Blog

January 24th, 2013

The Boy Scouts are famous for their motto, 'Be Prepared'. And many live up to it. In an interview, Robert Baden-Powell, Founder of the Boy Scouts was once asked what they should be prepared for. His answer, "Anything". Companies should take this to heart, and always be prepared for every eventuality. One way this can be done is through Business Continuity - a plan or system that helps businesses get through disasters relatively unscathed. If you're looking to adopt a continuity plan, there's a few things you should prepare beforehand.

Here's four questions you should answer when looking into adopting a Business Continuity plan.

1. What systems need to be recovered first? A good idea is to request each department/role list their essential systems and rank them in the order they need them back online in order to do their jobs. From here, you can compare answers and rank them in priority. For example, If all roles say they need Internet connection back online first, you know that the Internet is the first system that needs to be recovered.

2. What do we need to assure customers of stability? For the majority of businesses, the customer is the lifeblood. However, most customers will only stick around for a limited amount of time before going to a competitor if your business can't meet their needs. To keep customers loyal during a time of disaster, you need to prove you are either stable, or working to get there. Some examples of this could be a backup site with basic functionality that can take the place of your main website if it goes down.

3. What do business partners require? Your business partners are just as important as your customers and are often the link between the two. With partners, you often have set requirements that you need to meet in order to continue order fulfillment and shipment. You need to be aware of what these are and the related systems. After all, how are you going to get your product to your customers?

4. Are there any contractual requirements with vendors? Businesses that work with suppliers or vendors often have contractual obligations such as payment due on a certain date, or a set product order volume to fulfill the contract. As with business partners, you need to be clear on what these obligations are, and how you meet them. For example, if you pay a supplier on the 10th of every month, most will expect payment on the 10th, regardless of if you are operational or not.

Once you have the answers you needed you can take a step back and try to come up with a timeline of how long continuity actions should take and what your priorities are. From here, you can draft an actual plan, or look for vendors that can work with your systems and provide a continuity plan or service that meets your needs.

If you are looking for a business continuity system for your business please give us a call, we may have a solution that fits with your business.

Published with permission from TechAdvisory.org. Source.

November 28th, 2012

Superstorm Sandy, the recent storm that pummeled the Eastern US, brought with it a lot of lessons for all affected. For those in the IT industry the most important lesson was that their disaster preparedness may not be as robust as they thought. Many businesses will react to this by wanting to be better prepared for major disasters. This is positive action but it is important to stress that there are also a million little issues that could pose a bigger threat to your organization. One of those is password management - who is in control of the important passwords.

Search for Terry Childs online and you'll find a number of articles about a former Network Administrator for the city of San Francisco who is currently in jail for supposedly doing his job. His job, as a network administrator, was to manage the city's network. When he was asked by his boss for the passwords to critical parts of the network, he refused on the grounds that the request went against the established network policy.

Issues like this: One employee or vendor in control of vital passwords, can pose a big problem to companies, especially during times of disaster. Imagine if you work with an administrator who is based in New York, and they lost power during Sandy. What could you do if your network crashed, or you needed access to your system and someone else has all the passwords?

The most crucial factor is you shouldn't trust one person or organization with passwords to vital systems. We don't mean personal passwords to systems, we mean passwords to vital systems, like servers or Internet connections. If one person has the passwords, there's just too much risk. If they are disgruntled, they have the power to do some serious damage, and if they are injured or are no longer alive, you'll face untold amounts in lost profit, and fees in recovering passwords and information.

There are a number of things you can do to mitigate problems like these.

  • Keep a password list - It could be a good idea to keep a physical list of the more important passwords. This is an important document, so it's a good idea to not leave this one lying around. If you have a safety deposit box or safe in the office you can put the list here.
  • Set passwords to the position, not the employee - Many companies will often give passwords to one person who will be in charge of these. When they advance, or if they switch roles, they will often take a password with them. Instead, look at organizing this a different way around: Assign a password to the position rather than an individual so that when they leave the person filling their role is given this password instead.
  • Assign a person to be in charge of passwords - This is a good idea, especially if you work with Managed Service Providers. A person of authority within your organization should be the main contact person, and they should have copies of all passwords given to outside companies.
  • Change passwords regularly - To avoid having employees steal things it's a good idea to change your passwords on a regular basis. If an employee leaves a position and is in charge of an important password, you should take steps to change this scenario even if you trust the person.
  • Create the right policy - If you are going to share passwords, or have a limited number of people who know them, it's a good idea to create a policy that clearly defines: what position has access to what; what happens when someone leaves; how to recover passwords; how many backups will be kept; how and when the password is to be shared. Basically you want to ensure you aren't caught flat footed. With employees, confidentiality agreements that explicitly state what they can and can't share and the consequences of breaching the policy should also be clearly defined and followed.
  • Pick who to trust - Important passwords shouldn't be shared with everyone, and you should take steps to vet the trustworthiness of the person or company you will be giving passwords to. If you have an established sharing process, and a vendor you're considering working with is pushing a policy that is different from yours, it may be a good idea to look for someone whose policies are closer to yours, or who can work around your policies.
If you are in the unfortunate position of not having the passwords to your system, it's a good idea to get in touch with IT professionals like us, as we are often able to recover systems and passwords, or at the very least, reset them. After you recover your systems, it's a good idea to test for vulnerabilities, especially if the last person in charge had a tendency to not share information. We can help with this and any other concerns with password management and recovery, so please contact us if you would like to learn more.
Published with permission from TechAdvisory.org. Source.

