There are a few things that cause you to have that ‘sinking feeling’ in life. We will be talking about one of them today - being hacked and what to do if it happens to you.
Switching on the TV or looking at social media news, constantly reminds us of the heightened level of cyber-attacks. In 2017-2018, 76 percent of businesses were victims of a phishing attack1. And, over 92% of malware infections were delivered via email2.
Small to midsize businesses are simply not immune to cyber-attacks. We find ourselves in a situation of not if, but when, our company is hacked. In this article, we will explore what being hacked can look like and how to fix it.
There are many ways that computer hacking happens. They include ransomware, which encrypts files then asks for payment to decrypt them to ‘bots’ which take over a computer and turns it into a slave to do the bot’s bidding.
If you become infected by any of the malware out there you often experience tell-tale signs:
Even if you don’t have any tell-tale signs you could still be infected. Malware variants are continuously changing and often are specifically designed to work in a stealth-like manner. This works well for the cybercriminal as it means the malware is less likely to be found and eradicated.
If you are hacked, you need to contain the infection and remediate the incident. Hacks can be caused by many different routes. But once the hack has occurred there are several things you can do to contain the problem:
Disconnect and isolate: Many infections begin in one location and then move across a network to cause widespread infection. Ransomware, for example, can infect across a network and out into Cloud repositories, encrypting files as it goes.
Make sure your machine is disconnected from the rest of your network. This means unplugging the network cable and switching off your Wi-Fi connection. Take care to do this manually as some malware will trick you into thinking the computer is disconnected when it isn’t.
Decontaminate: Removing a malware infection can be tricky. Full decontamination is a process. One thorough way to eradicate an infection is to first remove the infected hard drive. Next, connect it as a non-bootable drive to another uninfected computer. Then, run an up to date anti-virus/anti-malware package from the host PC, to scan and quarantine any malware files on the drive. Now, remove any important files and documents from the hard drive before finally wiping the drive using a secure disk erase utility. You will then have to reinstall the operating system.
Change passwords: Malware infections can be used to log keyboard strokes, collecting passwords as they are used. Change any account passwords that may have been accessed via the infected computer.
Alert others: Make sure colleagues and your IT department know about the breach so they can check for any further breaches. Your company may also have to make a breach notification to relevant authorities as is required by some data protection regulations.
Reduce the risk of it happening again: Using a professionally managed cybersecurity service company reduces the chances of your organization being hacked in the first place. Even if you do end up being hacked, a managed services company can help to professionally and efficiently contain an infection or a breach. For example, if the hack involved ransomware infection, files and documents would likely be encrypted and lost. An outsourced managed services company would be able to swiftly deal with the infection, remove it, and possibly recover any deleted files (some ransomware will make copies of files, encrypt the copy, and delete the original).
In addition, if you do choose to outsource cybersecurity, the managed service company will put a secure backup system in place before an infection happens. In which case, you will be able to fully recover files to replace those encrypted.
In terms of health, “prevention is better than cure”, someone once said. The same is true of our cybersecurity health. Preventing a cybersecurity incident means you don’t have to deal with the aftermath. Remediation of a data breach and a hacked network, takes time; IBM finding that the average time to spot a breach being 197 days3 and then to contain it, a further 69 days. In that time, you have lost money, reputation, and suffered other intangible damages.
With cybercrime at an all-time high, we have to use proven methods to help us fight back. Managed Cybersecurity Services gives us the tools to reduce the likelihood we will suffer a cyber-attack, but it goes further. Having a completely hardened, 100% secure system is never possible; cybercriminals continuously change their tactics. Having an experienced team like those offered by DynaSis managed cybersecurity services on call, means you are covered, no matter what level of cyber-incident has happened. DynaSis will always have your back. DynaSis: The Right Choice for Your IT Support
In 2017, the credit file agency Equifax was hacked. It resulted in 146.6 million Americans having their personal data exposed and the cost to Equifax as a company was massive. To date, the breach is expected to cost Equifax around $600 million1 to resolve - this includes lawsuits. But this is not the only losses Equifax experienced after the breach. The company's share price drop, post-breach, resulted in $4 billion being wiped off their market value.2
The Equifax example is an extreme case, highlighting the cost of a security incident. But the costs associated with a cyber-attack hit all sized companies. In this article, DynaSis, an experienced cyber security company in Atlanta, looks at the costs that a security incident has on a small to mid-sized business.
