There are a few things that cause you to have that ‘sinking feeling’ in life. We will be talking about one of them today - being hacked and what to do if it happens to you.
Switching on the TV or looking at social media news, constantly reminds us of the heightened level of cyber-attacks. In 2017-2018, 76 percent of businesses were victims of a phishing attack1. And, over 92% of malware infections were delivered via email2.
Small to midsize businesses are simply not immune to cyber-attacks. We find ourselves in a situation of not if, but when, our company is hacked. In this article, we will explore what being hacked can look like and how to fix it.
There are many ways that computer hacking happens. They include ransomware, which encrypts files then asks for payment to decrypt them to ‘bots’ which take over a computer and turns it into a slave to do the bot’s bidding.
If you become infected by any of the malware out there you often experience tell-tale signs:
Even if you don’t have any tell-tale signs you could still be infected. Malware variants are continuously changing and often are specifically designed to work in a stealth-like manner. This works well for the cybercriminal as it means the malware is less likely to be found and eradicated.
If you are hacked, you need to contain the infection and remediate the incident. Hacks can be caused by many different routes. But once the hack has occurred there are several things you can do to contain the problem:
Disconnect and isolate: Many infections begin in one location and then move across a network to cause widespread infection. Ransomware, for example, can infect across a network and out into Cloud repositories, encrypting files as it goes.
Make sure your machine is disconnected from the rest of your network. This means unplugging the network cable and switching off your Wi-Fi connection. Take care to do this manually as some malware will trick you into thinking the computer is disconnected when it isn’t.
Decontaminate: Removing a malware infection can be tricky. Full decontamination is a process. One thorough way to eradicate an infection is to first remove the infected hard drive. Next, connect it as a non-bootable drive to another uninfected computer. Then, run an up to date anti-virus/anti-malware package from the host PC, to scan and quarantine any malware files on the drive. Now, remove any important files and documents from the hard drive before finally wiping the drive using a secure disk erase utility. You will then have to reinstall the operating system.
Change passwords: Malware infections can be used to log keyboard strokes, collecting passwords as they are used. Change any account passwords that may have been accessed via the infected computer.
Alert others: Make sure colleagues and your IT department know about the breach so they can check for any further breaches. Your company may also have to make a breach notification to relevant authorities as is required by some data protection regulations.
Reduce the risk of it happening again: Using a professionally managed cybersecurity service company reduces the chances of your organization being hacked in the first place. Even if you do end up being hacked, a managed services company can help to professionally and efficiently contain an infection or a breach. For example, if the hack involved ransomware infection, files and documents would likely be encrypted and lost. An outsourced managed services company would be able to swiftly deal with the infection, remove it, and possibly recover any deleted files (some ransomware will make copies of files, encrypt the copy, and delete the original).
In addition, if you do choose to outsource cybersecurity, the managed service company will put a secure backup system in place before an infection happens. In which case, you will be able to fully recover files to replace those encrypted.
In terms of health, “prevention is better than cure”, someone once said. The same is true of our cybersecurity health. Preventing a cybersecurity incident means you don’t have to deal with the aftermath. Remediation of a data breach and a hacked network, takes time; IBM finding that the average time to spot a breach being 197 days3 and then to contain it, a further 69 days. In that time, you have lost money, reputation, and suffered other intangible damages.
With cybercrime at an all-time high, we have to use proven methods to help us fight back. Managed Cybersecurity Services gives us the tools to reduce the likelihood we will suffer a cyber-attack, but it goes further. Having a completely hardened, 100% secure system is never possible; cybercriminals continuously change their tactics. Having an experienced team like those offered by DynaSis managed cybersecurity services on call, means you are covered, no matter what level of cyber-incident has happened. DynaSis will always have your back. DynaSis: The Right Choice for Your IT Support
Netflix, UPS, Facebook, your bank, and your power company are all companies that you receive emails from regularly. These are the companies that cyber attackers will use to send their phishing emails from to capture your personal information or to install malware on your device. These brands are sophisticated and believable. People click on these emails without thinking twice. Our job at DynaSis, a managed IT service company in Atlanta, is to educate our users on signs to look for that indicate the email is a phishing scam.