September 27th, 2012

Survival is an instinct nearly every creature has hardwired into them. You can argue that many managers or business owners feel this instinct twofold, as they fight to physically survive as well as for their business to survive. Because of this, Disaster Recovery (DR) - the act of ensuring your systems can be recovered after a disaster - has become an integral part of the survival of a business.

Here are four ways to ensure your DR plan is sufficient and company is disaster-ready.

Are your systems compliant? Many DR systems are licensed, and it’s important to ensure that these licences are both up-to-date and supported by all necessary backup systems. If you’ve added or changed components like a server or software, but not upgraded the relevant licenses, chances are your systems won’t be covered when disaster strikes. If this is the case, when you go to retrieve the backup, you’ll just get a license error; your data can’t be retrieved.

Another issue with DR software is that it’s often not used, lying dormant for years. You should regularly check and ensure the software meets modern compliance standards, is up-to-date and licenses have not expired. You should also be aware of how the software you use integrates and interacts with the DR software. For example, an upgrade to a new email server, may not communicate well with your DR software.

What’s the status of your backup server? As most DR plans usually involve a separate server from day-to-day servers, it’s important to ensure that they are functioning properly, usually by having the vendor test them. It’s also equally important to communicate with the vendors or manufacturers of the servers to ensure that the correct software/hardware licenses are in place and cover the function. If they aren’t, you could risk legal action or being fined.

Test regularly Regular tests are an integral part of a properly functioning DR plan. You need to conduct tests on at least a yearly basis to ensure all systems involved in the DR plan function well. From these tests, observe any function that performed poorly, or not at all, and take steps to fix or replace it.

Work with a knowledgeable partner DR plans and systems can be a complicated, almost messy aspect of business. While this may be, DR is crucial to the survival of a business after a disaster, and shouldn’t be treated lightly. To get it right liaise with DR experts to create and maintain a plan that meets your needs.

If you would like help with either implementing or improving your DR plan, please contact us, we may have a solution for you.

Published with permission from TechAdvisory.org. Source.

August 31st, 2012

The Internet is a magical thing; a gateway or connection to the rest of the world. Currently, the Internet is quick enough to do nearly anything without delay, and as such, companies have come to expect Internet connections to always be fast. The truth is, connection speed varies widely, and this can create problems for many companies.

Have you noticed that from time to time the Internet is a lot slower than it should be? If so, this could be because something is hogging all the bandwidth, which is the rate at which data is transferred in and out of one connection. Here are six of the most common bandwidth hogs.

  1. YouTube. If you allow employees to watch YouTube or connect to other streaming services, and they are using it frequently, you’ll notice a significant decrease in overall Internet speed. Some companies have noted that 40 staff using YouTube will account for over half of the total bandwidth usage.
  2. FTP sites. Some companies run FTP sites that host essential files that employees can download. When more employees are downloading/uploading files to the FTP site there’s less bandwidth available for other operations, so the Internet will be slower.
  3. P2P. P2P covers a large number of aspects including video conferencing and sharing of files via programs such as BitTorrent. All P2P services use an incredibly large amount of bandwidth when in operation, slowing the Internet to a point where speeds from 10 years ago were faster.
  4. Online backup. Backing up essential files will capitalize bandwidth leaving very little for other operations. It’s a good idea to conduct backups after office hours to minimize interruptions.
  5. Encryption. In certain industries regulatory bodies require a certain level of encryption, or for companies to take certain steps to secure data. Any extra encryption or security features will slow sites down, however this usually cannot be avoided.
  6. Spam/Virus/Malware. As many scams aim at stealing information the main way this is done is by sending the information over an Internet connection, that is your Internet connection. If you have viruses or other security threats you can guarantee that your Internet will be slower.
If you notice your Internet is slowing down at certain times, it’s a good idea to check and see if any of these six bandwidth hogs are in action. You can:
  • conduct a virus scan to look for malware;
  • ensure your computers aren’t backing up and if they are schedule the backup for later;
  • turn off or block any and all sharing services, and schedule video conferencing for times when bandwidth isn’t needed by other functions; and,
  • limit the bandwidth assigned to YouTube and other streaming services.
Before you tinker with any network connections though, it’s best to contact an expert . We may not just be able to help, but potentially provide an even better solution for you, speeding up your connection and your business success.
Published with permission from TechAdvisory.org. Source.

