Tag Archives: downtime

New Year’s Resolution: Craft a Business Continuity Plan

New Year’s Resolution: Craft a Business Continuity PlanNew Year's Resolution

 

Another year of data collection, natural disasters and cyber attacks has come to a close. Although we can only guess at what mother nature has in store for us in 2018, one thing is guaranteed, security threats won’t abate and could get much worse in the new year. And lets not forget the leading causes of data loss in small businesses: human error and hardware failure. All these equate to one simple conclusion, it’s time to move data protection to the top of the to do list and 2018 is the year to ensure business continuity for your organization.

Downtime is a killer

With the importance and reliance on technology in day-to-day business, it is critical that every organization has a complete solution to deal with the threat of data loss and continuity of operations. If access to mission critical applications and data isn’t available within hours following a disaster or human error small to medium businesses can suffer severe repercussions. It’s 2018 – traditional and antiquated backup methods such as tape and disk are insufficient at protecting businesses from the crippling and costly effects of downtime.

A natural disaster, power surge, viruses, hardware failure, or even accidental deletion can wipe out years of data. Businesses cannot afford to lose time attempting to rebuild their lost, vital information. It is critical that the data is recoverable and spun up in a short period of time.

The 4 Business Continuity Planning Essentials eBook is your first bit of homework. This ebook, outlines four distinct but interconnected business continuity planning essentials:

  1. Crafting an employee safety and communication plan
  2. Craft a customer communications plan
  3. Enable IT Uptime
  4. Ensure Continuity of operations and avoid downtime

So what is the difference between Business Continuity and Data Backup?

Although overlapping, these terms represent uniquely different mindsets when it comes to data protection. Data backup answers the questions: is my data safe? Can I get it back in case of a failure? Business continuity, on the other hand, involves thinking about the business at a higher level, and asks: how quickly can I get my business operating again in case of system failure?

Successful backup is the foundation for disaster recovery and business continuity. But in case of failure, you have to get that data back and restore it quickly enough so your business doesn’t suffer. For example, if your server dies, you wouldn’t be able to quickly get back to work if you only had file-level backup. For you to start working again, your server would need to be replaced, all software re-installed, data re-installed and then the whole system would need to be configured with your settings and preferences. This process could take hours or even days—and in the meantime, your users can’t get their jobs done.

It is crucial for businesses to know exactly what to look for in a backup solution. This guide outlines the key criteria for SMBs to keep in mind when seeking out total data protection. And this video examines the key differentiators for various types of backup.

Let’s calculate your RTO & RPO

Many organizations do not have a comprehensive way to determine the actual costs of downtime for their business. Utilizing RTO & RPO are valuable in calculating downtime loss and gives SMBs a better understanding of the risks relating to business failure. Thinking about business in these terms puts your backup solution into perspective.

  • RTO (Recovery Time Objective): The duration of time within which a business must be restored after a disaster or disruption to avoid unacceptable consequences associated with a break in business continuity.
  • RPO (Recovery Point Objective): The maximum tolerable period of time in which data might be lost due to a disaster.

By calculating your desired RTO, you have determined the maximum time that you can be without your data before your business gets into serious trouble. Alternatively, by specifying the RPO, you know how often you need to perform backups, because you know how much data you can afford to lose without damaging your business. You may have an RTO of a day, and an RPO of an hour. Or your RTO might be measured in hours and your RPO in minutes. It’s all up to you and what your business requires.

Once you determine your RPO and RTO, it’s time to calculate how much downtime and lost data will actually cost you.

Answer the following questions:

  1. How many employees would be affected if critical data were unavailable?
  2. What is the average wage of the affected employee (per hour)?
  3. What is the per-hour overhead cost of the affected employees?
  4. How much revenue would be lost per hour as a result of the unavailability of data?

Add up the average per-hour wage, the per-hour overhead, and the per-hour revenue numbers and you have how much a data loss will cost you. Given that funding and budget constraints can be the top challenge (43 percent) for a business to implement a business continuity solution, calculating your RTO will give you the financial validation needed to justify its purchase and maintenance. The Datto Recovery Time Calculator is the tool you need to evaluate your Recovery Time and Recovery Point Objectives.

