Business Disaster: What Threatens Small Businesses the Most?

Business Disaster: What Threatens Small Businesses the Most?

There are many threats to the integrity of a small business, and not all of them are as dramatic as a cyberattack or a hurricane. Every small business needs to do a risk assessment to determine all the threats that exist that could bring harm. External threats are the ones that get the the most attention. These can be big snowstorms or hurricanes that bring down power lines and network connections. They can also be man-made. A power outage due to a grid failure, or an act of terror. Also in this category are phishing scams, cyber attacks and data theft from external sources.

All of these are the ones that make the evening network news, and every business needs to plan how to handle them. However, there are some internal threats that can be just as serious, but are far less attention getting.

For example, human error. Stolen data can occur because someone forgot about changing their passcode, or they left a smartphone containing critical data on the bus. These aren’t nefarious acts, but they can still have serious consequences. Have you looked at how you might wipe clean a lost phone? What about the person who forgot to do a backup the day before a server failed?

Another area where human error can occur is a technical oversight. Perhaps an overworked tech who did not recognize the existence of a single point of failure in your IT infrastructure.To learn how outsourcing some tasks such as proactive management and security audits can solve these problems, see “Outsourcing Isn’t a Dirty Word: Meet Managed Services, Your IT Team’s New Best Friend – Managed Services”

 

Data Protection and Bring Your Own Device to Work

Data Protection and Bring Your Own Device to Work
BYOD refers to a firm’s policy of allowing employees to use their own personal phones, tablets and laptops for all their work applications.This is a pretty common policy, and it has many benefits, but it brings along risks. How are you addressing these risks?
Here are some of the issues raised by BYOD
  1. A lost device – If you issue company phones, you have the ability to remotely wipe the unit clean if it is lost or stolen. With employee’s personal devices, do you still have that ability. If not, your data is at risk.
  2. Software updates – Is the employee responsible for updating all the software and virus protection programs on their own devices? If that responsibility transfers to them, you are at the mercy of their willingness to keep track of such tedious tasks. If you accept responsibility for it, do you have the in-house staff to handle all the extra work?
  3. Back ups – with data being entered on many different devices, something must be done to ensure back up procedures are routinely followed.
In short, BYOD is probably an unavoidable approach to device management. It is unrealistic to expect people to carry around 2 different phones or tablets 24/7. But BYOD means extra work for the in-house staff of a small business. To learn more about these risks and a more affordable, comprehensive approach to BYOD Management, see our e-guide “Now you see it, There IT…Stays”

 

Everyday Human Error Can Affect Data Protection

 

Everyday Human Error Can Affect Data Protection
Are you under the impression that data loss is all about putting up firewalls to protect against evil cyberattacks? Some of the biggest sources of data loss include sloppiness, human error, and just plain forgetfulness.
What are some of the unglamorous things that we do everyday that leave us vulnerable?
 
Passwords
Old or easy passwords are a good first example. Employees set up simple passwords that are easy to crack. More importantly, employees may share passwords, and many often fail to create new ones on a frequent basis. Both of these represent critical breakdowns of good data protection practices.
Emails
Another significant problem caused by bad judgment is the tendency of people to open phishing scams. Almost everyone now knows about the Nigerian who wants to send money to your bank account, but many new scams come along every day and people fall for them. This is such a serious source of virus infection that some companies now deliberately send out their own phishing email to teach workers not to open anything from an unknown source. (The employee who opens one of these gets a pop up screen that tells them they’ve been tricked and then offers guidelines for identifying bad emails.)
Browsing the Web
Bad websites. Yes, everyone has policies about internet use at work, but that doesn’t mean people pay attention and don’t visit places they shouldn’t. Most significantly, a lot of those “sites they shouldn’t visit” are far more likely to be infected than CNN, Ebay or Amazon!
Losing Your Belongings
And finally there is just old-fashioned forgetfulness. Phones left on a bar stool.Or the bus. Sigh. There isn’t much more to be said about this one.
To learn more about the risks that your employees pose to your business’s data integrity, see our e-guide “Now you see it, There IT…Stays”.