There are some proactive things you can look for to protect yourself from these attacks, and by working with DynaSis for IT support, we have the systems and tools available to help keep these emails out of your inbox.
So, what do you do if you find yourself as part of a successful phishing email scam? Here are a few self-recovery steps to take to after clicking on a phishing email.
The best way to avoid a phishing attack is to be aware of what to look for. Learn more about How to Prevent Scams, Phishing and Mis-Sent Emails. DynaSis, a managed IT services company in Atlanta, has the products and tools to help keep you and your staff educated on cyber threats and how to be prepared. Fill out our form today or call 770.629.9615 to learn more about how DynaSis can help keep your company safe.
DynaSis: The Right Choice for Your IT Support
When you open your email inbox in the morning you no doubt experience a tidal wave of emails. You are not alone. Radicati1 looked at the world of emails and found that by the end of 2019 there will be 2.9 billion email users in the world. They also found that email use is only getting stronger every year. By the end of 2019, there will be 246 billion emails sent and received every day.
Email is an amazing way to communicate. Even with the advent of messaging tools and mobile messaging apps, email is still a major tool of business. But is this trust also its downfall?
In this article, we will look at three ways that email trust can and is broken, and how personal vigilance and the use of managed IT support can help you to fix it.
One of the most worrying scams of recent years is the Business Email Compromise (BEC) scam.
BEC scams are big business for cybercriminals. The FBI released a report on BEC scams2 showing losses of over $12 billion. And it is only getting worse, with BEC scam rates up by 136% since 2016.
BEC scams are all about tricking companies into releasing money. The cybercriminal behind the scam uses a number of techniques to achieve this. An example is the case of Walter Stephan3, the CEO of Austrian company FACC Operations GmbH. This BEC attack started with surveillance of Mr. Stephan. The thief was able to then send an email to the finance department that looked like it was from the CEO. This email contained an urgent message to transfer money to a new project (the recipient bank account being controlled by the scammer). In the end, FACC Operations lost around $47 million to the fraudsters.
BEC scams rely on surveillance of key members of staff and tricking other staff members by masquerading as a key employee. The scam may or may not involve email account takeovers. It also may or may not, involve phishing emails, so let’s look at phishing.
Phishing is all about stealing information such as personal data and/or login credentials, e.g. username and password. According to Wombat Security, 76 percent of businesses were victims of a phishing attack4 in 2017.
Phishing takes a number of forms:
Email phishing: An email which looks like it is from a legitimate company but is, in fact, a spoof. The email will either have a link to click on or contain an attachment that is infected with malware. The link will, typically, take you to a website, which looks like a real brand. It will ask you to enter personal data or login credentials. If you do, they will be passed immediately to the cybercriminal behind the phish. Links sometimes go to an infected website which will infect your computer with malware. Email attachments in phishing emails are infected with malware. If you open the attachment it installs malware on your machine.
Spear Phishing: This is a targeted form of email phishing. Many major data breaches have started with a spear phishing email, targeted at a system administrator. The cybercriminal stealing login credentials to privileged areas of a company's IT network.
SMiShing: Text messages and mobile app messages are being increasingly used as phishing conduits. Kaspersky5 saw a 300% increase in SMiShing (the text equivalent of email phishing) in 2017.
Vishing: This is a voice form of phishing. The phisher will call, pretending to be from a well-known organization such as a government tax office or bank. They will then attempt to extract personal information from you.
Data breaches aren’t just about cybercriminals stealing credentials and using them to access databases. Data leaks and accidental disclosure is a major issue for companies too. Data compiled by Gemalto shows that in 2017, 1.9 billion data records were accidentally leaked. Mis-sent emails are one area where sensitive information and personal data can be exposed. An example was seen during the 2014, G20 Summit. The Australian immigration department accidentally sent an email6 to the wrong person, revealing personal details of world leaders like Obama and Merkel. Sending sensitive or personal data to the wrong person can cause financial losses, reputation damage, and non-adherence with regulations.
Preventing complex human-centered email threats, like mis-sent emails, requires a layered approach to security. DynaSis managed IT services in Atlanta can look at your normal working patterns and apply the right tools and training to ensure email is not your weakest link.
