Posts

The complete DIY disaster recovery guide for SMBs

What’s inside:

      1. What your people need to know about disaster recovery
      2. The essential components of disaster recovery for SMBs
      3. Why you need a disaster recovery plan (even if you think you don’t)
      4. How to test your disaster recovery plan

Chapter 1

Why you need a disaster recovery plan (even if you think you don’t)

When you’re a small business owner, you absolutely need a disaster recovery plan. Unfortunately, a surprising number of owners shrug off this fact. Here are a few of the most common reasons we hear:

  • Nothing bad will happen . . . or if it does, it won’t be too bad
  • Time is better spent focusing on today’s issues and not on “what ifs”
  • A disaster recovery plan is important, and it’ll get done soon (rinse and repeat)

You see where this is going. A disaster hits the business, and, just like that, months or years of hard work disappear. It’s nothing short of tragic.
Particularly because there are things you can do to prepare.

But first . . . what is a disaster recovery plan?

Before we get into the nuts and bolts of disaster recovery, let’s make sure we’re all on the same page. What is a disaster recovery plan?
It’s a plan to help your IT systems get back on track after an emergency. You may sometimes hear the term “business continuity,” as well. The two are not the same thing. Business continuity addresses everything necessary to keep a business running, no matter what.
Part of that is disaster recovery.

The likelihood of a disaster

Ready for some less-than-pleasant news? It’s likely your business will experience a disaster.
Oh, you may never have to endure a tornado or a hurricane, but something will eventually take your entire business offline unexpectedly. Disasters come in different forms and vary in severity.
There are natural disasters such as earthquakes, fires, floods and blizzards. And then there are technological disasters such as cyberattacks, phishing scams, internet outages, and power failures. There are even man-made disasters such as civil unrest, terrorism and explosions. Not to mention the “small” stuff, like simple blackouts.
And the more unprepared you are, the more costly downtime is. Even one hour of downtime could cost your business several thousand dollars.

Take a look at these stats

You don’t have to take our word for it about the high cost of poor preparation. The numbers tell the story just fine on their own.

40-60%

After a disaster, 40 to 60% of businesses fail to reopen. Of those that do reopen, 25 percent go out of business within a year.

Statistic Graphic

90% of small businesses close within a year if they cannot get their operations back up within five days.


Statistic Graphic

46% of businesses have incomplete disaster recovery plans or no plan at all.

Statistic Graphic

22% of businesses have declared a disaster in the past five years. The top causes were IT failures (hardware failures, network failures, etc.), power outages, floods, cyberattacks, natural disasters and human error.

How disasters affect your IT systems

And here’s where things get real. Let’s look at how a lack of preparedness could potentially affect your business.

  • A hardware or software failure could severely impact employee productivity and lead to disgruntled customers.
  • One of your employees could fall for a phishing scam and give cybercriminals access to sensitive company accounts, which are drained. Your business is then out thousands of dollars.
  • The space where your data center is stored could experience a burst water pipe that destroys the equipment housing your data.
  • A fire could burn your business down to the ground, completely wiping out your IT infrastructure.
  • A lightning strike could create a surge and fry critical equipment, forcing you to close for just a few days. In that short time, your business could get a reputation for being unprepared or unreliable.

But with a plan . . .

A disaster recovery plan would help with all of the above examples.
No, a disaster recovery plan doesn’t stop the disaster. That’s not its purpose. But it does give you a way to bounce back. When you’re facing downtime, that’s what matters—how quickly you can get your network back online.
A disaster for your business won’t necessarily come in the form of a raging inferno or thundering hurricane. Rather, it may have more mundane roots, such as a power outage or human error.
Whatever form the disaster takes, your hard work could go down the drain if your business lacks a recovery plan.

Chapter 2

The essential components of disaster recovery for SMBs

Now that we’ve explained why it’s important to have a disaster recovery plan, what exactly should your plan include? Here’s a look at essentials such as backups, communications and employee training.

Backups

Your business data can be lost or destroyed in many ways. Here are just a few examples:

  • Accidents, such as a liquid spill, a laptop drop or accidental deletion
  • Disasters, such as a fire, flood or tornado
  • Cybercriminal activity, such as malware, ransomware or a virus
  • Theft, even as small as smartphone theft

Part of the goal for your disaster recovery plan is to protect your data. One way to do that is to make sure everything is backed up. That way, even if something wiped out your entire office, you wouldn’t lose the information you depend on to run your business.

The 3-2-1 rule

Aim to follow the 3-2-1 rule.

3

Three backup copies

2

In two mediums such as the cloud and hard drives

1

One copy stored offsite


The cloud is an essential player in data backups because you can continue work outside of the office and retrieve data from anywhere.
Think about other things that contribute to your backup plan, as well.

  • Do you have “backup vendors” (like an ISP) should you need to quickly move from one service provider to another?
  • Do you have a backup or redundant power supply source, like an onsite generator? (If you keep a backup server onsite, you may need one.)
  • Do you have backup supplies (like food and bedding) for employees who might need to stay at the office in the event of an emergency?

Most SMBs work with a managed services provider or an offsite data center provider instead of managing their own data center onsite. Before selecting a provider, ask about their plans to prevent and mitigate disasters.