 

MM – Disaster Recovery Plans: Do You Have One?

Disaster Recovery Plans: Do You Have One?
Disaster recovery and business continuity plans are issues that almost all small businesses fail to think about. More frequently, they decide they haven’t the resources to address such “unthinkables.”
If your business was down for 1-2 days or more, what costs would you incur?
  1. Lost revenues and lost productivity. These are obvious. You won’t make the money that you would have if you remained open. This is especially true if you provide a service. Services are inherently tied to time, and time cannot be re-created. Sure, you can work extra hours next week, but it won’t be a service provided at the time it was expected. However, even if you provide a product that can be purchased next week instead of today, a customer didn’t get it when they most wanted or needed it.

    There are other far more serious consequences of business downtime than just unsold goods and services. There are the intangibles that can’t be so easily measured but have long-term consequences.

  2. Helping the competition – You give your competition a real edge. Present clients and potential ones may go to a competitor while you are down. Not all will return. Your competitors now have ammunition against you to use in sales pitches.
  3. Employee frustration – Employees will carry the burden of the extra hours and stress of helping get things back together. That can lead to a lot of frustration, which, if things don’t get back to normal quickly, can damage long-term productivity. Most importantly, it can damage the respect they have for management (that means you). In general, they will recognize that you didn’t have the foresight and wisdom to anticipate the need to create disaster recovery and continuity plans. How can that not damage their trust and support for the company and you?
  4. Negative brand reputation –Your customers will also wonder how you couldn’t have cared enough to make plans to handle trouble. Think of the negative way a customer sees it. The event suggests a company that doesn’t think ahead. A client is not “off base” to feel angry that you didn’t care enough to make plans to support him if a disaster hit. Also, if you can’t handle disasters well, what else aren’t you handling properly?

These are just a few of the reasons everyone needs to consider disaster recovery. To learn more, see our e-guide “Staying Alive: The Definitive Guide to Business Continuity and Disaster Recovery for Small Businesses”.

 

Why Small Businesses Shouldn’t Avoid Making Disaster Recovery Plans

Why Small Businesses Shouldn’t Avoid Making Disaster Recovery Plans.
Entrepreneurs and small businesses, especially ones that are fairly new, often don’t think about making plans to recover in case of a disaster. However, it is the smallest business that most likely has the fewest resources to fall back on in case of disaster.
Why does this happen?
  1. It isn’t on an entrepreneur’s radar – The challenge and hurdles of starting out are what drive small business owners. The excitement that comes with getting a new client or releasing a new product are what motivates them. To be honest, things like disaster recovery plans are a little dull and aren’t part of the exciting day-to-day hustle of running a company. As a result, these issues get put on the back burner.
  2. Planning tools can seem too complex – Ideas like “risk assessment” and “business impact analysis” can be intimidating. Many SMBs may just feel the whole area is overwhelming and leave it to another day.
  3. It is perceived to be unaffordable – Many owners may believe that putting disaster recovery plans into place involves a lot of additional spending on consultants, backup hardware and more software. That isn’t true. With cloud technology and the use of a managed service provider, disaster recovery doesn’t need to be an intimidating or expensive proposition.

 

