Technology Advisor Blog

Got Ransomware?  What's your Disaster Recovery Plan?

Posted by Ann Westerheim on 10/30/18 1:50 PM

Social Graphic - RansomwareDisaster recovery is a basic element of good business continuity planning. You've probably heard the phrase and like many businesses, it's something you'll get around to "later". 

Business continuity planning refers to the broad range of plans created so that a business can continue to be operational no matter what negative event might occur. Business continuity planning addresses severe, catastrophic events, loss of a key employee, director, or other principals in the organization, severe natural disasters that incapacitate a physical location, employee mistakes, and insider threats, etc. Basically anything that can go wrong!  Disaster recovery planning is one piece of this broad planning. Specifically, disaster recovery plans refer to how to quickly recover from some event that compromises your IT infrastructure.

In general, smaller businesses - which often have no IT support staff - will utilize the services of a managed service provider, like Ekaru,  to develop disaster recovery plans.
 
One piece of your disaster recovery planning needs to address how the business can protect its data from a ransomware attack. Unlike more well known viruses, ransomware doesn't just access your data, it locks it down so it is unusable. The business model behind this approach is simple: They are betting you will have no segregated backups and will be willing to buy back access to your data.  Ransomware isn't about how valuable your data is to your attacker, its about how valuable your data is to you.
 
We strongly advise multiple layers of security to protect your data.  There's no such thing as 100% security, so in addition to all the security measures you put in place, a rock solid backup is required.  Plan in advance what your Recovery Point Objective needs to be:  how much data can you lose?  15 minutes?  One hour?  One week?  The frequency of your backup matters.  Also, what is your Recovery Time Objective?  How long can you wait to get your data back?  Some backups may take a week or more to recover?  How much will that cost your business to be down for a week.  Every business has a different level of risk they can live with.  New threats mean this is a question that needs to be constantly revisited, and you may find some gaps that you can't live with.  Plan IN ADVANCE to make sure you fully understand your current risk level, your options to decrease your list, and then make a decision about your level of protection.  One of the worst phone calls we get is from the business got hit with data and it's too late to talk about protection.  You don't need a complicated plan, but don't get caught by surprise.

Tags: ransomware, cybersecurity, backup

Disaster Recovery and Business Continuity - Optimize your Backup!

Posted by Ann Westerheim on 11/2/11 2:31 PM

WinterWeatherWe've had several days of power outages after a surprise October snow storm, and this serves as a good reminder to think about disaster planning and business continuity.  Today, businesses of all sizes need a data disaster recovery plan, which helps ensure the company will continue operations after experiencing some type of disaster due to:

  • Power outages
  • Severe Weather
  • Natural disaster
  • Hardware failure
  • Theft
  • Employee mistakes
  • A malicious act from a disgruntled employee or outsider
  • Loss of key personnel
  • Supply Chain Disruption
  • ...big disasters and small disasters...
While a snow storm may pose a few days of inconvenience, it's a good idea to plan for bigger disasters in advance.  People tend to "look on the bright side", but the statistics are scary:
  • According to the National Archives and Records Administration in Washington D.C., 93 percent of companies that lost their data center for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster.

  • According to The Gartner Group, 34% of companies fail to test their tape backups, and of those that do, 77% have found tape back-up failures.

  • Data recovery services costs range from hundreds to thousands of dollars IF your hard drive can be recovered.

There are many aspects to a good disaster recovery plan to cover personnel, facilities, and technology.  One of the key areas we focus on is getting a solid data backup which is easy to do, and will alleviate a lot of pain when disaster strikes.

If you're still using tape backup, it's time to make a change RIGHT NOW.  Tape Backups are a “known evil,” and industry analysts estimate that anywhere from 40 to 70% of all attempted recoveries  from tapes fail.  Why?  Consider the tape backup process and the many points of potential failure that exist throughout:  You need to Install, update, and configure Backup Software, and determine exactly:  1) what to back up, and 2) when to back up.  Are you sure you're backing up ALL of your critical data, as often as you should?  Tapes also wear out over time .

Your backup should be:

  • Automatic - "set it and forget it" (except PLEASE check restores periodically, best practice is automatic verification)
  • Off-site - rather than relying on taking drives off site, we recommend on-line backup now that costs have come way down and make it affordable for small business.  Keeping your backup in the same building you work will leave you exposed in the event of a site disaster.  Best bet is to get your data FAR away.
  • Local copy too! - If your backup is only on-line, keep in mind that it can take a LONG time to get your data back when you need it.  With a redundant local copy, you get the best of both worlds.
  • Image based rather than file based.  If you do need to get new equipment, rather than spending all that time reloading all your applications (IF you can find the disks), and image-based backup basically serves as a clone.