Communications plan

It’s easy to focus too much on IT in a disaster recovery plan and to forget about the human aspect. Ensure that your plan incorporates the many types of communications that may be necessary.
Some things to think about include:

  • Who speaks for the company to the media, emergency responders, third-party vendors and others? (It can be a different person for each.)
  • Who reaches out to clients or customers? And how?
  • Who reaches out to employees? And how?
  • How much information do you plan to reveal in the event of a disaster? And how will you reassure those who need encouragement?
  • Do you have contact numbers (work and personal) for everyone on your staff?
  • Who are the critical members of your staff and/or what are the critical roles that have to be covered to keep your business going?

Priorities

Which systems are most critical to your mission? How much time can go by before disruption to the business becomes a serious issue? How can you protect proprietary information?
Your plan should be designed in terms of priorities. There are undoubtedly normal functions in your business you could skip or go without if you had to. As you build out your plan, make it a point to attend to the necessary stuff first.
High-priority functions should have built-in redundancy.

Your “go team”

One component of your plan is to establish a “go team” that springs into action quickly in the event of a disaster. Here’s what you’ll need to do to prep your go team.

Go team prep

Tranning Icon

Train regularly so they’re prepared to act efficiently in various scenarios

Cross training icon

Receive cross-training so they can perform multiple roles

Work relationship icon

Establish relationships with third parties such as the fire department and your data center provider

It’s also important for regular employees—those not necessarily at the forefront of disaster response—to receive training. We’ll look at that more in-depth in part 3 of this ebook.
In addition, disasters aren’t necessarily in the form of fires or hurricanes. For example, a phishing scam or a set of weak passwords could cripple your business. Disaster recovery also includes disaster prevention and mitigation.
Educating your employees on strong passwords, ransomware, phishing and more can prevent disasters and keep your employees calm and your data secure when one does occur.

Prevention

Just like you can prevent the likelihood of disasters with good employee education, you can also minimize the odds with regular maintenance and testing of your IT infrastructure. The same goes for testing your disaster recovery plan.
Say a fire breaks out at your workplace and it’s been a while since sprinkler systems and fire detection systems were tested. Will they work? Maybe. Maybe not.
Regular testing ensures everything is operating as it should. 52 percent of businesses test this kind of thing just once a year or less. We’ll look more at what complete testing of your disaster recovery plan looks like in part 4 of this ebook.

Chapter 3

What your people need to know about disaster recovery

Training your small business employees to deal with disasters can minimize the effects of a catastrophe, and it could be the difference between a quick recovery and devastating damage.

How to stay safe before, during and after

Employee safety comes first.
Being able to access business email and VOIP telephone systems won’t matter if your people are injured. And while your data is certainly valuable, your people are irreplaceable. Make sure your disaster recovery plan includes emergency safety procedures.
You’ll also want to give some thought to alternative work locations and security practices in the wake of a disaster. If your office is unusable, where will your people go? Are you equipped to work from home? And how will you maintain data security in the interim?

Why disasters wear different faces

Most people immediately think of weather and natural disasters when they hear the phrase “disaster recovery.” But disasters come in all shapes, sizes and forms. And an IT-specific disaster can be just as costly as a fire—or even more costly.
Make sure your employees have a well-rounded idea of the potential disasters you face as a company. That list should include:

  • Hardware failure
  • User error (a major cause of IT disasters)
  • Power outages
  • Software problems

Some employees may not even know a disaster has occurred until after the fact. Clarifying the definition of “disaster” helps employees get on board more with prevention training.

How to prevent disasters

Use onboarding and continuing training to cover the essential topics. Any new employee should go through disaster recovery training, but don’t assume everyone will remember all those details. Be sure to do periodic refresher training sessions, as well.

Disaster prevention topics

Scam email icon

Recognizing phishing scams

Password Icon

Using strong passwords

Download icon

Downloading attachments

Laptop icon

Following the BYOD policy

WiFI moden icon

Browsing safely on public Wi-Fi while working

Mobile devices icon

Securing laptops, smartphones and other devices


Slipping up in any of these areas can lead to an IT disaster that severely harms your business. Explain the why and how so employees know why this training matters. After all, you’re not trying to dump extra work on them.
You’re trying to protect the business.

Where to go and what to do after a disaster

Suppose a disaster compels your business to move to alternative offices or to switch to telecommuting for a while. Your employees need to know a few things.

How to communicate with the company

Should they wait for an email from their team leader? Or proactively call in themselves? Or something else?

Where to go

Are you prepared to work from home? Or do you have an alternative office site B? And how soon do you expect employees to check in? To be available to work?

How to get to work

If there are folks who absolutely have to come to an office, will your business provide alternative transportation? If a critical staff member cannot get to that office, what’s your secondary plan for that?

How to access company programs and equipment

If a cloud computing service is down, what’s the next option? If a laptop is at the office and that has become an unsafe site, what should your employees do?

Who to contact

Who should everyone reach out to with questions, concerns or critical information? Make sure this list is longer than one name—and you almost certainly don’t want to be the point person here if your team is bigger than 10 people.

Are there any temporary policies or procedures?

Any different data security protocols to follow? Should they make adjustments to how they work normal tasks or prioritize things differently during the recovery period?

Everything else

To make sure you’ve covered all the other topics listed above, make sure you’ve considered the following.

  • What technology will be accessible during an emergency?
  • How can the business keep its data secure during an emergency?
  • What happens if the offsite data facility is destroyed?