July 25th, 2012

It seems that natural disasters are happening at a higher frequency than ever before. This could be because of climate change or the fact that news can travel around the world in seconds, or any other number of reasons. Business continuity - ensuring your business can stay operational during adverse times - should be an important part of your business. Many owners recognize this and take steps to backup their data. This is a good start, but it isn’t enough.

Here are five things you should be doing, aside from backing up your data, to ensure you're ready for anything.

  • Where to work. One of the first things you should consider is where you're going to work if your office is inaccessible. Hotels, convention centers or other office buildings are viable locations. Whichever location you pick, you should pick at least two different places, as far apart as possible. You should also be sure to inform your staff and include maps of the routes to the locations you’ve chosen.
  • Replacement equipment. It’s incredibly important that you know exactly what equipment you use and how integral it is to operations. For mission critical equipment (equipment your company absolutely can’t work without) you need to have a plan in place as to how you can quickly replace lost equipment, the cost of it and replacement time. For less important equipment, you should have a couple of vendors in mind.
  • Communication systems. During adverse business conditions it’s vitally important that you and your employees are able to communicate both with one another and with your clients. You should look into a communication system that’s flexible, can be established wherever you are and allows you to keep your numbers. VoIP is a great system, telecommuting is another option as well.
  • Coordinate staff. You’re staff drive your business, without them, your business likely won’t be able to run. With the continuity plan you develop, it’s important that you have hard and soft copies of the plan that are accessible to all staff, and staff know their role in the plan. When your plan is enacted you need to contact your staff and ensure that there aren’t any problems.
  • Access to critical documents. If you have a good backup location, can set up equipment quickly and staff know their roles you may think your plan is perfect. You’re missing one key element: access to documents, employees won’t be able to work without them. It’s important to ensure that you can access your data backups, which means you should probably keep copies offsite and in the cloud if possible.
A continuity plan is important, hopefully you’ll never have to enact it. Nevertheless, you should plan for the worse. If you’re unsure of where to start, or feel your current plan is inadequate, please contact us.
Published with permission from TechAdvisory.org. Source.

June 27th, 2012

Disasters happen on a daily basis. Sometimes they’re big, wiping out communities, other times they’re small, affecting one online machine or computer. No matter the size of disaster, it pays for businesses, especially small businesses, to prepare for the worst. The only problem is, many small businesses don’t prepare and pay the price.

When a disaster strikes, 25% or more of small businesses affected will fail. Why do they fail? It’s not because of defects in the physical location, it’s mainly because they didn’t take the necessary steps to ensure that their business’s technology and related data is protected.

Because the modern business relies so heavily on technology, it’s essential that businesses have a business continuity plan (BCP) to minimize the loss of vital data, or in many cases, not lose any data at all. This is an important asset that will, one day, minimize losses felt due to any type of disaster. Small business owners know this, but many don’t know where to start. If you’re one of these owners, here are six tips on how you can prepare.

  1. Establish a backup regime. Data backup is one of the most important things you can do, be sure to regularly backup your corporate files, servers and user data files. A truly prepared company will have backups in a number of locations that can be easily accessed.
  2. Ensure solid communication platforms. One of the first things people do in a disaster is try to communicate with each other to ensure everything is ok. You can guarantee that some customers and employees will be calling to check in, so you need to have communication lines that work.
  3. Train employees. A BCP plan is useless if your employees don’t know their role in the implementation of the plan. It’s important that you train your employees on their roles, and that you communicate with them your expectations.
  4. Contingency plans. Like storing your data backups, you should set up contingency plans with the involved parties in your business. You should know where to go to do your banking, what your vendors’ or suppliers’ plans are and how they affect you, and most importantly: you should have a few locations where you can set up your business if the physical property is damaged.
  5. Review and practice all plans. Everything changes at one time or another, maybe an employee leaves or you adopt a new computer system. This makes it important to periodically practice your plans, review what worked and what didn’t, and update accordingly.
  6. Work with an expert. Planning for disaster is a tough thing to do well, considering all the elements to focus on and work with. To ensure a viable plan for your business, working with a recovery expert can help ensure that you get a plan that works for you while taking the stress off.
If you’re worried about your business’s disaster preparedness, please contact us. We can work with you to develop a solution, or provide you with the information and contacts to set you on the right path.
Published with permission from TechAdvisory.org. Source.