MM – Outsourcing? Really Its OK: How it can save time and money

Outsourcing? Really. It’s OK: How it can save time and money
Almost by definition, small business owners and entrepreneurs cringe at the concept of outsourcing. Those who start their own companies like the control and autonomy it provides them. Unfortunately, that preference for control and autonomy may have some bad side effects when it comes to IT.
Small business doesn’t have the resources to fully support all of their IT infrastructure needs. The present in-house staff is most likely very busy putting out day-to-day fires. One statistic suggests 65% of IT budgets go to nothing more than keeping the lights on. In short, the staff is busy making sure the printer works or reloading a PC infected by a virus after an employee fell for a phishing email. This means that small firm’s expenditures on IT are not improving operational, efficiency, or enhancing productivity or competitiveness.
There is an alternative. Managed Service Providers are outside consultants you can bring in to handle the day-to-day tasks, so your own IT resources can be used more productively.
How might an MSP supplement your IT efforts?
  1. 24/7 operations center – Small businesses can benefit from, but simply cannot afford 24/7 internal monitoring of their IT infrastructure. Many of the issues that become costly business disruptions, such as hardware, software, and applications failures are completely preventable if they’re detected and addressed early enough. It is a reality that your systems run 24/7, but you can’t support a 24/7 IT staff. An MSP, however, can use economies of scale to provide around the clock monitoring of your IT operations.
  2. Disaster recovery and business continuity plans – Small businesses have limited resources, so if there were to be a serious business interruption or data loss, they could be completely out of luck. However, risk assessments and continuity plans are likely outside of a small business owners field of expertise. An MSP can be brought in to design a complete solution.
These are just 2 ways that a small business owner can benefit from passing along IT support to an outside source. In both cases, small business owners don’t lose any control of the key parts of the business operation. Instead, the distractions of IT support are moved along to an expert, while the entrepreneur focuses on what she does best: running her business. We’ll talk in another blog about other benefits of outsourcing IT, but in the meantime, see our e-guide “Outsourcing Isn’t a Dirty Word: Meet Managed Services, Your IT Team’s New Best Friend – Managed Services”.

Run your Business, not an IT Company

Run your Business, not an IT Company
You went into business because you have an interest and expertise in some particular product or service. You began the firm to offer that product or service, but a dirty little problem came along with that new company. IT requirements. You need equipment, and you need networks, and printers, and data storage to keep the company up and running. As a consequence, you’ve become responsible for managing something you probably don’t care very much about or even understand especially well.
Managed Service Providers can be a solution. A small business can off load a variety of IT tasks that are becoming a distraction to everyday business operations and strategy.Here are just two examples.
Software updates and security audits: Your present in-house staff may be spending most of its time fixing everyday problems. As a result, they may have to delay vital security measures, such as applying tested security patches or updating virus software programs. Working with a MSP will eliminate much of the work overload that leads to system or security vulnerabilities.
An end user help desk: If you have any in-house staff, they are probably well-trained and very qualified. Are their skills being wasted on all the little daily issues of cranky printers and broken keyboards? MSPs can offer an end user help desk that can handle all those calls that pull your own staff away from larger efforts that can enhance productivity and move the business forward.

What is the Cloud: A Simple Analogy

What is the Cloud: A Simple Analogy
You use the cloud and don’t even know it. Do you go to Amazon and create a wishlist? Do you have an email account on Yahoo? That is cloud computing. All your emails are stored on Yahoo servers somewhere. They are on physical servers, of course, but they aren’t on your laptop. The advantage is that when you spill your coffee onto the laptop keyboard, you haven’t lost all your emails even if you never backed up your hard drive. (If you haven’t, shame on you, by the way.)
Here is a simple analogy to explain how the cloud works and why it might be a very useful part of your business model. Picture the small, very cramped office space of a little start-up. You and a few coworkers sit in tight quarters with messy desktops buried in mounds of papers, files, and pizza boxes. There is absolutely no room for storage. (Throw the boxes out yourself. There are limits even to cloud technology) It will be a long time until you can afford a larger office space. Your building manager offers to rent you an empty file cabinet in the basement. Although the basement space is shared with other tenants, only you and your team have keys to this locked cabinet where you will store all those piles of paper. Your rent is relatively cheap compared to other tenants since you’re only paying for the cabinet, and not the larger lockers they have leased.
Suddenly, those once covered desktops are clean, leaving space to work. More importantly, the papers are all nearby, each of you has a key, but they are safe from everyone else in the building or outside. They are also safe from spilled coffee and pizza crumbs. You’ve avoided the dramatic jump in fixed costs required to find bigger office space when all you needed were several feet of filing cabinets. Even better, the money saved is put back into the core goal of providing a product or service to a customer.
The cloud does the same thing. You rent only the space you need, it is safer from hackers than your on-site server will ever be, secure from thieves, and protected from accident-prone employees. Unlike the rest of us, cloud service providers don’t have coffee cups near their keyboards or forget to do monthly backups. In short, the cloud provides scalable storage without large incremental leaps in fixed costs you really can’t afford.