Looking at the last question, if your business and/or employees have been following the 3-2-1 rule, there are copies of employee data that survived the facility being destroyed.
Remember, disaster recovery isn’t just about getting data back—it’s also about mitigating risk and preventing data from being compromised in the first place.

Test both your business continuity and disaster recovery plans

You never fully realize everything your employees need to know until an actual disaster strikes. That’s where testing comes in.
Testing helps everyone in the business better understand how to deal with various types of disasters and how to prevent them. It also pinpoints weaknesses in your current plan, including what employees need to know and do.
Test regularly! Don’t be one of the 23 percent of businesses that leave themselves unnecessarily vulnerable.

Chapter 4

How to test your disaster recovery plan

You know the saying, “Practice makes perfect.” So it goes with testing disaster recovery plans. Companies that regularly test their plans, making necessary adjustments based on feedback, are in a much better position to get through extreme weather, hardware failures, human error, cyberattacks, and other types of IT disasters.
However, not enough businesses test their plans (or they don’t test often enough).
In fact, one study shows that 23 percent of companies don’t test at all due to reasons such as plan complexity and a lack of time and resources. If this sounds like your company, find a way to address these issues or you may lose revenue or even go out of business.
Here are a few tips for your disaster recovery testing.

Determine the scope

Your managed services provider, if you have one, can help you figure out the scope of your testing.
If your business is small, it may be that spinning up virtual machines locally or in the cloud is sufficient for some rounds of testing. If the business is larger, testing may entail unplugging a server or intentionally causing downtime in some other way.
Consider factors such as the time and resource needs of testing plus any disruption that testing would cause your customers and how much disruption they could tolerate.

Set goals

Design each DR test with a goal and figure out the results you expect.
Who is involved, and what exactly is being tested? Consider other questions such as the date of your last DR test and any IT changes since then that may require updates to the plan before testing takes place.

Document the process

There’s little point in running DR tests if no one documents the processes or acts on feedback to make adjustments. Designate one person in the business to observe and document the test.

Point person tasks

  • Record how long each step takes
  • Record any missing steps not already documented for restoration, data recovery, and emergency communications
  • Record any unexpected failures in detail
  • Record the human performance of your team

To expand on the latter point, how did your employees do when faced with a bewildering turn of events? Were there parts of the DR plan that remained unclear to some employees or that caused them undue angst? Did internal or external communications fall through due to human error?

Implement feedback

Your testing may have gone well—even perfectly. If so, congratulations. Otherwise, act on the feedback you receive to make any necessary changes.
For instance, maybe several of your employees need a better understanding of their role in DR, and they need to be trained. Perhaps your systems take unacceptably long to get back online—why? How can you shorten that time frame?

Test regularly

At the bare minimum, test your plan once a year. Even better, practice it once every quarter (four times a year). Testing every month or every week may even make sense depending on the size of your company, the IT infrastructure, regulatory requirements, and how reliant your company is on IT.
You can test different elements each time with a full-scale run once a year. Remember, a disaster doesn’t have to be a full-blown act of God to make an impact. Downtime a few times a year due to internet outages can erode client confidence over time and result in clients leaving.
It can also be a good idea to run a DR test when new people step into roles. For instance, if your lead IT employee leaves and someone new steps in, don’t wait too long before doing DR testing with this new person. Otherwise, your business could be vulnerable if disaster does strike.
For guidance putting all this information to good use in your own disaster recovery plan, get in touch with one of our business continuity professionals at ISG Technology.

Disaster recovery drill best practices (2019 edition)

A disaster recovery plan (DRP) is a great way to stay proactive about your data security. But a DRP is no good unless you test it—you have to make sure it actually works, after all.
There are some things you can do during your drill to ensure you get results—good or bad—that are reliable. The goal is to test whether the plan is effective as drafted or if something specific needs to be changed to improve it.
There are a lot of factors in play with a DRP, so it pays to be methodical.

Define your goals

First, before you conduct a test, you should define your goals.
We’re not talking about goals like “Have the server back up in 20 minutes.” For the tests they will be more like “How good are communications between departments?” or “How does stress make the IT team interact with each other?”
Your goal is to answer those questions, whatever they may be. Strategic questions that give you an idea of how prepared you really are. You want to test different variables to see how they influence your DRP’s execution.
Your IT crew will be trying to get the server up quickly, but you’ll be observing their performance through the lens of “communication.” Do they ask for help when they need it? Do they keep the other departments in the loop? Can they document what they’ve done and what worked?
You need to think of all the angles that could cause problems and test for each one.

Related: 7 typical disaster recovery plan mistakes (and how to fix them)

Get the team together

This may seem like a no-brainer but get the team together and on the same page.
If anyone is out of the loop, it creates a point where communication could break down. If everyone is on the same page from the beginning, everything will run more smoothly.
You may also want to include backup personnel, just so that they have an idea of what they are supposed to do. Running a disaster recovery plan 100% from the documentation can be difficult even without the pressure that a disaster provides.

Run different types of tests

There are all kinds of tests to you run, ranging from a simple conversation walking team members through the process to a fully simulated disaster.
Don’t rely on just one kind of test. You want a variety.
This is important because it will give you a more well-rounded idea of how your DRP  will actually function. Sometimes what makes sense in one test doesn’t make sense in the another. Or what the technicians might do to provide a hasty fix might violate compliance regulation.
You can use the culmination of all that data to make your DRP as solid as possible.