For clients who have a high cost of down-time, we strongly urge them to consider an optimized backup and disaster recovery service.

For more details about putting a full plan in place, check out a great article on csoonline.com:  Business Continuity and Disaster Recovery Planning: The Basics

Tags: backup, disaster recovery, business continuity, on-line backup, image backup

3 Things to Do BEFORE your Hard Drive Crashes!

Posted by Ann Westerheim on 4/1/11 2:43 PM

Hard DriveUnless you're already using one of the new solid state hard drives, all of your critical business data is spinning around at 5400rpm or faster on a magnetic disk inside your computer.  Think about it - it's a miracle any hard drive can actually work, and all your data is in a perilous situation!  One of the most common system failures in a computer is a hard drive failure, but it doesn't have to be a disaster for you if you plan in advance.

Here are three things to do before your hard drive crashes:

  1. Check that you're backing up EVERYTHING you need to backup.  A common "gotcha" is using a specialized program that writes files to another location other than "My Documents".  Make sure your QuickBook files and any other critical business files are included in your backup.  One of the great things about Outlook 2010 is that finally your e-mail file is stored with "My Documents", so you won't have to go looking for it in hidden files.
  2. Make sure you have a list of all the software on your system and corresponding license keys.  Keep any disks you may have in a safe place too, including all the disks that came with your computer.
  3. If you're using an online backup, make sure you know the password!  Your backup may run automatically every day, but you also need to make sure you can retrieve files from the web if your system completely dies.  "Set it and forget it" is great for making sure your backup runs all the time, but just be sure NOT to forget the password!

With a little advance preparation, you can turn a complete catastrophe (lost data, expensive software replacement, lots of down time), into a minor inconvenience of buying a new hard drive for under $100.

Tags: computer, backup, hard drive, data

Going Paperless in 2011

Posted by Ann Westerheim on 12/28/10 10:28 AM

We've worked with many of our clients to go paperless - law firms, accounting firms, medical offices... and now its our turn.  In a classic example of "the cobbler's family has no shoes", we're the last to update.

The first thing we double checked is the IRS requirements for record keeping.  The IRS has actually been accepting electronic records as far back as 1997 as referenced in Rev. Proc. 97-22.  The electronic storage system must "ensure an accurate and complete transfer of the hard copy or computerized books and records to an electronic storage media".  The electronic storage system must also "index, store, preserve, retrieve, and reproduce the electronically stored books and records".  The full document is 36 pages, but the relevant parts for electronic records is covered in pages 9-11 so its not too much to read.

Like many small businesses, we were faced with either adding a new filing cabinet, getting a crow-bar to squeeze in some more paper records, or finally taking the plunge to go paperless.  We set up a Xerox scanner with a good feeder and a combined flat-bed scan capability, and also ran some tests on our backup to double check that our scanned documents were safe.  Without the safety net of paper records, the integrity of our data backup is more important than ever.

We found a local mobile shredding service that will help us clean out the old records after scanning and with a deadline of two weeks, we'll be motivated to work fast!  We're looking forward to starting 2011 more organized than ever!

Tags: small business, paperless, electronic documents, backup

Save Windows Home Server! Great for Small Business!

Posted by Ann Westerheim on 12/2/10 8:57 AM

Microsoft has a great gem of a product for small business that's basically "under the radar" - Windows Home Server

Although it's called a "home" server, it's also great for small businesses.  Users can centrally store files, backup of workstations on the network occurs automatically (so you don't have to worry about your employees remembering to backup), and files can be accessed remotely.  This is a perfect fit for smaller offices - a few users who need to collaborate, and don't have the need or budget for a full-blown server.

About a week ago, Steve Ballmer announced that Microsoft was planning to remove an imporant feature (drive extender) from the next release.  Although Microsoft is now indicating they'll revisit this decision, yesterday more bad news came out with HP announcing they were going to drop the product line: http://yhoo.it/f8Noo7.

Windows Home Server is a product we have highly recommended to several of our small business clients who we provide IT support to.  Although Microsoft has promotional information on their web site for small business,  it really hasn't been marketed to its full potential. We don't want to see this go away!

Tags: small business, Windows Home Server, backup

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.