 

Loss of Data: Causes and Prevention

Loss of Data: Causes and Prevention
The adoption of technology from the simplest of matters to the most complex problems has rendered us heavily dependent on it. We love paying our bills minutes before they are due. We enjoy seeing loved ones face-to-face on our computer screens. We can access and print our extremely sensitive records from government and financial websites in a matter of minutes instead of waiting for the mail for days. The time and resources that technology saves are invaluable, but this convenience has a very ugly side. This convenience brings costs, which could include irreparable financial, professional, and social damage. The technology that is designed to make life easier can also wreak havoc when criminals use it to breach secured, personal information. So how do we tame this beast called ‘breach of data security’?
Background: The gravity of the problem: To look for a solution, we first need to understand how serious this problem is. Breaches in data security and loss of data could spell imminent demise for many small companies. According to the National Archives & Records Administration in Washington, 93% of companies that have experienced data loss resulting in ten or more days of downtime have filed for bankruptcy within a year. 50% wasted no time and filed for bankruptcy immediately and 43% that have no data recovery and business continuity plan go out of business following a major data loss. In the past, small- to medium businesses (SMBs) thought that data security problems were reserved for large corporations, but cybercriminals are finding out that SMBs are more complacent in securing their data thus making themselves easier targets. More importantly, the lightly guarded SMBs can provide backdoor access to the large entities hackers really want to hit. Fewer than half of the SMBs surveyed said they back up their data every week. Only 23% have a plan for data backup and business continuity. That is why the number of cyber attacks on SMBs has doubled in the recent past.
Causes of lost data: Loss of data can be attributed to two factors.
  • Breach of data security: As we discussed above, theft is the main reason for the loss of data. Hackers can get into networks by installing their own software hidden inside emails and other Web content. They take over PCs and networks and then access files containing personal information. They can then use that information to empty people’s bank accounts and exploit data for other purposes.
  • Human error and employee negligence: Humans still have to instruct technology to perform as desired. Examples of negligence include unattended computer systems, weak passwords, opening email attachments or clicking the hyperlinks in spam and visiting restricted websites. Fortunately, this type of loss of data is easily preventable, but it is just as detrimental and can bring your business to a halt. Downtimes can be very harmful to your business continuity and revenue.
Five ways to minimize data loss
  1. Enforce data security: More than technology, this is the management of human behavior. SMB management must communicate data protection policy to the entire staff and see to it that the policy is adhered to. Rules and policy must be enforced very strictly regarding the use of personal devices. Tell employees to create passwords that are hard to crack and change them frequently.
  2. Stress the consequences: Rules are only good if there are consequences for not following them. Define what those consequences mean for both the individual and the organization.
  3. Mobile device management: Mobile devices may be the weakest link in data security. “Mobile device management” refers to processes that are designed for the control of mobile devices used within the company. Devices tapping into company systems are identified and monitored 24/7. They are proactively secured via specified password policies, encryption settings, etc. Lost or stolen devices can be located and either locked or stripped of all data.
  4. Snapshots: Fully backing up large amounts of data can be a lengthy process. The data being backed up is also vulnerable to file corruption from read errors. This means sizable chunks of data may not be stored in the backup and be unavailable in the event of a full restoration. This can be avoided by backing up critical data as snapshots.
  5. Cloud replication and disaster recovery services: For SMBs who consider data backup to be too costly, time-consuming and complex there is an answer. The Cloud provides a cost-effective, automated off-site data replication process that provides continuous availability to business-critical data and applications. Cloud replication can often get systems back online in under an hour following a data loss.
To conclude our conversation, it is very important to understand the causes and consequences of data loss. Be proactive and minimize the likelihood of a data breach and data loss, so you can stay in business without interruption. Make sure you have a solid data recovery and business continuity plan so you don’t become another statistic about small firms who didn’t make it.