Related: Disaster recovery testing: A vital part of the DR plan

Run tests often

If it’s been more than a year since you’ve run a test, do you know if it’s still applicable? How much could change in your company in a year? Or six months? In one month?
You don’t have to test every day, but decide on an interval that makes sense based on how you do business and how often your network configuration, staff, tech tools and compliance requirements change.

Take good notes

Good documentation of these tests is a must. Not only will it help you remember what exactly happened when, but it will help anyone else who reviews the test see the results, which keeps everyone on the same page.

Post-test assessment

Of course, you want to take any new insights learned during testing into account to make your disaster recovery plan better. Valuable data does no good for anyone just sitting in a drawer.
This is especially important when things go wrong during a test.
If the downtime is double what was expected or if a new aspect comes up that no one saw before, then it is important to determine what caused the holdup and how you can overcome it in the future.
What if the disaster that you’ve been planning for happens tomorrow?

In conclusion

Communication is paramount.
Whether that means meetings with the team or solid documentation. A good DRP drill should be about setting everyone up for success so you’re well prepared for whatever the future holds.
We’ve covered a lot of ground, but everything really just boils down to the scientific method: Ask a question, perform a test, observe the results, refine your understanding.
Disaster recovery is a lot like science in many ways, so treat it like science. Reach out to experts in the field and ask for guidance if you need it.

5 straightforward disaster recovery options for SMBs

In a digital environment that’s unforgiving when it comes to downtime and outages, planning for IT disaster recovery is a critical responsibility of the modern business owner. Despite this, an astounding 75 percent of small businesses have no disaster recovery plan in place.

If your SMB isn’t prepared for a disaster, it’s important to start by understanding the basic tools that will help you navigate and mitigate a crisis.

Here are five straightforward disaster recovery solutions your SMB should consider as part of an overall recovery plan.

Cloud backups

Cloud backups can be an excellent tool for protecting your data in the event of a disaster.

A data loss event can impede a small business’s operations and drastically increase its chances of closing within six months. By performing continuous backups to the cloud, your business can safeguard its data and reduce the potential impact of a disaster.

For this reason, cloud backups are becoming increasingly popular among SMBs. Approximately 78 percent of such businesses are expected to back their data up on the cloud by 2020.

Cloud backups also have the advantage of letting you keep data geographically remote to avoid complications from natural disasters. Experts recommend keeping your backups 200 miles or more from your actual location.

Virtualization

Like cloud backups, server virtualization is useful for keeping data safe, as well as for limiting the amount of downtime that your business will experience during a disaster.

Virtual servers allow businesses to create exact copies of their data centers. If a disaster strikes, this copied version can be used to maintain essential functions while the problem is solved. As a result, SMBs can maintain high levels of availability.

Virtualization is also extremely useful for disaster recovery testing, as tests can be run in the virtual environment instead of in your business’s main system.

Mobile communication and collaboration systems

When a disaster strikes, it’s critical that your team members remain in contact. By maintaining communication through mobile devices or social media platforms, your team can coordinate its disaster recovery efforts and minimize the amount of downtime that will occur without having to be in the same place at the same time.

With good remote communication and collaboration systems in place, your business can mobilize more quickly and launch a coordinated effort to mitigate the damage.

Uninterruptible power supplies

Disaster recovery solutions tend to focus strongly on software and data, but protecting business hardware is also an important consideration. For this reason, an uninterruptible power supply (UPS) can be a very useful tool in an emergency.

A UPS is a battery device that will provide temporary power and allow you to properly power down your hardware assets.

Monitoring solutions

Disaster recovery is often a race to keep downtime to a minimum. If you are forced to deal with a disaster involving your network, monitoring software that logs changes and unusual activity can help your team identify and quickly resolve the problem. In some cases, you may even be able to head the threat off before it develops into a full-blown disaster.

With proactive security monitoring, you can keep your business safe and keep your IT systems running more smoothly.

Ready for anything

Using these five tips, your business can begin to craft a basic plan for disaster recovery.

The more you can prepare now, the less likely your company will be to experience catastrophic failures when a disaster does occur.

 

7 typical disaster recovery plan mistakes (and how to fix them)

A disaster recovery plan is just one step in an approach to keeping your business running well. Cyberthreats aren’t going away and new threats emerge all the time. Complete data protection requires a robust plan that includes everything from backup and disaster recovery to business continuity.

If you’re serious about crafting a disaster recovery plan that will protect your business, there are some common mistakes you’ll want to avoid. Here are 7 pitfalls we see businesses get sidelined by on a regular basis—and how you can overcome them.

  1. Not having a plan at all

The only thing worse than a disaster is a disaster you’re totally unprepared for. If disaster recovery is totally new for you, don’t sweat it. Start by reading our guide to completing a disaster recovery plan.

  1. Not clearly noting who is responsible for what

It’s natural to focus your data recovery plan on the data, itself, including the hardware and cloud storage you depend on. But what will keep your business going is your people.

If you have a managed IT services provider, they can certainly help, but it’s not all on them. That’s because this is about your business.

For each step of data recovery, you need to know who will be affected and who will be responsible. Consider management, employees, departments and sometimes even customers.

  1. Not having a plan for communication (internally & externally)

An easy mistake to make is assigning roles for each task but not considering how people will be notified of the step in the process.

