Resources for you and your industry.

Cyber Security Awareness Month, Equifax, and You

The month of October sure brings a lot to celebrate for us Canadians. Whether it’s feeling gratitude with family and friends while celebrating Thanksgiving or dressing up to celebrate Halloween by devouring all that sweet sweet candy during the whole month of November (or in 2 days….no one is judging). But if there is another celebration the month of October brings, it is for our hard working businesses to celebrate being ransomware free.

In fact, October is the National Cyber Security Awareness Month! What that really means is that all businesses should be taking a moment to evaluate whether their current solutions in place to combat ransom ware will keep their systems safe while keeping business running. This is particularly very important for the hard working small and mid-size businesses that operate lean and do not have dedicated in-house IT departments working 24/7.

But then again, sometimes even with dedicated in-house IT and billions of dollars, one fatal error in its cyber security practice can cause that company to become an example of what not to do when it comes to protecting your business, your customers and yourself. The company that all business owners can learn from in this instance is Equifax.

Equifax has been struggling with their data security breach that wreaked havoc within the company. Here’s what happened: cyber criminals attacked Equifax systems between mid-May and late July causing a data breach that affects 145.5 million people in the US and about 8000 Canadians.

So what went wrong? Clearly, a multi-billion dollar company like Equifax must have invested in the most robust of technology solutions available through their world-class IT services provider (in-house or external)…Well Equifax was alerted of a software breach in March 2017, however, according to former CEO Richard Smith, they failed to fix the issue due to “both human error and technology failures” that resulted in the data breach. Although a repair was released, Equifax failed to install it immediately, giving hackers an opening to break into Equifax’s computer systems.

And why is this a problem for a multibillion dollar company like Equifax? Surely, they can afford to pay their way out of it right?

Wrong. For Equifax, losing a chunk of money whether from offering free identity theft protection products/services to consumers, hiring lawyers to represent them in the legal battles, or through loss of future customers, may be just part of the problem. It is having to turn around the bad reputation and earning the trust of the public back is what will make things extremely difficult for Equifax in the future. Earning this trust may in fact be the worst of its problems.

So, the real question is, what are you as a small or mid-sized business doing to protect you and your customers? Are you being proactive in terms of monitoring your systems? Are your employee adequately trained to know what to do wtih potentially malicious email? If your answer is no or “I don’t know” to any of these, take action. Talk to your IT provider or contact us for a free 30 minute assessment.

New IT Buyer for 2017

“The CIO office or IT department may still be the primary gatekeeper in IT planning, spending and management, but a new buyer is emerging – the non-IT business executive. These are line-of-business (LOB) buyers. This study examines these new buyers as they exist across the organizations’ departments. Additionally, it looks at IT job roles in these departments and how much they operate independently.”

One of the key points made is that LOB (Line of Business) buyers are flexing their muscles. Half of respondents said objectives for technology is now more business focused. Read the full article here.

The charts in the tweet have some interesting data.

Backup vs. Business Continuity

Using RTO to Better Plan for Your Business

Conclusion

reasons-for-downtime
Making sure your business can continue operating in case of a disaster is just as essential to small businesses as it is to the largest enterprises. For that reason, business continuity using data backup is an essential solution that small businesses should deploy.

Data backup solutions come in all different flavors. Cloud-based solutions are increasingly popular, but they provide only a partial answer. On-site solutions also have their weaknesses.

The answer is a hybrid cloud. It provides the best of all worlds: you can recover data swiftly from a local device for the most common causes of data loss, but you have all your data safely stored in the cloud for more extreme events in which the local device is destroyed or unavailable.

Executive Summary

Small businesses in general don’t have the same IT budgets and staffs as larger enterprises. Yet just like larger organizations they need to protect their data and make sure they can get back to business rapidly after a disaster or other event that compromises their data and systems.

We will discuss what’s at stake when it comes to not just protecting, but also managing, your data (hint: your business). We’ll explain why it’s important to think in terms of business continuity rather than simply data backup. And we’ll look at how to calculate the all-important Recovery Time Objective (RTO) and Recovery Point Objective (RPO) so that you can get what you need from your business continuity vendor.

Small businesses in general don’t have the same IT budgets and staffs as larger enterprises. Yet just like larger organizations they need to protect their data and make sure they can get back to business rapidly after a disaster or other event that compromises their data and systems.

We will discuss what’s at stake when it comes to not just protecting, but also managing, your data (hint: your business). We’ll explain why it’s important to think in terms of business continuity rather than simply data backup. And we’ll look at how to calculate the all-important Recovery Time Objective (RTO) and Recovery Point Objective (RPO) so that you can get what you need from your business continuity vendor.

Data backup versus business continuity: what’s the difference?

Although overlapping, these terms represent uniquely different mindsets when it comes to data protection.

Data backup answers the questions: is my data safe? Can I get it back in case of a failure?

Business continuity, on the other hand, involves thinking about the business at a higher level, and asks: how quickly can I get my business operating again in case of system failure?
Thinking about data backup is a good first step. But in case of failure, you have to get that data back and restore it quickly enough so your business doesn’t suffer. For example, if your server dies—and remember, hardware failure is the No. 1 cause of lost data—you wouldn’t be able to quickly get back to work if you only had file-level backup. For you to start working again, your server would need to be replaced, all software re-installed, data re-installed and then the whole system would need to be configured with your settings and preferences. This process could take hours or even days—and in the meantime, your users can’t get their jobs done.

Calculate your RTO and RPO easily with our online tool.

What To Look for in a Business Continuity Vendor

When comparing vendors for a backup solution, small businesses say that reliability (33 per- cent) and price (29 percent) top the list of factors that drive their choices. But they should consider other factors as well.

  • Superior Recovery Time Objective (RTO) and Recovery Point Objective (RPO) — Think in terms of business continuity rather than simply backup, and calculate how much downtime your business can endure and still survive (RTO) as well as how much data you can afford to lose (RPO). Choose a vendor that can guarantee top RTOs and RPOs.
  • Hybrid cloud backup—As discussed above, taking a hybrid approach fixes the vulnerabilities that a cloud-only or local-only solution possess.
  • Image-based backup—Make sure that the backup solution takes images of all your data and systems, and doesn’t simply copy the files alone.
  • Instant local and off-site virtualization.
  • Screenshot backup verification. What good is a backup if it’s not working?
  • Images saved as VMDK for faster recovery times.
  • For more information contact us by e-mail or call us at 403-455-5969.