“The DynaSis team helped educate us on how vulnerable our systems can be if we are not using the right tools. With the advanced security products that DynaSis offers, we feel that our systems are prepared to block out hackers, malware, phishing attacks and any other cyber security risks.”
The simple answer is yes. Cybercriminals do not discriminate. All companies, everywhere, across all sectors, are a target for cybercrime. Every industry, from manufacturing to healthcare to government to financial to education, is being affected. Cisco’s 2018 SMB Cybersecurity Report3 looked into the impact of cybersecurity threats on organizations with fewer than 250 employees. The report found that 53% of SMBs had experienced a cyber-attack. If your company suffers a breach, data is exposed, systems are potentially damaged, and employees lose work time. All of this equals money, reputation, and time lost.
“Cyber security attacks happen every day and are a huge expense to recover from. DynaSis has taught us that the best way to avoid these attacks is to be proactive and have the right solutions in place to protect our network from these outside threats. We are very satisfied with the success DynaSis has in keeping our business safe!”
Cyber security service companies are at the forefront of highlighting and preventing this wave of cyber security attacks. DynaSis sees the devastation that a data breach or cyber security incident causes and we act to make sure it doesn't happen to your company. According to cyber security firm Radware's 2018-2019 Global Application & Network Security Report4, the average cost of a cyber-attack is $1.1 million. This is an increase of 52% on 2017-2018. McAfee5 has estimated that in 2017, globally, cybercrime cost around $600 billion a year.
No company is immune to a cyber-attack. Small businesses are targeted because they commonly lack the support needed to protect against these attacks. In the aforementioned Cisco study, over half of small companies interviewed reported the costs of a cyber-attack were around $500,000. When asked how long they could remain profitable if they lost access to critical data, over half said they would be unprofitable within a month.
The situation is perhaps not surprising when we look at how the security landscape is changing. In the last few years, attack methods like phishing have increased. In a Wombat study6, 48% of respondents had seen an increase in phishing attacks and new methods like cryptojacking saw a staggering 8,500%7 increase in 2017. Small to midsized organizations do not have the internal staff to manage the day-to-day needs of risk mitigation.
When we look at the price that we pay for a security incident, how do we come up with the figures? The cyber-cost equation has many variables:
Some or all of these issues can be felt by a company, post-attack. Many of them are long-lasting and complex. Costs incurred can mean communicating with customers as well as regulatory bodies. This takes time from your business and means paying attorney costs.
“Cyber terrorists are targeting small to mid-sized businesses like ours on a daily basis. The amount of security protection that DynaSis implements helps put us at ease so we can focus on running our business, while they make sure that we are staying safe.”
Small to mid-sized organizations are highly vulnerable when hit with unexpected large costs. The levels of cost in both time and money that results from a cybersecurity incident could be catastrophic for a SMB.
Cyber security services companies exist to bridge the gap between enterprise-level security and the smaller organization. DynaSis is a cyber security services provider in Atlanta. We offer enterprise-grade protection for the small to midsized company. We act as your digital guardian, making sure that the costs of cybercrime stay away from your company door.
Simply put, you don’t need to have an internal dedicated cybersecurity department to protect your business. If you use a cyber security services provider, you can have the best protection and stop your company becoming a costly victim.
Netflix, UPS, Facebook, your bank, and your power company are all companies that you receive emails from regularly. These are the companies that cyber attackers will use to send their phishing emails from to capture your personal information or to install malware on your device. These brands are sophisticated and believable. People click on these emails without thinking twice. Our job at DynaSis, a managed IT service company in Atlanta, is to educate our users on signs to look for that indicate the email is a phishing scam.
There are some proactive things you can look for to protect yourself from these attacks, and by working with DynaSis for IT support, we have the systems and tools available to help keep these emails out of your inbox.
So, what do you do if you find yourself as part of a successful phishing email scam? Here are a few self-recovery steps to take to after clicking on a phishing email.
The best way to avoid a phishing attack is to be aware of what to look for. Learn more about How to Prevent Scams, Phishing and Mis-Sent Emails. DynaSis, a managed IT services company in Atlanta, has the products and tools to help keep you and your staff educated on cyber threats and how to be prepared. Fill out our form today or call 770.629.9615 to learn more about how DynaSis can help keep your company safe.