Your communication plan can take many forms, from modern solutions like mass notification through SMS messages to an old-fashioned phone tree. The specific tools you use doesn’t matter nearly as much as having a clearly-outlined plan well in advance.

Make sure everyone in your organization, as well as your managed IT services provider, is included and informed.

  1. Not identifying critical processes

It’s easy to get stuck in the weeds. You know the systems you use, as well as the pitfalls and obstacles associated with each. But don’t forget the goal: business continuity.

Everything you do isn’t critical. Evaluate each process your company relies on and ask yourself what will happen if each of these processes goes offline. Having taken into account the risk associated with each process, decide which processes absolutely have to stay up and running.

Those are your critical processes. Your business continuity plan should focus on maintaining them.

  1. Not having key buy-in

Disaster recovery plans affect the whole business. Because that’s true, it’s important to keep leadership in the loop about the plans and the risks.

If you’re not sure where to start, consider checking out this resource: 4 cybersecurity facts your company’s leadership team should know.

But don’t stop with the leadership. From there, make sure that everyone in the organization knows what your business continuity plan is and why it matters.

  1. Not monitoring, testing & updating

A good disaster recovery plan is active.

You should be monitoring and testing. Monitoring your network will make you aware of potential issues before they have a chance to take your network offline. Proactive in testing also helps to identify potential, as well as giving you a better picture of overall risk. And system updates mitigate vulnerabilities and ensure functionality.

As your system updates, don’t forget to update your recovery plan to match your newly patched system.

  1. Not mitigating risk

Disaster recovery isn’t just about preparing an inevitable emergency. It’s also about mitigating negative impact whenever possible.

A recent example of the power of mitigation is the MyHeritage breach over the summer. It affected a massive 92 million customers. But through smart, thoughtful systems design and preparation, the damage was minimal. MyHeritage didn’t store passwords directly, but rather in a one-way hash unique to each user. As a result, the breach did not actually compromise the passwords. Further, they didn’t store personal information (like credit card numbers or family tree information) that they didn’t need to maintain.

This kind of thorough, thoughtful systems approach lowered their overall risk well ahead of time. The breach they experienced could have been devastating. But their strategy turned it into a relatively minor inconvenience rather than a true emergency.

The post 7 typical disaster recovery plan mistakes (and how to fix them) appeared first on ISG Technologies.

Source: my isg

Why does your business need a proper backup policy?

Backing up your business information is as crucial as conducting daily business itself. Which is why you need a solid backup strategy.

With a proper backup policy, you can secure all your business data—files, documents, client and customer correspondence, and in-house or remote team communications.

No matter which industry or sector you serve, proper backup is pivotal. Data loss can seriously cripple a business of any size. A good backup strategy is the best way to avoid losing essential information due to systems failures, security breaches or plain old human error.

What can a network backup do for my company?

There are several benefits of having a backup policy for your business.

  • Any kind of data loss incident hurts. But when all your business data is backed up, you can bounce back quickly.
  • Data backups tend to lessen the impact and length of downtime. The less downtime you experience, the more you can get done . . . and the more profitable you are.
  • Backups often save you and your staff from duplicate work. Even if it’s easy to rebuild that report, do you really want to waste the time?
  • You’ll be prepared if you ever have to work through an audit or even annually when you complete your business tax preparations.

Ultimately, a well-developed backup strategy serves to protect your business by protecting your company data. That impacts your organizational efficiency, your cybersecurity and even your reputation.

Granted, the best case scenario is to never actually need your data backup. But the moment you need it, you’ll be so glad it’s there.

Related: How big data is changing the game for backup and recovery

How important are backups for my new business?

Occasionally, new SMB owners feel the need for backup isn’t as pressing. After all, there’s not as much data. A backup strategy can feel like something you can take care of later.

We strongly advise against waiting.

Network backups are of paramount importance. It’s far better to backup all your company data from the very beginning.

And if your SMB has been around awhile, it’s just as important to stay on top of backups. Don’t make the mistake of thinking that just because you haven’t needed a backup yet, you won’t need one in the future.

All about human error

Network backup plays an instrumental role in reducing human error. Think about it. How many times have you, yourself, accidentally deleted the wrong thing? Now imagine the potential for impact if the same thing happened at the network level.

Read about how backups saved Toy Story 2

Human error is a real factor. It will be for the foreseeable future. Data backups are perhaps the best way to insulate your company from the risks of human error.

Automated the process

Automation is big in the IT industry for good reason. Automation makes repetitive tasks easy, routine and consistent. It’s perfect for backup.

As you work with your managed IT services provider to set up your custom backup strategy, make sure the process is automatic. Manually saving all network files to an additional hard drive is not a thorough backup process.

Automatically backing up all files to a secure cloud server, on the other hand, is.

A word about the cloud

The cloud is a convenient location for network backups—if it’s a good fit for your business. Be sure to think through this from all possible angles. You’ll need to take the following into account:

  • The level of security provided by your cloud vendor. This is a good thing to think about for all cloud solutions—backup and otherwise.
  • Any regulatory requirements for your industry. If your cloud provider doesn’t meet your industry’s compliance guidelines for security, for example, then the cloud may not be an option.
  • How quickly do you need to be able to access backups? Cloud backups typically take a little longer to access than local backups.
  • Scalability options with your cloud vendor. If your company grows, can you easily add space?