DynaSis: The Right Choice for Your IT Support
In 2016, a business was attacked by ransomware every 40 seconds. In 2017, we saw a massive global ransomware attack, known as WannaCry, hit businesses of all sizes and across all sectors. Attacks of ransomware also rose by 350% in the same year, according to Dimension Data. And, Kaspersky said that a single ransomware attack can cost a small to midsize business up to $99,000.
Ransomware is a sinister and costly form of malware that has taken the cybersecurity world and our businesses by storm. Using managed cybersecurity services can help prevent ransomware infection or can help manage a ransomware incident if the worst does happen.
But what is ransomware and how can managed IT services and IT support help to prevent it?
Ransomware encrypts files and documents on your network. Once they are encrypted you will not be able to open them. The malware can encrypt files right across your network, even those in Cloud repositories. If your business becomes infected by ransomware you can expect the following to happen:
Infection by ransomware is costly, not just because of the extortion price, but because of the disruption to your business.
Infection usually happens in the following ways:
The world of cybercrime is continuously updating the methods used to attack your organization. Keeping ahead of cybersecurity threats requires vigilance and expertise. Using managed IT services, like DynaSis in Atlanta, that offer experts in cybersecurity, gives you the best possible defense against ransomware.
DynaSis provides a managed cybersecurity service that protects across all of the target areas used by cybercriminals. Our managed cybersecurity uses a layered-approach to prevent ransomware, which includes:
2018 has seen continued ransomware campaigns. Malwarebytes has found a 55 percent increase in cyber-attacks, including ransomware, during Q3 of 2018. Keeping on top of cybercrime is a time-consuming and costly exercise. Managed IT support and IT services can do this job for you, keeping your IT resources free of malware and allowing you to get on with the job at hand - making your business successful.
DynaSis: The Right Choice for Your IT Support
Running a company is more than a full-time job, and it takes diligence, focus, and great management to make a business work well. But running a modern business means using modern methods of work. Small businesses need to be innovative to compete. This means using best-of-the-best technology solutions. Fortunately, with the advent of Cloud and mobile computing, the small to midsize business (SMB) can have the same type of technology as their enterprise cousins. But with this technology comes increased and often complex management issues.
Finding skilled staff to manage your IT resources is not easy and IT skills are hard to come by. Research into the skills gap shows growing concern in finding skilled staff. A study by Career Builder has shown that 60 percent of U.S. companies have vacancies that remain open after 12 weeks. The study also found that 67 percent of companies are concerned about a skills gap.
IT skills, and cybersecurity skills, in particular, are much sought after. The skills gap in cybersecurity is expected to see a shortfall of around 3.5 million cybersecurity jobs by 2021.
Let’s explore the benefits of engaging an IT support expert to make sure your technology use goes smoothly.
Our businesses are embracing the digital revolution, just as our chances of finding a skilled person to maintain the technology is decreasing. Outsourcing IT tech support is the alternative that can give us the benefits of technology without the headache. Here are 5 reasons why you should hire an IT support expert:
The average salary for an in-house IT support person who has reached expert qualified level, is around $52K and can be up to $90K, without work benefits included. You are paying for expertise and using a fixed cost. In addition, in a SMB environment, the IT support person might not always be needed. Using managed IT support services allows you to use a variable cost model for your IT support and budget accordingly.
IT staff need to be trained in your company ethos, ways of working, and other areas. They require phones and other supplies. This takes time, money, and effort. Using a managed IT expert will allow you to focus on your core business. DynaSis operates a close business relationship by taking the time to understand your business. The result is a seamless extension to your in-house staff.
Managed IT services employ the best in their field. There may be a limited pool of skilled people, but they will gravitate to companies where they can showcase their strengths. DynaSis managed services only employ domain experts with vast experience - we give you the best possible IT people for a fraction of the cost of recruiting and employing someone of that caliber directly.
Technology changes quickly. Having expert IT people who understand your business can ensure that the decisions you make around technology choices are the best for your organization. Having the most relevant technology in place, and working seamlessly during an upgrade, will keep your company competitive.