 

Be Proactive: How to Avoid Potential Network Failures

Be Proactive: How to Avoid Potential Network Failures
For small- to medium-sized businesses (SMBs), an IT network failure can be devastating because they don’t have the resources of large corporations to bounce back from such disasters. Preparation against such devastation may be the only course for them to avoid failure and survive with the least damage if failure occurs. SMBs must be proactive in recognizing the eventuality of a cyberattack or human error that can cause data loss and disrupt business continuity. This is what needs to be done to help prevent a potential failure.
Be prepared: Being proactive is an essential step for preparation against a disaster. There are two ways to determine how to best prepare to prevent potential failure of your infrastructure. First, you need to identify the weaknesses throughout your systems, and second, determine how you are going to eliminate those weaknesses and protect your network.
Identify the weaknesses: Determine how and why your system could fail. Examine all aspects of your hardware and software. Assess all the internal and external factors that could contribute to failure of your networks. Here are some questions you need to know the answers to.
  • Does customer access and/or employee productivity often stall because of downed systems? In these situations, how quickly is your IT support able to minimize the damage?
  • Can you say with certainty that your business will be back online and be able to access lost data with minimal disruption in case of failure?
  • Your critical data should be backed up frequently. The data on personal laptops, iPads and other mobile devices should also be backed up. Are all these steps being taken, and how often?
  • Are all backups stored in a location off-site and are they quickly accessible in the event of corruption, fire or flood?
  • Are you using any custom-made software? Can it be reinstalled and updated when needed?
  • Are your systems truly protected from hackers and viruses? Do you change passwords when employees leave the company?
  • How often do you test your backup processes?
The answers to all these questions should give you a clear picture of your network’s ability to survive in case of a catastrophe.
Here are five steps that you can take to protect your networks
  1. Backup files every day: There are a large number of businesses that never backup data. Only 23% of SMBs are backing up their data daily, and only 50% are doing it weekly. A number of issues can result in loss of data. You should backup data every day.
  2. Check backup procedures regularly: Don’t find out accidentally that your backup system is not working properly. By then it could be too late. It may seem like your data is being backed up normally, but check frequently if it is backing up the way it should be. In this age of BYOD make sure all employees are also following procedures to backup data on their laptops, iPads, etc.
  3. Make sure virus protection and firewalls are always enabled: Many companies either don’t have virus protection installed or it is disabled. That renders their networks vulnerable to virus attacks from emails, spam and data downloads. Corrupted files will not only bring your systems down, but they can spread to your customers and email contacts. That will spell disaster for your reputation. Hackers are always looking for unprotected and open ports online that they can attack with malicious code or files. That can cause permanent data loss.
  4. Monitor server drives: Dangerously full server drives can cause many problems, ranging from program crashes to sluggish email delivery. Servers should be monitored and maintained regularly to avoid these problems.
  5. Check built-in logs: Frequent reviews of built-in logs can reveal small issues. You will have a chance to prevent them from becoming bigger, harder-to- manage problems that can bring your systems down.
Summary: We now know IT system failures have very serious consequences for SMBs. We also know that they can avoid such failures by being proactive. Many SMBs are now turning to cloud-based services and virtualized backup solutions to mitigate downtimes and network failures. Virtualization and cloud computing have enabled cost-efficient business continuity by allowing entire servers to be grouped into one software bundle or virtual server – this includes all data, operating systems, applications, and patches. This simplifies the backup process and allows for quick data restoration when needed.