If cloud backups aren’t an option for your business, you can back up everything locally. In some cases, this is actually preferable. We recommend a thorough, strategic conversation with an IT consultant if you’re not entirely sure which is the best fit for you.

The 4 best cloud backup solutions for small businesses

There are several reasons to consider a cloud backup for data protection for an SMB. These include everything from ease-of-use to cost-effectiveness. But perhaps the most compelling reason simply this—it’s wise to be ready for whatever the future holds.

That’s what data backup is. Preparation for the unexpected.

You can’t guarantee the security of your company’s data if you aren’t ready for natural disasters, cyberattacks and even simple human error. Any number of things could compromise your company’s data, which is why it’s so critical the regularly back up everything.

Cloud computing offers an easy, efficient, secure option for backing up your data, thereby reducing or even eliminating downtime.

But what backup service is the right one for your business? We took a look at some of the most popular and weighed their potential benefits for your SMB.

Veeam

Veeam is a service that focuses heavily on data availability. While it can function as a no-frills backup from day one, it comes with so much more. Many companies, even SMBs, choose to take advantage of Veeam’s five-step process, moving their business toward Intelligent Data Management.

What is Intelligent Data Management? Not only is your data instantly available all the time, split up across multiple clouds so that it resides where it’s both accessible and safe. Veeam’s advanced backup option will also utilize automation to ensure your data is optimized for use and recovery at a moments’ notice.

That’s convenience that pays off.

From small businesses to universities to the Fortune 500, more and more businesses are trusting their data with Veeam. There are a few different tiers of data protection plans available. Find the license that works for you and scale upwards if/when you need to.

Additionally, Veeam is continually updating and adding functionality to its service. You’ll always have the cutting edge of data security.

Carbonite Online

Carbonite Online employs a wide-net approach to data security. Rather than defaulting to backing up a computer in its entirety, Carbonite backs up what it decides is most critical and relies on the user to further fine tune the process.

It’s a process that works well if you’re using a lot of standard folder designations such as My Documents. In fact, in that case it’s a real time-saver. But if you working out of a more customized setup, you may find it frustrating.

Carbonite uses Continuous Data Protection (CDP) to handle backing up rapidly changing data files more or less constantly. If a file changes within a designated folder, it’s backed up quickly. This is very convenient for users who can’t afford to rebuild a recently-lost file, but need their most recently worked on version recovered as quickly as possible.

Pricing isn’t exactly cheap, but arguably worth it if it’s a good fit.

SOS Online Backup

Is security one of your biggest concerns? SOS bills itself as a backup solution that’s all about security. (Though, in fairness to the other solutions listed here, security is big for everyone.) SOS’s security features range from password protection to privately managed keys and multi-layered 256-bit encryption.

SOS will simultaneously backup to a local hard drive or other computer over your local network for quick retrieval. Like Carbonite, SOS backs up what it considers to be the most important data. You’ll need to customize these settings if they don’t work for you.

The pricing is good—that is if you’re not transmitting massive amounts of data. Yearly subscriptions save you some money over monthly options.

iDrive

While certainly not the least expensive choice, iDrive is still reasonably affordable and comes with enough options to warrant a spot in our top-four roundup.

Among its most well-liked features is the availability of client software for nearly every type of PC and device. In addition, extra storage enables syncing all PCs as well as mobile devices. As with most of these services, iDrive utilizes CDP options to keep your backup files as current as possible.

iDrive includes several choices for single user plans which will cover an unlimited number of computers and devices. The business user plans also allow for an unlimited number of users, although storage is limited by pay-tier.

Know what you need

When considering your choices for a data backup service, you’ll want to keep a few things in mind. Examine your needs and compare them to what the various services offer, and at what costs. Among things to look at, include:

  • Operating system and device support
  • Privacy and Security
  • Storage capacity
  • Speed
  • Features
  • Reliability
  • User-friendliness

Once you’ve mapped out your needs and budget, compare them to this list and see which service lines up the best for you.

 

How to include your MSP in your backup and disaster recovery plan

An incomplete or poorly prepared backup and disaster recovery (BDR) plan can result in unacceptably long outages and lost revenue for your company.

Unfortunately, busy IT employees don’t always have the time to update BDR plans or test them thoroughly. Partnering with your managed IT services provider (MSP) to improve, refine and test your plan offers a simple way to ensure the effectiveness of this valuable resource.

Here are some of the ways your MSP can help you make sure your backup and disaster recovery plan is everything it should be.

Identifying stakeholders

The infrastructure staff and senior managers aren’t the only stakeholders crucial to the success of your BDR plan.

Your MSP can help you identify others in the company who should be involved, such as database managers and application testers. These employees can offer valuable insights and help you identify resources you’ll need to restore your systems.

Setting milestones

It’s not unusual to overlook a crucial milestone or two when developing your BDR plan timeline. Like most IT projects, BDR plans involve multiple stakeholders each tasked with carrying out a small piece of the plan.

MSP staff will help you evaluate the entire plan to ensure that important milestones are noted, including those related to network connectivity, resources, infrastructure, storage, proof of concept, storage replication, recovery point objectives, testing and backup data.

Anticipating disaster scenarios and determining responsibilities

Fires, floods and cyber threats may be the first things that come to mind when you think about disasters, but as British Airways found out in May 2017, even seemingly small problems can lead to major issues. A power surge and outage led to the cancellation of 75,000 flights and forced the airline to pay $68 million in passenger compensation.