IT support is a vital cog in a wider technology machine. This includes working with you to improve your cybersecurity. Choosing a managed services company, like DynaSis, who are experts in cybersecurity and compliance, gives you access to experienced staff. Hiring a managed services IT expert will mean your IT security is monitored. It also ensures that company day-to-day security issues, including everything from forgotten passwords to software patches to phishing emails, are taken care of promptly.
Focusing on your core business is vital in a competitive world. Hiring a managed IT expert allows you to do that, while at the same time, giving you access to best-of-the-best IT staff without the cost. In a world where IT skills are at a premium, and experienced staff expensive, having a partner like DynaSis gives you access to scarce resources allowing you to focus on what you do best - your business. Call us today at 770.629.9615 to learn more about why DynaSis is the Right Choice for Your IT Support!
Combining your cat’s name with your street address number does not make a secure password. Whiskers2089 just won’t cut it. In fact, most of the “fool-proof” passwords people use are anything but. Chances are, they have made one or more of the commonly used password mistakes and, unfortunately, almost anything we do to make remembering them easier for us, makes it easier for hackers to crack them. Our brains are filled with so much information these days, it’s very tempting to take the easy path, but as an Atlanta IT services company, we have to let you know that this can open you up to security breaches.
Have you ever created an account on a website and they let you know if the password you are entering is weak or strong? This can be very helpful, but so is knowing the criteria that determines this. Here are things that as an Atlanta IT services company we have found keep passwords from being strong:
Remember, your password is a code and the more complex it is it, the harder it is to decipher.
Using the same password very every website is a bad idea. While it might make your life easier, it also makes life easier for those who would try and hack into your accounts. As an Atlanta IT services company, we know how difficult it is to deal with a hacked bank account. Imagine if all your bank accounts, credit cards, and store cards were hacked at the same time! As annoying as it may be, you really need different passwords for each account.
We all have seen prompts to store passwords when we open up new accounts or change passwords. It certainly makes life easier…until it doesn’t. It greatly increases the chances of one or more of your accounts being hacked, and, if you are using the same password on multiple accounts, it gets even easier.
Here are some basic, generally accepted tips:
There are practical and impractical ways to create safe passwords. We have all created online accounts and been given suggested passwords. Something like: FH78$5dJu#2wQhUjkL. But just try remembering passwords like this for four credit cards, two store cards, and two bank accounts!
That said, here is a new perspective: current thinking indicates that the most secure passwords are actually strings of unconnected words: transformermobiletandem or platterjockeyfences. Then add some capital letters: transFormermobilEtaNdem. We’ll explain this in more detail later.
You’re probably thinking: I have eight financial accounts; how can this possibly be practical? Or, I’m running a business. I can’t expect my employees to do that. Let’s look at some practical solutions.
This is a practical solution for many businesses as they allow you to maintain a large number of passwords as well as in depth information about your accounts. They work in the same manner as the auto-populate features that fill in your online forms by storing your login credentials for your different accounts so that when you go to these accounts, your passwords are automatically entered. An additional benefit of this type of application is that it discourages hacker attacks such as “keystroke logging” where the hacker is able to figure out your passwords by surreptitiously recording your keystrokes. It also means that once your passwords are stored inside the app, you only have to remember a single password.
Many password managers also incorporate multi-factor authentication, something that we as an Atlanta IT services company applaud. The best way to explain this is by example. Did you ever need to reset your password from a bank and they required you to copy a code they sent you and paste it into a blank field on your screen? This is one form of multi-factor. “Multi” means more than one way to identify you. Fingerprints and retinal scans may also be used.
While in today’s world, nothing is truly 100% safe, we believe that the average person can develop a system to get almost there. Here is one method that may work for you. Just keep in mind two things: 1 – your passwords still need to be changed every three months, and, 2 – it’s still a bit of work. There is no such thing as simple password protection.
As we stated above, experts currently believe that the most secure passwords are those made of three unrelated words, like carouseltabledrum or relaxsweetfloor. Then change a couple of letters to capitals using a system so you can remember which ones you changed. Let’s say you were born in 1968. Capitalize the 6th and 8th letter so you have carouSeLtabledrum or relaxSwEetfloor. That’s the concept. Now, to put it into action, make a list of six totally unrelated words. We already are using: carousel, table, drum, relax, sweet, floor, so we will stick with these. Important: the first letter of each word must be different.