May 31st, 2012

With the increasing amount of serious disasters striking around the globe, businesses are taking steps to ensure that they can keep operating during an emergency and that their data is protected. Striving to protect your data by backing it up is a good business practice, and can help ensure your company will remain open and operational during adverse times.

Here are the three main types of backup you can utilize in your company.

1. On-site backup. On-site storage is the practice of keeping a backup of your data in the same location that the original data is stored. If you have an external hard drive that you back your computer onto and it stays in the office, this is a form of on site storage. The main advantage to this is that if you need to restore a system, the data is right there and the backup can be started immediately. The main disadvantage is that if there’s a disaster, your backup data will most likely be gone.

2. Off-site backup. Off-site storage is similar to on-site storage, typically using the same form of hard drive to backup your data. The main difference is that drives are stored in a remote location, away from your business. The upside to this method is that if something happens at your physical location, your data is safe. The downside to this is that it takes time to travel to the storage location, retrieve the data, backup your system and take it back.

3. Online backup. Online backup utilizes the Internet to allow you to backup your data. The backups are kept on hosted servers (the cloud) and can be accessed through an application. The main pro of this method is that you can quickly and easily recover your data from any location, as long as you have access to the Internet. The downside is that if you have a lot of data, backups will use a lot of bandwidth, thus slowing your Internet speed down.

Regardless of the method, you should be backing up your business data at regular intervals. The best solution is to backup your data using all three methods. Use on-site for short term data storage (less than 1 week), off-site for monthly, and online as your main backup. That way, if one goes down, you have it covered. If you’d like to start backing up your data, or would like to know more about the different methods, please contact us.

Published with permission from TechAdvisory.org. Source.

May 16th, 2012

If the past 10 years has taught us anything, it’s that many managers are woefully underprepared for disasters of any kind. We’re resilient though, and will always find a way to survive. One of the keys to a business’s survival during times of hardship is the Business Continuity Plan (BCP). A vast majority of organizations have one and believe it to be effective, but is it?

Here are six key non-IT functions and processes that need to be in place to ensure your company is ready to effectively execute your BCP.

Easy to use plans Many continuity plans have been developed mainly for the IT department, as such, they can be a little complicated to understand and follow if employees don’t have a technical background. You should aim to have a plan that’s easy to follow and can be understood by all employees.

Communicate plans Remember that your plan encompasses all facets of your organization. It’s crucial that every employee knows their role and the relevant actions to take when the plan is executed. To do this, you need to ensure that all employees have access to a copy of the plan and any changes or updates are clearly communicated.

Test plans Beyond communication, it’s important to conduct regular tests, with every quarter being sufficient. The tests should be as real as possible and span all departments within the organization. This will ensure that employees are aware of how they, and the systems, will react under duress. It’ll be beneficial to your business if the first time the employees execute the plan isn’t during an emergency.

Short term and long term plans Your BCP should consist of both long term and short term elements that can be easily adapted to meet changing business environments and the emergence of new threats. You should aim for an even mix of short and long term solutions that cover as wide a variety of situations as possible.

Ensure buy-in from all levels If you’re in the process of instituting a BCP you should ensure that the whole organization is onboard with the plan. If an employee is unsure about the validity of a part of the plan, take the time to find out why and ask for suggestions. An uninformed or uncooperative employee could be the difference between survival and failure in a disaster situation.

Update and Review After every test, staff turnover and technological update, you should review the plans and make changes if necessary. Essentially, if anything in the company changes, review and update the plan. Remember: just because you have an effective plan this month, doesn’t mean it’ll be so in the future.

Continuity plans are only as strong as the weakest link. In an emergency, the last thing you want is an employee following the wrong process or be unsure of what they should be doing. If this happens, you could see an exponential growth in recovery time and costs. We’re ready to tell you more, so please contact us if you would like to talk continuity planning.

Published with permission from TechAdvisory.org. Source.

April 12th, 2012

Business continuity planning - an important consideration companies have been looking into, and adopting in increasing numbers. It’s vital that businesses can operate in any condition and that they won’t be affected by disasters. One of the steps in implementing a successful protection strategy involves working out whether to use software or templates.

The decision between templates and software can be a tough one to make, as whichever one you choose, you’ll be using and relying on for a long time. To help you we’ve covered some pros and cons on both choices:

Using Software If you choose to go with a software program, you will be walked through the whole process allowing you to develop a useable plan. Another benefit of using software is that you’ll be able to develop reports if needs be.