DynaSis: The Right Choice for Your IT Support
When you open your email inbox in the morning you no doubt experience a tidal wave of emails. You are not alone. Radicati1 looked at the world of emails and found that by the end of 2019 there will be 2.9 billion email users in the world. They also found that email use is only getting stronger every year. By the end of 2019, there will be 246 billion emails sent and received every day.
Email is an amazing way to communicate. Even with the advent of messaging tools and mobile messaging apps, email is still a major tool of business. But is this trust also its downfall?
In this article, we will look at three ways that email trust can and is broken, and how personal vigilance and the use of managed IT support can help you to fix it.
One of the most worrying scams of recent years is the Business Email Compromise (BEC) scam.
BEC scams are big business for cybercriminals. The FBI released a report on BEC scams2 showing losses of over $12 billion. And it is only getting worse, with BEC scam rates up by 136% since 2016.
BEC scams are all about tricking companies into releasing money. The cybercriminal behind the scam uses a number of techniques to achieve this. An example is the case of Walter Stephan3, the CEO of Austrian company FACC Operations GmbH. This BEC attack started with surveillance of Mr. Stephan. The thief was able to then send an email to the finance department that looked like it was from the CEO. This email contained an urgent message to transfer money to a new project (the recipient bank account being controlled by the scammer). In the end, FACC Operations lost around $47 million to the fraudsters.
BEC scams rely on surveillance of key members of staff and tricking other staff members by masquerading as a key employee. The scam may or may not involve email account takeovers. It also may or may not, involve phishing emails, so let’s look at phishing.
Phishing is all about stealing information such as personal data and/or login credentials, e.g. username and password. According to Wombat Security, 76 percent of businesses were victims of a phishing attack4 in 2017.
Phishing takes a number of forms:
Email phishing: An email which looks like it is from a legitimate company but is, in fact, a spoof. The email will either have a link to click on or contain an attachment that is infected with malware. The link will, typically, take you to a website, which looks like a real brand. It will ask you to enter personal data or login credentials. If you do, they will be passed immediately to the cybercriminal behind the phish. Links sometimes go to an infected website which will infect your computer with malware. Email attachments in phishing emails are infected with malware. If you open the attachment it installs malware on your machine.
Spear Phishing: This is a targeted form of email phishing. Many major data breaches have started with a spear phishing email, targeted at a system administrator. The cybercriminal stealing login credentials to privileged areas of a company's IT network.
SMiShing: Text messages and mobile app messages are being increasingly used as phishing conduits. Kaspersky5 saw a 300% increase in SMiShing (the text equivalent of email phishing) in 2017.
Vishing: This is a voice form of phishing. The phisher will call, pretending to be from a well-known organization such as a government tax office or bank. They will then attempt to extract personal information from you.
Data breaches aren’t just about cybercriminals stealing credentials and using them to access databases. Data leaks and accidental disclosure is a major issue for companies too. Data compiled by Gemalto shows that in 2017, 1.9 billion data records were accidentally leaked. Mis-sent emails are one area where sensitive information and personal data can be exposed. An example was seen during the 2014, G20 Summit. The Australian immigration department accidentally sent an email6 to the wrong person, revealing personal details of world leaders like Obama and Merkel. Sending sensitive or personal data to the wrong person can cause financial losses, reputation damage, and non-adherence with regulations.
Preventing complex human-centered email threats, like mis-sent emails, requires a layered approach to security. DynaSis managed IT services in Atlanta can look at your normal working patterns and apply the right tools and training to ensure email is not your weakest link.
DynaSis: The Right Choice for Your IT Support
Compliance with data protection regulations can be a complicated, heavy load to manage, especially for small to mid-sized businesses. For example, Verizon’s 2018 Payment Security Report, shows that, although improving, only 52% of companies meet full compliance with PCI-DSS.
In the last few years, we have seen regulations updated to reflect new technologies and ways of working. Issues like data privacy are now placed center stage by regulations like the General Data Protection Regulation (GDPR) with legal nuances and exacting requirements. Meeting compliance requirements is a full-time and ongoing job. Often, companies have to meet a mosaic of regulations too, including state, sector, and global, complicating the landscape even more. Using managed IT services that specialize in helping your company meet data protection compliance is a vital tool in the compliance armory of the SMB.