To remember these first two passwords, we are going to remember the first letter of each of the words: ctd and rsf, then for every additional password we need, do the same thing using different combos of these six: fds, tds, dsr, etc. In other words, we are using different combinations of the same six words, and capitalizing two of those letters.
Now, in your smart phone, under a fake name (that you will remember), create a list that starts with the last two numbers each of your financial accounts and ends with the three letters of that password:
You can now go to the fake name in your smart phone and you will see that the password for your credit card ending in 56 is carouSeLtabledrum.
IT security is becoming more complex by the day. Why? Because really talented cyber criminals are working day and night to figure out new ways to compromise your network and gain access to your most sensitive information, or to lock your files and hold them for ransom. At DynaSis, we have been on the job for more than a quarter century, protecting small to mid-sized businesses across metro Atlanta. Give us a call today at 770-629-9615 so we can discuss how we can protect your business and why DynaSis is the right choice.
According to the World Economic Forum, millennials will make up 75% of our nation’s workforce by 2025. That statistic is important everywhere in the country, but in places like metro Atlanta, it becomes particularly important with our very low unemployment rate for technical and other highly skilled workers. Add to this the fact that businesses are moving here almost daily, and new ones are opening one after another. The talent base is in high demand.
If you are going to remain competitive for talented workers, especially those in virtually any field involving technology, you have to be prepared to give them the tools they deem necessary to do their jobs, including those that help your employees with working outside of the office. These are tools that a qualified managed IT services provider like DynaSis can provide you.
A recent article in Forbes showed that 87% of working millennials value the flexibility to work out of the office. If your talent isn’t allowed the flexibility to work off-premises at least some of the time, another company probably will offer them that opportunity. To accomplish this, they need to be able to access company data from their home computers, or even mobile devices, which is something that we here at DynaSis, a managed IT services provider, can accomplish for you in a cost-effective manner.
To keep millennials happy and keep them on the job, you need to prepare for them. Annecdotal reports tell us that they are far more likely to leave a job they don’t find truly satisfying than baby boomers who were taught that work wasn’t necessarily meant to be enjoyable…it was “work”. Typically, millennials have high expectations that many small to mid-sized companies may find hard meet, dangerously increasing the likelihood of turnover. If you can’t resolve this situation, you are apt to discover the best and brightest of your millennials seeking greener pastures.
So let’s take a look at how you can proactively deal with the type of situation, thus ensuring the stability of your workforce. If you are like most companies of this size, it is likely that you don’t have this expertise on staff so the engagement of a managed IT services company can be an excellent investment.
Step one to creating a workplace millennials will enjoy is establishing your current realistic technology position as a baseline, or, your starting point. A qualified, experienced managed IT services company can provide an IT and security assessment, usually on a complimentary basis, that will give you a clear picture of where your hardware and software are today, as well as a game plan to provide upgrades that will keep your people happy and efficient. The benefits of upgrading are numerous. You are allowing your people to be more effective and efficient, to provide better customer service, and enjoy their work days more, all of which lead to happier customers/clients, and strengthened bottom lines.
This type of assessment provides you with more than just a road-map to the future, you will also have inventories of all your equipment and software. You will see if you have equipment that is underutilized and you will see what equipment and software is out of support. You will discover vulnerabilities in your cyber security profile, and also discover newer and better ways to accomplish current tasks. You and your managed IT services provider can now begin to make intelligent decisions in developing realistic and dynamic plans for addressing the challenges of working with millennials. This assessment should also include reporting on the software you are using as well as the mobility and security of your entire IT network, as well as clearly benchmarking your network against current industry standards and trends.
By working with a reliable, experienced and reputable managed IT services company, you can use this information to plan for upgrades and improvements to allow you to meet the 24 x 7 x 365 access expectations of the younger members of your workforce, plus the collaboration tools that will make virtually every member of your team more productive. Your managed IT services company can also put together a cost effective plan for achieving these improvements over a timeframe that is financially acceptable to you.
And speaking of being cost effective, the right managed IT services provider will be able to include many, if not all, of these upgrades in a support contract that will provide your employees with 24 x 7 x 365 help desk support and field support, while usually keeping your IT costs the same as, or even lower than they are today.