Although a power outage should have been a minor blip, the surge also destroyed the airline’s backup system, complicating restoration. The story illustrates the importance of developing a secondary backup plan in your BDR plan.

In addition to assisting you in creating a backup plan, your managed IT services provider will also help you ensure that your employees understand their roles should a disaster occur.

The MSP team can assist you in breaking down specific tasks in the BDR plan, determining which staff members will be responsible for each detail, and creating a communication plan in the event that your team can’t communicate through its usual channels.

Providing documentation

Lack of documentation can doom your BDR plan, yet it’s a common factor in incomplete plans. When Disaster Recovery Journal surveyed 1,000 firms, the publication discovered that 31.5 percent had incomplete BDR plans.

If your key stakeholders haven’t had the time to document crucial processes and instructions, that knowledge will be lost if they ever leave the company. MSP staff will work with your internal staff to develop the documentation needed to fully restore your systems after a disaster or outage.

Additional IT support

In the process of creating a backup and disaster recovery plan, it sometimes happens that you’ll discover other areas where your IT support may be lacking. If you wish, your MSP can jump in and provide either one-time consultation or ongoing IT support to ensure you’re completely taken care of.

Your backup and disaster recovery

Sooner or later, every company experiences some sort of disaster.

Whether a cyberterrorist hacks your website, an employee makes a big mistake, or a hurricane destroys your data center, a comprehensive backup and disaster recovery plan is the key to resolving disruptions quickly.

Partnering with your MSP will help you ensure that your plan will actually work when it’s needed.

5 ways Veeam backup boosts your overall cybersecurity

Cybersecurity is a big topic in every industry due to the increase in threats and the escalating costs of recovering from a breach. If you can protect every device on your network, you’re lucky.

However, an even smarter strategy is to focus on following best practices for protecting your data, regardless of where it resides.

Veeam backup in the cloud provides an exceptionally strong backup and restoration capability.

Backup is critical for cybersecurity

Threat prevention is a valuable part of a cybersecurity strategy. On the other hand, in today’s security environment, many threats come from places that are difficult to control.

For example, research shows that 90-95 percent of cyberattacks start with a phishing email. Educating employees on the threats that may appear in their email inbox is a good first step, but hackers are very clever and many employees can be fooled.

In addition, all organizations are vulnerable, including schools and educational organizations. For example, the Department of Education issued a warning letter to schools based on several successful attempts to extort money from school districts. The personal information schools store in their records make them a prime target.

Surviving a cyberattack by using strong backup and recovery procedures becomes even more important as hackers get better at what they do.

How Veeam backup makes a difference

The Veeam software is unique in that the company developed it in the era of the cloud. This allowed the company to create a backup process that easily outperforms legacy backup software.

In fact, the International Data Corporation (IDC) market share numbers for 2017 show that Veeam leads the industry in terms of market share growth.

Here are 5 ways that Veeam backups boost your cybersecurity.

Lightning fast recovery

Provides hyper availability.

Data loss avoidance

Streamlines disaster recovery.

Verified recoverability

Guaranteed recovery of every file, application and virtual server

Leveraged data

Includes safe deployment with production-style testing

Complete transparency

Ongoing monitoring that provides alerts before operational impact

The ISG Technology and Veeam partnership

ISG Technology established Platinum status agreements for both the Veeam Cloud and Service Provider Program and the Veeam Reseller Program. According to ISG Chief Revenue Officer, Jon Bierman “The partnership goes beyond strengthening our technical team. Our sales and customer-facing teams will also be better equipped to serve our customers as we increase our alignment with Veeam.”

The partnerships allow ISG Technology to provide managed cloud backup services that take full advantage of the Veeam backup technology. For many organizations, online backup services are a cost-effective insurance policy.

With the Veeam technology, we can effectively provide backup as a service both on and offsite.

Final Thoughts

In today’s environment, organizations face several data challenges:

  • They need to gather information and offer user-friendly tools to use it
  • They need to ensure that the data is always available for internal and external users
  • They need to protect the data from cyberattacks
  • They need to ensure quick restoration of data when any type of disruption occurs

Veeam backup meets the need for keeping data available and restoring it quickly and accurately.

In addition, organizations that take advantage of Veeam technology through a managed service provider can have the same high level of capability without the capital outlay required to develop cloud backup capabilities.

The essential components for complete ransomware protection

For criminals, ransomware is big business.

The methodology is simple: attackers target a company with malware which encrypts their data, then send a request for money, usually in the form of Bitcoin or another difficult-to-trace cryptocurrency. Should the company refuse to pay up, their data will remain encrypted and inaccessible. Or it might even be shared publicly on the internet.

Given the potential damage both financial and reputational that might result, it’s no wonder that many companies choose to pay the ransom.

Kaspersky Lab noted a thirteen-fold increase in ransomware attacks in the first quarter of 2017 compared to the previous year. With the average cost of a ransomware attack sitting at over $1,000, the danger is a significant one . . . and no company is safe.

Victims range from small businesses to huge organizations, such as the UK’s National Health Service and aeronautical engineering firm Boeing. Whatever the size of your company, protecting data against ransomware is every bit as essential as physically protecting your premises from burglars.

Here are four things you can do to ensure that you are effectively protected against ransomware.

Backup everything, often

A robust backup plan can make all the difference to a company hit by a ransomware attack.