To steer you down the path of compliance, DynaSis has pulled together five ways that data protection compliance impacts your organization.
Money: Fines for non-compliance with data protection regulations can be hefty. Under the GDPR, the largest fine is up to 4% of global revenue or $23 million, whichever is largest. Other data breach and non-compliance fines may not reach these figures, but they are still often tens of thousands of dollars. The World Economic Forum has stated that what was previously considered a large data breach a few years ago is now normal. The risks of a data breach cuts across companies of all sizes, and if you are breached you could end up with a large fine.
Data Handling: Data protection laws require you to look carefully at your cybersecurity, general security, and privacy when utilizing personal data and Protected Health Information (PHI). This can be complicated and involve various legal overtures. Your firm will need to have an understanding of data classification, audit, data privacy, and data security. This requires specialist skills. Managed IT service and support companies with compliance expertise help you meet regulatory requirements letting you focus on your core business.
Competition: In a report by an analyst firm, 85 percent of U.S. companies believe that the data protection law, GDPR, will make it harder for them to compete with European companies. The Ovum report also pointed out that data privacy regulations are not uniform across the world. The U.S., for example, has “unclear, varying laws” across different industries and states. The California Consumer Privacy Act (CCPA) is one such U.S., state-centric law which came into effect in 2018. How this law impacts organizations outside of California can be a complicating factor in a company’s choice of where to do business.
Using a managed IT service firm, like DynaSis, with expertise in data protection compliance, including GDPR, CCPA, and industry-specific laws can ensure you are at your competitive best.
Skill costs: The changing technology landscape means that data protection compliance is also changing. Keeping up with new regulations and new laws is something that requires a high level of skill in the legal and technical aspects of compliance. Skills in the area of compliance cost money. The average salary of a compliance officer in the U.S. is $63,746 and can be as much as $155,000. Using an outsourced IT services company helps to bridge this cost.
Reputation damage: The 2017/18 Kroll Annual Global Fraud & Risk Report found that three-quarters of companies experienced damaged reputation due to fraud and cybersecurity incidents. Data protection regulations are designed to prevent data loss, which would otherwise result in company profile damage. Managed IT services and IT support help to get your compliance measures into a compliant state to help prevent data breaches.
Data protection compliance is not something to take lightly. It requires expertise and diligence to meet the exacting requirements of modern data protection regulations and laws. Getting compliance right when you are a small to midsize company is a challenge. However, experts like DynaSis, who have a deep knowledge about data protection regulations, can take the weight of compliance from your shoulders. Outsourcing compliance makes sense when the needs of these regulations are complex and nuanced. Using DynaSis will help your company achieve compliance and let you get on with your core business.
DynaSis: The Right Choice for Your IT Support
In 2016, a business was attacked by ransomware every 40 seconds. In 2017, we saw a massive global ransomware attack, known as WannaCry, hit businesses of all sizes and across all sectors. Attacks of ransomware also rose by 350% in the same year, according to Dimension Data. And, Kaspersky said that a single ransomware attack can cost a small to midsize business up to $99,000.
Ransomware is a sinister and costly form of malware that has taken the cybersecurity world and our businesses by storm. Using managed cybersecurity services can help prevent ransomware infection or can help manage a ransomware incident if the worst does happen.
But what is ransomware and how can managed IT services and IT support help to prevent it?
Ransomware encrypts files and documents on your network. Once they are encrypted you will not be able to open them. The malware can encrypt files right across your network, even those in Cloud repositories. If your business becomes infected by ransomware you can expect the following to happen:
Infection by ransomware is costly, not just because of the extortion price, but because of the disruption to your business.
Infection usually happens in the following ways:
The world of cybercrime is continuously updating the methods used to attack your organization. Keeping ahead of cybersecurity threats requires vigilance and expertise. Using managed IT services, like DynaSis in Atlanta, that offer experts in cybersecurity, gives you the best possible defense against ransomware.