The drawbacks of using software include cost, inflexibility and learning time. For the most part, business continuity planning software is not cheap, and at times can be inflexible due to limits within the program. If you have a niche need, the software may not cover it. In addition, as with mastering any program, the learning curve can be quite steep.

In general, using software would be advantageous for companies that have a bigger budget for the development of a continuity plan. Software is also a good bet if you don’t have staff who are experts in continuity planning, or if you operate in an industry where a continuity plan is necessary, e.g., companies working with healthcare insurance, or manufacturing companies that have introduced ISO 9000.

Using Templates If you feel that your company is not ready for software you can use templates to help you develop your plan. These solutions are mostly written plans that you adapt to meet your business needs. They’re useful if you’re just starting to do continuity planning, as they provide a normally solid foundation, and are generally a lot cheaper than software.

A limitation to using templates is that they can be a little too basic at times, and may not meet your needs. Granted, most plans will follow a basic structure and your developer will need to adapt some steps for your relevant region and industry.

As each industry is different, it’s hard to make a recommendation on what type of planning style companies should take. We recommend you take your time, do your due diligence and weigh out what’s best for your business. No matter which method you choose to go ahead with, ensure that it’s easy to implement, and that you’ll be able to teach your staff how to run the plan.

If you feel really lost or are not sure what to do, talking to professional consultants could go a long way in helping you develop a plan. If you’d like to learn more about business continuity planning please contact us - we are happy to help.

Published with permission from TechAdvisory.org. Source.

March 10th, 2012

In the past few years there have been a large number of natural disasters causing untold amounts of damage, setting many companies back years if not decades. There isn’t much we can do to avoid these disasters, but we can be prepared for them. Is your company prepared?

Most companies have at least basic protection from emergencies and disasters in place. The most common forms of protection are insurance, server and computer backup, and basic preparations as required by law. While these protective measures are considered adequate for most companies, there is still a chance a disaster will strike, leaving your company in the lurch.

In the recent months and years an increasing number of occurrences, such as the earthquake in Japan and flooding in Thailand, have caused widespread disruption to businesses. To counter this, two business initiatives have risen to the forefront: Disaster Recovery (DR) and Business Continuity Planning (BCP). In fact, these two terms have become common buzzwords, a quick internet search returns over 53 million hits on business continuity alone. The problem is that many professionals are unclear on what each really is. It’s important to be clear on each topic and the basic steps to take to be prepared for any disaster.

What is a Business Continuity Plan (BCP)? BCP, first seen during the Y2K scare of the late 90s, is a plan that covers the way an organization prepares for and maintains all critical business functions. BC planning is comprised of activities that ensure maintenance, stability, and recoverability of service before, during, and after a disaster. The plan is typically set up on a day-to-day basis, and covers the whole organization.

It’s important to have a BCP for your organization because if something happens and you can’t deliver to your customers, they will go to another company.

What is Disaster Recovery? Disaster Recovery is considered a part of the overall continuity plan that focuses on the technical side of the business, including components such as data backup and recovery. Think of BCP as an umbrella and DR is under the umbrella — if you don’t have a disaster recovery plan, the overall umbrella is more or less useless.

What Should be in Your DR and BCP Plans? These plans both share a number of similarities, generally following the same steps involving the same elements. Both plans should include:

  1. An operational plan for a number of disasters that could happen in your geographical area. The plans should cover occurrences as small as computer hardware errors and as large as massive natural disasters.
  2. A succession plan for you or your top management.
  3. Training for substitute employees on important tasks.
  4. Cross training of your employees on the basics of different roles so they will be able to take over if need be.
  5. A communication plan focused on different crises, including ways of communicating if networks are down.
  6. Off-site meeting places for staff and managers.
  7. A focus on safety. Foster partnerships and communication with local and emergency response services: Fire, Police, National Guard, Search and Rescue. Ideally, all employees should at least know basic first aid. If you have employees who are volunteer members of local Emergency Response Services, ask them to be responsible for teams.
  8. Daily plans to backup your Enterprise systems, along with training and testing of recovery of systems.
  9. Training and testing of all employees to practice recovery activities in situations as realistic as possible.
It’s important that you conduct regular tests of your systems and processes, and make changes as needed. Be aware that your business is always changing and so should your Business Continuity and Disaster Recover Plans.

With a carefully prepared and practiced plan, your business should be ready to face a variety of disasters with minimal downtime. If you would like to know more about Business Continuity and Disaster Recovery please contact us.

Published with permission from TechAdvisory.org. Source.