One of the goals you should be looking at is embracing the use of mobile technology. For many companies, this advice may seem a bit outdated because who isn’t using mobile phones, laptops, and tablets? But true mobility includes the adoption of secure cloud based technology that allows the access we have been discussing, while also protecting your network, keeping your intellectual property, your financial records, your personnel files, and your customer data safe and secure. This is no small task and should involve expertise you will find with a quality managed IT services company like DynaSis.
Many forward looking companies that once frowned upon employees using their own devices for company work have accepted the fact that this is a growing trend and one that millennials embrace whole-heartedly. Simply put, they don’t want to carry two laptops and two smartphones. By offering partial reimbursement for the use of the employees’ devices, some companies have cut their own costs while providing a financial benefit to the worker. But a word of caution: these devices require the same high level of security as devices provided by the company. It’s vitally important that these devices are not only secured on a day-to-day basis, but can also be “wiped” clean remotely in the event of termination or resignation of employees. Again, this is something for the professionals at your managed IT services provider.
DynaSis is a managed IT services company, having provided these services for the small to mid-sized business community in the Atlanta Metro area since 1992. We provide complimentary IT and Network Security Assessments that will give you a clear picture into your current IT infrastructure and allow us to jointly create a plan to make sure you are fully protected while offering the latest mobile productivity to your employees. Contact us online or call us at 770-629-9615 for more information about how we can help your business attract top talent.
For the past few weeks, we have taken a look at disaster planning and recovery and this week, to wrap things up, we are presenting a “checklist” of best practices for your consideration.
The value of daily continuity, the ability to recover quickly from minor outages, must be taken into consideration when you quantify the cost of business continuity in general. Businesses that experience frequent downtime know that it can be expensive. If yours is a company that has seen repeated short-term downtimes, you are probably very well aware of this. If this is the case, you need to re-evaluate your RTO and RPO to ensure you are adequately recovering your business following events like this. Of course, you also need to look into why these events are repeating.
RTO: Recovery Time Objective – the amount of time it will take to restore lost or corrupted data.
RPO: Recovery Point Objective – the point in time to which you can afford to lose some data. In other words, can you afford to lose a week’s worth of data (not many companies can), a day’s worth, an hour, or none at all.
For companies whose goals are zero to very short recovery periods, they should be evaluating a move to managed IT service providers who will work under service-level agreements guaranteeing acceptable RPOs and RTOs for their critical applications. Under service-level agreements, you can even specify zero downtime for those critical applications.
It is probably not necessary for all your business applications to have the same RTO and RPO. Typically, you will want your email and business contacts to be recovered almost immediately, but some areas, such as accounting and inventory, can generally tolerate being down for several days. To recover quickly, this type of data can actually be stored in smartphones and other remote devices as alternate back-up solutions.
Included in recovery time must be the time required to upload data along with the application itself. Two examples:
1) a CPA firm may have to upload hundreds of complex accounting documents
2) an architect may have to upload a terabyte or two of blueprints and other drawings for his people to work with before they can be fully functional.
When all your research and calculations have been completed and plans for upgrading your disaster prevention and recovery strategy have been completed, make sure all your work is fully documented and stored. This information can be critical in resolving issues in the event of such a disaster, and for future upgrades, as well. No sense ever having to go back to “square one”.
Your backup and recovery process should be tested at least once a year. If this is beyond the technical capabilities of your in-house staff, a qualified managed IT support company should be hired to accomplish this.
A rule of thumb in the industry is this: the total cost of your disaster prevention and recovery program should not exceed the losses it is designed to prevent. You don’t spend $2 to save $1. But it does make sense to spend $.50 to save $1.
If disaster recovery and prevention is an area you would like to explore, give us a call. We have been providing managed IT support services to small to mid-sized businesses in the Atlanta metro area since 1992, and we would welcome the opportunity to answer your questions. Call us at 770-629-9615 or contact us online.
Last week, in part 3 of this series, we took a look at creating a Business Impact Analysis to determine how much a serious data loss could cost your company, and how to determine how time – both in terms of how much data you could afford to lose and how quickly you would need to recover it – figures into your calculations. This week we are continuing our review of disaster prevention, recovery, and IT support with a look at just how much peace of mind is worth and next week we will finish this series with a check list of disaster recovery strategy best practices.