DynaSis provides a managed cybersecurity service that protects across all of the target areas used by cybercriminals. Our managed cybersecurity uses a layered-approach to prevent ransomware, which includes:
2018 has seen continued ransomware campaigns. Malwarebytes has found a 55 percent increase in cyber-attacks, including ransomware, during Q3 of 2018. Keeping on top of cybercrime is a time-consuming and costly exercise. Managed IT support and IT services can do this job for you, keeping your IT resources free of malware and allowing you to get on with the job at hand - making your business successful.
DynaSis: The Right Choice for Your IT Support
Fact: 40% of companies today do not have disaster recovery plans in place. Considering the security risk landscape today, this is pretty scary. You have critical assets to protect but if, like many small to mid-sized businesses, you don’t have in-house resources that can handle a risk assessment, not to mention the follow-up disaster recovery plan the assessment may dictate, it’s time to consider bringing an IT support company like DynaSis on-board.
The assessment will accomplish a number of things, in addition to laying the groundwork for a recovery program:
Long-Term Cost Reduction: When companies start thinking about bringing in third parties, they often assume that the end result will be increased costs but this is not necessarily so. By identifying real and potential security flaws in your company’s infrastructure and attacking them proactively, you can be saving your firm from significant future costs that can be associated with both technology failure and compliance infraction fines, aside from the long-term costs of negative public relations and customer/client dissatisfaction.
Improved Future Assessments: Having an assessment completed now can make future assessments more productive. Your IT support provider should be creating a document that can be updated on a regular basis, including ongoing reviews of structure, security, and the ability for corporate self-analysis.
Critical Self-Analysis: An effective IT support and security analysis will guide your employees towards self-analysis and how they are figuring into your organization’s risk and security. Attention will be focused on any risky practices of which your people may be guilty, and will direct them towards the proper way to accomplish their tasks and goals, including strengthening passwords, and the handling of sensitive information.
Cyber Security Risk Avoidance: Your IT support and security assessment will point out security weaknesses within your company. It will also provide recommendations on how to strengthen your security, eliminating potential breaches, thereby saving you from the PR, financial and regulatory disasters mentioned above.
Your Assets: This will include hardware such as servers, workstations, and remote devices. It will tell you how secure (or not) your customer/client information is. Are your company’s trade secrets secure or vulnerable? How secure is your financial information?
Disaster Preparedness: This will include preparation for natural disasters, such as floods, hurricanes, tornadoes, and fires. It will also deal with potential man-made disasters, such as building fires, water damage, etc., as well as accidental and/or malicious human actions. The assessment will let you know if your disaster recovery plan will effectively deal with all these situations.
Vulnerabilities: Where do they exist and how do you and your IT support team fix them? Do you have older equipment that is no longer supported and that no longer receives automatic security updates? Is your staff properly trained? Is there evidence of employee carelessness?
Improving Your Overall “Security Posture”: Do you have the in-house personnel to assess this on your own and make suggestions and improvements that are meaningful and effective?
Cost is always a consideration but we have found that when we are retained by new clients, our fees are almost always the same as or less than the total annual cost these companies have been incurring anyway. Why? Once we are involved, we take over the financial responsibility for all your hardware and security. By proactively maintaining your IT infrastructure, we significantly cut down on the incidents that one way or another cost you money, plus we put you in a better position to sleep better at night!
Here is a basic reality: there is no way a small or mid-sized company can afford the same level of security and IT support that they can achieve by hiring a highly qualified managed IT support provider such as DynaSis. After all, we have been in the business for more than 26 years, serving Atlanta’s small to mid-sized business community. Call us today at 770-629-9615. And remember, we are DynaSis: The Right Choice for Your IT Support!
Combining your cat’s name with your street address number does not make a secure password. Whiskers2089 just won’t cut it. In fact, most of the “fool-proof” passwords people use are anything but. Chances are, they have made one or more of the commonly used password mistakes and, unfortunately, almost anything we do to make remembering them easier for us, makes it easier for hackers to crack them. Our brains are filled with so much information these days, it’s very tempting to take the easy path, but as an Atlanta IT services company, we have to let you know that this can open you up to security breaches.
Have you ever created an account on a website and they let you know if the password you are entering is weak or strong? This can be very helpful, but so is knowing the criteria that determines this. Here are things that as an Atlanta IT services company we have found keep passwords from being strong:
Remember, your password is a code and the more complex it is it, the harder it is to decipher.