The final piece – Testing

Testing is a vital piece to making sure your backup is functioning properly, establishing true Business Continuity. It is the only way to reveal gaps in your plan and address them proactively.  It is also a great benefit to your employees.  If your team is well versed in the process and procedures things will run more smoothly.

  • Helps validate plan content and ensure that the identified strategies are capable of providing response and recovery results within the timeframes (or capabilities) approved by management.
  • Highlights weaknesses and areas for improvement, or where capabilities fail to align to business continuity and IT disaster recovery requirements.
  • Provides critical hands-on training to the personnel responsible for the response and recovery activities (which ensures an appropriate level of performance and develops confidence).

Testing your plan should also be conducted with an IT solutions company specializing in complete data solutions to maintain the integrity of your system and ensure compliance. The test is scheduled for a time that will avoid an interruption in your business productivity and will have no impact on your network. A virtual test provides the only reliable environment for predicting the impact of change and is an excellent way to test patches or perform upgrades.

Every business has to prepare for the worst. Those that don’t may never fully recover from a disaster. This is one New Year’s resolution you’ll be happy to keep. So grab your disaster recovery checklist and let’s welcome the new year with a rigorous business continuity plan! Ancero certified data protection solution specialists are ready to provide your free, no-obligation business continuity assessment. Ancero is a full service IT company and is proud to be a Datto Blue Partner data service provider. Data Protection could be your best investment in 2018!

Contact Us

Want to learn more about data security? Here are additional resources for you:

13 RansomWare Statistics That Will Make You Rethink Data Protection

CEO? Here’s Why You Care About Business Continuity And Disaster Recovery

HealthCare Company? Cure Your IT Ailments with Business Continuity

Law Firms: Don’t Take A Recess From Business Continuity

 

You’ll catch more phish with honey than vinegar

Managed SecurityYou’ll catch more phish with honey than vinegar

Businesses know that they have to combat the human error that results in cyberattacks to their network and potential loss of critical data. They value their employees but need to create an atmosphere of awareness. Savvy business owners and managers turn to training and education. But it can be challenging to train employees in best practices for data protection without a security background.

Studies prove you’ll get a higher retention rate and better participation when you train employees with “carrots, not sticks”. The Wall Street Journal examined this idea in the recent article ‘A Better Way to Teach Cybersecurity to Workers’: “The problem, security experts say, is that the usual security training is a big turnoff for employees. Most of the time, all it does is try to instill fear of clicking on suspicious links or using weak passwords. But research shows that approach doesn’t work.”

Keep your cyber awareness training from becoming a chore. Make it positive and incentivize employees for participation. Develop a security awareness training with built in reporting features so that the program tracks your employee’s progress. Giving you the perfect opportunity to reward them for successfully spotting a phishing trap!

What is the most common result of clicking on a link in a phishing email? Ransomware. The cyber epidemic that results in 57% critical data and/or hardware loss and up to 75% downtime for small to medium sized businesses (Datto State of the Channel Report). That’s too much to risk! Social engineering techniques exploit a very basic concept: it’s possible to trick people into doing the dirty work for thieves. Ransomware is the payload of choice for malicious email campaigns and in 2016 U.S. companies experienced the greatest number of ransomware attacks, over 500 million due to the Locky ransomware.

So how do you reduce the 30% phishing email open rate? Education, Engagement and Encouragement.

A training and awareness program that encourages good cyber hygiene can make a big difference between recognizing a phishing email or becoming a victim. When employees fully understand the issue – and the risks – they’re in a position to serve as the barrier of protection, essentially the “human firewall”. A security awareness program should combine a 3 step approach:

• Training – Employee email security training on a computer based training module

• Evaluation – Periodic testing through the use of simulated phishing that puts their training to the test

• Insight – In depth quarterly reporting reveals campaign statistics, vulnerabilities and employee activity

If organizations aren’t monitoring internal emails, they risk potential downtime, data & financial loss. Combat attacks by utilizing education with cutting-edge training methods to reduce human error. And with the detailed reporting features you can track the employees who successfully detect the phishing emails and reward them with recognition and prizes. Something as simple as an Amazon gift cards goes a long way to fostering good cyber awareness. A positive-reinforcement campaign will result in greater security, peace of mind and enthused team members!

Where do you start? Our specialists for data security in NJ can help you implement a security awareness training program, give us a call at 856-210-5800 or email at info@104.219.251.195.