Rolling back to a previous version may make it possible to avoid paying the ransom and resume normal operations. But beware. Ransomware is becoming increasingly sophisticated. Many new viruses are designed to seek out backups and encrypt those as well.

To avoid this worst-case scenario ensure that you employ a backup solution with versioning or one that is physically disconnected from your system, like a cloud backup solution.

Train your staff

Every staff member in your organization is a potential entry point for malware. Many attacks still succeed largely due to human error.

Indeed the “WannaCry” attack which struck Boeing was transmitted by means of a zipped file attached to an email. In order for the malware to take effect, an employee within the organization had to unzip and run the file.

Train your employees to identify fake emails and encourage a culture of double-checking the origin of any suspicious attachments. Also, establish robust procedures for employees to follow when they think they might have exposed a device to malware. A swift response can isolate the machine in question and potentially save thousands of dollars in damages.

Stay up to date

There are many reasons to keep the operating systems, browsers and plugins up to date. Ransomware prevention is just one of them.

Many ransomware attackers gain entry to a system via weaknesses inherent in out-of-date plugins and other tech. By recommending (or, better yet, enforcing) updates, you can stay ahead of the criminals and keep your sensitive data secure.

Employ ransomware protection

Last, but by no means least, you should ensure that every machine (even personal devices used for work purposes) in your organization is running malware protection software from a reputable provider. While no program can prevent every single attack, most will be able to guard against a whole raft of common exploits.

If the worst does happen . . .

If you are subject to a ransomware attack and cannot recover your data from backup, your options are limited.

Paying the ransom might seem like the most sensible course of action, but there have been numerous cases in which doing so didn’t yield a decryption key. If that happens, you’ve only added an extra cost to an already-expensive situation.

An expert might be able to help you mitigate the damage, but it is vastly preferable to avoid attacks in the first place. The time to act is now—protect your data and ensure that your company doesn’t end up on the long list of ransomware victims.

The biggest cybersecurity breaches of 2017 and what we can learn from them

If we’ve learned anything from the biggest cybersecurity breaches of 2017, it’s this: no one is immune from online threats. Not even the largest companies with millions in technology resources, serious cybersecurity measures and strong reputations as household names.

2017 came and went with multiple significant cybersecurity breaches involving major organizations. And the bad news doesn’t stop there. Cybercriminals aren’t going anywhere. Cybersecurity breaches are still very much a thing.

The average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure gets connected. – Juniper Research

Here are three of the biggest cybersecurity breaches of 2017, what happened, and what we can learn from them.

Equifax

One of the worst breaches of all time happened in 2017 with Equifax. Equifax, as you almost certainly know, is one of the three largest credit agencies in the United States. Their data, the data that was compromised, is extremely sensitive.

Stolen information included names of customers, their dates of birth, credit card numbers, addresses, driver’s license numbers, and social security numbers. That’s pretty much everything a cybercriminal needs to engage in identity theft.

Verizon

In July of 2017, Verizon had a major cybersecurity breach that affected over 14 million subscribers.

A third-party analytics provider, NICE Systems, was using Amazon’s S3 cloud platform to store “customer call data” from telecom providers including Verizon. Forbes

While this breach was claimed to have been brief, the 14 million affected had their data exposed, including their names, addresses, phone numbers, and most importantly, their plain text PINs. Again, this is prime information for identity theft.

This happened because some of Verizon’s security measures simply weren’t set up the right way.

Instead of a private security setting, the information was made public. Anyone with the public link could see the Verizon data, which was stored on an Amazon S3 storage server—a commonly used cloud storage for data.

Uber

While Uber’s security breach wasn’t at the same level as the Equifax or Verizon cybersecurity breaches, it was still embarrassing and alarming. In this case, the worst of it was how Uber managed things in the aftermath of the cybersecurity breach.

Uber paid a 20-year-old hacker $100,000 to keep quiet after he managed to get his hands on the personal data of 57 million users.

Instead of being transparent about the leak, Uber tried to conceal it. Not only is that illegal in California, where the home company is based, but it further erodes customer confidence. Any company that falls prey to a cybersecurity breach will take a hit to their reputation. But if you continue to mishandle things, your reputation can suffer even more.

Just ask the folks at Uber.

What we have learned

One of the major takeaways here is that while the cyberattacks have grown sophisticated and complex, there’s a lot companies of all sizes can do to be proactive. The threat is valid, but if you address potential vulnerabilities in a timely manner, you’ll be able to avoid making these kinds of headlines.

For instance, the Equifax attack was due to a flaw in a web application, Apache Struts. The tool is used to build web applications. And here’s the kicker. The problem that led to the breach was identified months earlier, but all of the Equifax machines were not updated. This allowed hackers the ability to enter.

The Uber fiasco illustrates another compelling point. If you do suffer a cyberattack, there are good ways to handle the situation and bad ways to handle it. Restoring customer trust is critical, so it’s best to be transparent and take full responsibility.

Protecting your company from a cybersecurity breach

Your company’s critical data must be protected not only for your customers and their peace of mind but for the sake of your data, as well. You need to stay ahead of ever-changing threats. Cybercriminals are constantly changing their tactics. You have to constantly adjust your protection just to keep pace.

Know where your data is stored, how it’s protected, how often that protection is updated, and utilize data analytics to strategically update your protection as needed.

Cybersecurity breaches are on the rise. Companies must take proactive steps in order to keep their data secure.