Using the same password very every website is a bad idea. While it might make your life easier, it also makes life easier for those who would try and hack into your accounts. As an Atlanta IT services company, we know how difficult it is to deal with a hacked bank account. Imagine if all your bank accounts, credit cards, and store cards were hacked at the same time! As annoying as it may be, you really need different passwords for each account.
We all have seen prompts to store passwords when we open up new accounts or change passwords. It certainly makes life easier…until it doesn’t. It greatly increases the chances of one or more of your accounts being hacked, and, if you are using the same password on multiple accounts, it gets even easier.
Here are some basic, generally accepted tips:
There are practical and impractical ways to create safe passwords. We have all created online accounts and been given suggested passwords. Something like: FH78$5dJu#2wQhUjkL. But just try remembering passwords like this for four credit cards, two store cards, and two bank accounts!
That said, here is a new perspective: current thinking indicates that the most secure passwords are actually strings of unconnected words: transformermobiletandem or platterjockeyfences. Then add some capital letters: transFormermobilEtaNdem. We’ll explain this in more detail later.
You’re probably thinking: I have eight financial accounts; how can this possibly be practical? Or, I’m running a business. I can’t expect my employees to do that. Let’s look at some practical solutions.
This is a practical solution for many businesses as they allow you to maintain a large number of passwords as well as in depth information about your accounts. They work in the same manner as the auto-populate features that fill in your online forms by storing your login credentials for your different accounts so that when you go to these accounts, your passwords are automatically entered. An additional benefit of this type of application is that it discourages hacker attacks such as “keystroke logging” where the hacker is able to figure out your passwords by surreptitiously recording your keystrokes. It also means that once your passwords are stored inside the app, you only have to remember a single password.
Many password managers also incorporate multi-factor authentication, something that we as an Atlanta IT services company applaud. The best way to explain this is by example. Did you ever need to reset your password from a bank and they required you to copy a code they sent you and paste it into a blank field on your screen? This is one form of multi-factor. “Multi” means more than one way to identify you. Fingerprints and retinal scans may also be used.
While in today’s world, nothing is truly 100% safe, we believe that the average person can develop a system to get almost there. Here is one method that may work for you. Just keep in mind two things: 1 – your passwords still need to be changed every three months, and, 2 – it’s still a bit of work. There is no such thing as simple password protection.
As we stated above, experts currently believe that the most secure passwords are those made of three unrelated words, like carouseltabledrum or relaxsweetfloor. Then change a couple of letters to capitals using a system so you can remember which ones you changed. Let’s say you were born in 1968. Capitalize the 6th and 8th letter so you have carouSeLtabledrum or relaxSwEetfloor. That’s the concept. Now, to put it into action, make a list of six totally unrelated words. We already are using: carousel, table, drum, relax, sweet, floor, so we will stick with these. Important: the first letter of each word must be different.
To remember these first two passwords, we are going to remember the first letter of each of the words: ctd and rsf, then for every additional password we need, do the same thing using different combos of these six: fds, tds, dsr, etc. In other words, we are using different combinations of the same six words, and capitalizing two of those letters.
Now, in your smart phone, under a fake name (that you will remember), create a list that starts with the last two numbers each of your financial accounts and ends with the three letters of that password:
You can now go to the fake name in your smart phone and you will see that the password for your credit card ending in 56 is carouSeLtabledrum.
IT security is becoming more complex by the day. Why? Because really talented cyber criminals are working day and night to figure out new ways to compromise your network and gain access to your most sensitive information, or to lock your files and hold them for ransom. At DynaSis, we have been on the job for more than a quarter century, protecting small to mid-sized businesses across metro Atlanta. Give us a call today at 770-629-9615 so we can discuss how we can protect your business and why DynaSis is the right choice.
Over the past couple of weeks, we have looked at disaster recovery from the perspective of RPO, RTO, and MTO. Then we took a look at creating a Business Impact Analysis. This week, let’s evaluate how “time” figures into your calculations of potential losses, how to determine how much time you can afford to lose, and how managed IT services can help. This is an exercise that should involve all aspects of your business and you should be asking this question to at least one person from every department: “How long can we be down before the loss of critical systems starts to have a serious negative long-term impact on our business?”
