mobile devices rely on batteries to operate, and during a disaster you may be without a power source for an extended amount of time. Therefore, Minimize use during a disaster. Ensure your batteries are full, or charges as often and has high as possible.
  6. Invest in a good power bank - Power banks are useful tools that are essentially big batteries. You can charge them up then use them to charge your devices. Take a look for one that is at least 9000 MHZ, or higher. The higher the number the bigger the charge.
If you are looking to learn more about using mobile devices during a disaster, or how your company can prepare, contact us today. Learn about our services and how we can help.
Published with permission from TechAdvisory.org. Source.

May 14th, 2014

BCP_May13_BYour systems and data are undoubtedly an important part of your business and to protect these valuable assets you should be taking steps to ensure that your data is backed up in case of an emergency. Looking into backup solutions, it is easy to see that there are a number of different backup options that support various solutions. From tape to the cloud, it can be a challenge to figure out what you need.

Three common backup options

When it comes to backing up your systems, there are three common platforms that are used:
  • Tape
  • Disk
  • Cloud
Some businesses use all three, while others stick to using just one. While each of these options do the same thing - essentially backing up your data - there are differences between each platform.

Tape-based backup

Tape-based backup is the oldest forms of data backup available to businesses, and has been in use since the mid 1960s. Many older, or well established businesses, likely have used this method for a long time, so they may find it easier to stick with it, largely because no infrastructure upgrades are needed.

While this method may seem a little anachronistic, there are still manufacturers creating backup tapes - most notable Sony, who recently introduced a new tape system that can store up to 185TB (terabytes) of data on one tape. That's about equal to the storage capacity of around 11,800 16GB iPhone 5s.

The vast majority of businesses using this system do so as a secondary backup. They use another system to back up their data, and then back up this backup data onto physical tape which can then be moved off-site and stored in a safe location, should disaster strike.

The biggest drawback of tape stem from the fact that it is an older method and it takes longer to back up data compared to other systems. The tapes themselves are also more fragile and can be prone to failure, leading to corrupt data and unreadability. Finally, if you do need to recover from a tape backup, you are going to have to do so in a specific manner, which means it will take longer to recover your systems than other methods.

Disk-based backup

Disk-based backup solutions use a variety of disk storage units to hold backups of your data. The most popular forms of disk storage used are hard drives or optical disks. Because these systems use more modern storage methods, backup and recovery can generally be carried out far quicker than with tape systems, and can be more reliable, especially if you take care of your systems and the disks the backups are stored on.

The added benefit with these systems is that hard disks are constantly dropping in price and increasing in capacity, meaning you can fit more data on fewer devices. This helps keep costs manageable, and may result in reduced costs over time.

Because disk-based systems rely on hard drives or optical disks, there is always the chance that your backups can be lost, ruined or even stolen. Also, many companies choose to keep these physical backups on-site, so if there is a disaster this could result in the loss of these backups.

To get around this, many companies have duplicate systems. They back up to different devices which are kept off-site. This redundancy can help ensure that your data is available, but it can be expensive to purchase multiple backup solutions.

Cloud-based backup

Cloud, or online-based backup, utilizes off-site technology to host your backups. Most small business solutions work with providers who host the servers in their organization. The business then connects to the servers via a network connection in order to backup their data.

The biggest advantage of cloud systems is that they are generally more affordable. This is because you don't need to have the systems in your office, which means you don't need to pay for the data systems and the upkeep associated with them. Cloud systems are also less labor intensive because they can be managed by your IT partner.

Aside from being easier to manage, backup and recovery is usually quicker with the cloud because you can set up a solution that continually backs up. As long as you have an Internet connection, you will usually be able to restore your systems in a matter of hours.

While the cloud is becoming the most popular backup solution, there are some drawbacks. You need a faster bandwidth connection if you want to be able to back up while also working. This may require you to invest in better network infrastructure, which costs. The other issue some companies have is that because this is a new solution, they may not trust that the solution is secure. The vast majority of backup solutions available have been designed to be secure and have become a viable solution for many smaller businesses.

If you are looking to implement a backup solution in your business, contact us today to learn about what solutions we have to offer.

Published with permission from TechAdvisory.org. Source.

January 24th, 2013

The Boy Scouts are famous for their motto, 'Be Prepared'. And many live up to it. In an interview, Robert Baden-Powell, Founder of the Boy Scouts was once asked what they should be prepared for. His answer, "Anything". Companies should take this to heart, and always be prepared for every eventuality. One way this can be done is through Business Continuity - a plan or system that helps businesses get through disasters relatively unscathed. If you're looking to adopt a continuity plan, there's a few things you should prepare beforehand.

Here's four questions you should answer when looking into adopting a Business Continuity plan.