With all the information we have collected using the tools we have presented over the past three weeks, you can actively look at the cost of purchasing backup equipment, or at least know where you can locate it in an emergency, as well as the backup solutions and managed IT support company that you can call on when needed. You can evaluate cloud-based backups, some of which can be set for updates as often as every few minutes, and evaluate the recovery time. Recovery can vary from almost immediate, to hours, to days. You can install a system in which your most important files are recovered very quickly while others are restored over a number of days. The thing is, almost anything can be accomplished with today’s technology. The question you have to answer is: what do you really require and how much are you willing to pay for it?
What we suggest is taking a look at a worst-case scenario. Price out the equipment, tools, software and personnel you will require. Balance that against business losses that might be incurred if such an event takes place. Then look at options for less catastrophic events and analyze the downsides of drive crashes or local power outages. These are more easily resolved but only if you are prepared for them.
Vendors are important, but even more so will be an independent managed IT support company that will sort through the marketing hype that every company puts out and help you determine the equipment and software that is truly best for your company. Once you have worked through your options, you can make choices and move forward. A word of caution: all too often, companies go through the exercise of determining how they should prepare and react in the event of cyber intrusion, equipment failure, man-made or natural disaster, but fail to actually pull the trigger and spend the money necessary to implement that plan. Don’t be one of them.
Here at DynaSis, we have helped many companies create their disaster prevention and recovery plans. Most are surprised to learn that we are able to provide all the equipment they need with little to no money out of pocket by tying the cost of the equipment into a monthly IT managed support agreement that covers all the equipment, software, maintenance, help desk and field support they need for not only possible disasters, but for trouble-free, worry-free daily operations. They are also surprised to learn that this service usually costs no more than they are currently paying for IT, and often costs even less. Want to learn more? Give us a call today at 770-629-9615.
Over the past couple of weeks, we have looked at disaster recovery from the perspective of RPO, RTO, and MTO. Then we took a look at creating a Business Impact Analysis. This week, let’s evaluate how “time” figures into your calculations of potential losses, how to determine how much time you can afford to lose, and how managed IT services can help. This is an exercise that should involve all aspects of your business and you should be asking this question to at least one person from every department: “How long can we be down before the loss of critical systems starts to have a serious negative long-term impact on our business?”
The answers may vary by department and, depending on the department and depending on your business, the answer may be zero acceptable downtime. Solutions for zero downtime do exist. These solutions allow for immediate transition to a secondary yet fully functional and operational infrastructure from a remote location. Needless to say, back-up like this is expensive, but for some businesses, it is imperative to their survival. Most businesses will determine that their requirements are less draconian.
When considering acceptable downtime, you must also account for what we call “dependencies.” If your calculations tell you that you can be down for 36 hours, for example, you also need to deduct from the 36 hours the amount of time you will need for your servers, networks, and all your other critical functions to be up and running. And you must also consider time to acquire replacement equipment, availability of personnel, etc. Based on these “dependencies”, your effective downtime may be far less than 36 hours. These are factors that must be discussed with your managed IT services provider as they will figure heavily into your recovery.
In working through these time calculations, do not lose sight of your RPO – your Recovery Point Objective. In simple terms, this means: how much data can you afford to lose? This will be the data lost between your last backup and the point at which you are fully online again. This includes your ability to service your customers/clients. This will be impacted by how often you run back-ups. If you haven’t backed up often enough, will you be able to, or be comfortable in asking your customers/clients to provide documentation to help you fill in gaps in your data caused by downtime since your last data backup? At best, it is embarrassing. At worst, you create a lack of confidence in your business among your customers/clients, and possibly lose revenue to which you are entitled because you cannot produce invoices, or even the existence of customers to whom you may have provided goods or services.
If you would like to catch up and read our past two blogs on disaster recovery, or any of the other topics we cover regularly, check out our blog. Keep an eye out for our next blog in which we will discuss risk assessment and how to achieve peace of mind. Better yet, give us a call today. We are a managed IT services company that has been protecting Atlanta’s small to mid-sized businesses since 1992 and we would love to speak with you. Call us at 770.629.9615.