The answers may vary by department and, depending on the department and depending on your business, the answer may be zero acceptable downtime. Solutions for zero downtime do exist. These solutions allow for immediate transition to a secondary yet fully functional and operational infrastructure from a remote location. Needless to say, back-up like this is expensive, but for some businesses, it is imperative to their survival. Most businesses will determine that their requirements are less draconian.
When considering acceptable downtime, you must also account for what we call “dependencies.” If your calculations tell you that you can be down for 36 hours, for example, you also need to deduct from the 36 hours the amount of time you will need for your servers, networks, and all your other critical functions to be up and running. And you must also consider time to acquire replacement equipment, availability of personnel, etc. Based on these “dependencies”, your effective downtime may be far less than 36 hours. These are factors that must be discussed with your managed IT services provider as they will figure heavily into your recovery.
In working through these time calculations, do not lose sight of your RPO – your Recovery Point Objective. In simple terms, this means: how much data can you afford to lose? This will be the data lost between your last backup and the point at which you are fully online again. This includes your ability to service your customers/clients. This will be impacted by how often you run back-ups. If you haven’t backed up often enough, will you be able to, or be comfortable in asking your customers/clients to provide documentation to help you fill in gaps in your data caused by downtime since your last data backup? At best, it is embarrassing. At worst, you create a lack of confidence in your business among your customers/clients, and possibly lose revenue to which you are entitled because you cannot produce invoices, or even the existence of customers to whom you may have provided goods or services.
If you would like to catch up and read our past two blogs on disaster recovery, or any of the other topics we cover regularly, check out our blog. Keep an eye out for our next blog in which we will discuss risk assessment and how to achieve peace of mind. Better yet, give us a call today. We are a managed IT services company that has been protecting Atlanta’s small to mid-sized businesses since 1992 and we would love to speak with you. Call us at 770.629.9615.
Last week we began our discussion on disaster recovery with a look at RPO (Recovery Point Objective), RTO (Recovery Time Objective), and MTO (Maximum Time Objective). This week we’re going to give you a little insight in how IT companies set these parameters. Of course, there is no magic bullet or yellow brick road to instantaneously give us answers, but if you start with some good information, you are probably going to get good solutions. A large part of your calculation will consider how much the cost will be if your business is effectively shut down for any length of time.
How much do most businesses lose because of IT problems? A study by Coleman Parks Research not too long ago estimated that small businesses lose an average of $55,000 a year due to downtime, data loss, and the cost of recovery. Mid-sized businesses are losing an average of $91,000. And these losses are before any major disaster. You may be asking, why aren’t I seeing this loss? How can it actually exist if I am not seeing it? IT companies know the answer is that it occurs in almost unnoticeable dribs and drabs. It’s the customer complaint that isn’t answered properly because accurate records couldn’t be found. Or business lost because the phone system was down for ten minutes. Or, even worse, angry customers because of a data breach. Yes, small companies suffer data breaches. You don’t hear about them because the media isn’t interested in the losses of a small company.
Your first step in understanding your potential loss should be the creation of a Business Impact Analysis. Many IT companies will have a version of this to help you implement. The primary steps include:
1: Create a list of your business’s core functions and the data required to keep these functions running. This includes processes critical to generating revenue: sales, accounting, etc. You should be including customer/client contacts, purchase orders and contract items, accounting and your other corporate records, as well as any other documents that will prove important to your business continuity.
2: Supporting infrastructure: what will you need if you have to replace damaged or destroyed equipment and/or software in the event of fire, flood, storm, or theft? It’s important to know what you will need to get your business up and running again. AND you need to know where and how you will obtain everything. Every day you are not operating, you are losing money.
3: Calculate your potential losses. Work with your accountant or in-house financial officer to figure out how much your company will suffer financially if unplanned business interruptions occur. Money that may be recovered from business interruption insurance is part of this. Calculate your losses from each part of your business to include loss from sales, loss of goodwill, aging and loss of value of inventory, etc. Now, here is the critical part: your potential loss will be a major factor in deciding how much you should spend on disaster prevention.
Next week we will continue this discussion by looking into the effect “time” will have on your disaster prevention decisions. In the meantime, we would love to start a conversation with you about disaster prevention and disaster recovery. If this is a concern of yours, and it is truly something every business executive should be thinking about, give us a call at 770.629.9615. We’ve been helping businesses just like yours as one of the top IT companies in metro Atlanta since 1992.