1. What systems need to be recovered first? A good idea is to request each department/role list their essential systems and rank them in the order they need them back online in order to do their jobs. From here, you can compare answers and rank them in priority. For example, If all roles say they need Internet connection back online first, you know that the Internet is the first system that needs to be recovered.

2. What do we need to assure customers of stability? For the majority of businesses, the customer is the lifeblood. However, most customers will only stick around for a limited amount of time before going to a competitor if your business can't meet their needs. To keep customers loyal during a time of disaster, you need to prove you are either stable, or working to get there. Some examples of this could be a backup site with basic functionality that can take the place of your main website if it goes down.

3. What do business partners require? Your business partners are just as important as your customers and are often the link between the two. With partners, you often have set requirements that you need to meet in order to continue order fulfillment and shipment. You need to be aware of what these are and the related systems. After all, how are you going to get your product to your customers?

4. Are there any contractual requirements with vendors? Businesses that work with suppliers or vendors often have contractual obligations such as payment due on a certain date, or a set product order volume to fulfill the contract. As with business partners, you need to be clear on what these obligations are, and how you meet them. For example, if you pay a supplier on the 10th of every month, most will expect payment on the 10th, regardless of if you are operational or not.

Once you have the answers you needed you can take a step back and try to come up with a timeline of how long continuity actions should take and what your priorities are. From here, you can draft an actual plan, or look for vendors that can work with your systems and provide a continuity plan or service that meets your needs.

If you are looking for a business continuity system for your business please give us a call, we may have a solution that fits with your business.

Published with permission from TechAdvisory.org. Source.

November 28th, 2012

Superstorm Sandy, the recent storm that pummeled the Eastern US, brought with it a lot of lessons for all affected. For those in the IT industry the most important lesson was that their disaster preparedness may not be as robust as they thought. Many businesses will react to this by wanting to be better prepared for major disasters. This is positive action but it is important to stress that there are also a million little issues that could pose a bigger threat to your organization. One of those is password management - who is in control of the important passwords.

Search for Terry Childs online and you'll find a number of articles about a former Network Administrator for the city of San Francisco who is currently in jail for supposedly doing his job. His job, as a network administrator, was to manage the city's network. When he was asked by his boss for the passwords to critical parts of the network, he refused on the grounds that the request went against the established network policy.

Issues like this: One employee or vendor in control of vital passwords, can pose a big problem to companies, especially during times of disaster. Imagine if you work with an administrator who is based in New York, and they lost power during Sandy. What could you do if your network crashed, or you needed access to your system and someone else has all the passwords?

The most crucial factor is you shouldn't trust one person or organization with passwords to vital systems. We don't mean personal passwords to systems, we mean passwords to vital systems, like servers or Internet connections. If one person has the passwords, there's just too much risk. If they are disgruntled, they have the power to do some serious damage, and if they are injured or are no longer alive, you'll face untold amounts in lost profit, and fees in recovering passwords and information.

There are a number of things you can do to mitigate problems like these.

  • Keep a password list - It could be a good idea to keep a physical list of the more important passwords. This is an important document, so it's a good idea to not leave this one lying around. If you have a safety deposit box or safe in the office you can put the list here.
  • Set passwords to the position, not the employee - Many companies will often give passwords to one person who will be in charge of these. When they advance, or if they switch roles, they will often take a password with them. Instead, look at organizing this a different way around: Assign a password to the position rather than an individual so that when they leave the person filling their role is given this password instead.
  • Assign a person to be in charge of passwords - This is a good idea, especially if you work with Managed Service Providers. A person of authority within your organization should be the main contact person, and they should have copies of all passwords given to outside companies.
  • Change passwords regularly - To avoid having employees steal things it's a good idea to change your passwords on a regular basis. If an employee leaves a position and is in charge of an important password, you should take steps to change this scenario even if you trust the person.
  • Create the right policy - If you are going to share passwords, or have a limited number of people who know them, it's a good idea to create a policy that clearly defines: what position has access to what; what happens when someone leaves; how to recover passwords; how many backups will be kept; how and when the password is to be shared. Basically you want to ensure you aren't caught flat footed. With employees, confidentiality agreements that explicitly state what they can and can't share and the consequences of breaching the policy should also be clearly defined and followed.
  • Pick who to trust - Important passwords shouldn't be shared with everyone, and you should take steps to vet the trustworthiness of the person or company you will be giving passwords to. If you have an established sharing process, and a vendor you're considering working with is pushing a policy that is different from yours, it may be a good idea to look for someone whose policies are closer to yours, or who can work around your policies.
If you are in the unfortunate position of not having the passwords to your system, it's a good idea to get in touch with IT professionals like us, as we are often able to recover systems and passwords, or at the very least, reset them. After you recover your systems, it's a good idea to test for vulnerabilities, especially if the last person in charge had a tendency to not share information. We can help with this and any other concerns with password management and recovery, so please contact us if you would like to learn more.
Published with permission from TechAdvisory.org. Source.