Posts

Evaluating SaaS Backup Solutions and Software

Data protection icon

You have many choices when choosing your SaaS backup solution for Google Workspace (G Suite), Microsoft 365, Salesforce.com, and other cloud services. But first, lets learn more about what a SaaS backup solution entails, as well as what to expect with this type of cloud service.

What is a SaaS Backup?

Backup of Software as a Service, or SaaS backup, is the process of duplicating and storing data generated by SaaS products. This information is frequently derived from cloud-based SaaS applications, PaaS (Platform as a Service), and cloud-based network IaaS. (Infrastructure as a Service).

The responsibility of a SaaS provider extends only to their software and not to the information or data contained within it. They only guarantee the app’s and its supporting infrastructure’s uptime. As a result, businesses and organizations must obtain SaaS backup and disaster recovery services to protect their data in the cloud.

When picking your backup solution, look for the data protection capabilities you need. At a minimum, a SaaS backup solution should offer the following.

SaaS Backup Solutions

Comprehensive Protection

Some SaaS backup solutions only protect email, files, and folders. Look for solutions that offer protection for contacts, shared drives, collaboration and chat tools, and calendars. Solutions with these features are far more effective at maintaining business continuity. And, the cost is often comparable.

Frequent Backups

More frequent backups let you to restore to a more recent point in time, minimizing data loss. Restores are faster and easier with less manual effort to perform restores. Services that backup multiple times per day will provide better results than those that only backup daily.

Access During Outages

Look for and choose a SaaS backup service that lets you export and access your data in the event of an outage. While limited in scope, the ability to use data should Google Workspace or Microsoft 365 be unavailable can help you keep essential work on-track.

Security & Compliance

The SaaS backup service you choose should be secure, with data encrypted at rest and in motion.  Additionally, SaaS backup solution services that meet SOC1/SSAE-16 and SOC 2 Type II reporting standards will help you meet HIPAA, GDPR, CCPA, SEC, and other regulatory compliance requirements.

Your Next Step for Choosing a SaaS Backup Solution:

Comprehensive protection, frequent backups, access during outages, and security and compliance should all be included in your SaaS backup solution, software, or service.

We recommend you protect all data in Google Workspace or Microsoft 365 with a secure and robust backup/recovery solution.  Protecting your cloud-resident data is no different than protecting data hosted on servers and systems in your office. We can help you make the right choice.

For more information, view and download our eBook, SaaS Protection Buyers Guide.

Learn more about Cumulus Global’s data protection and security solutions, contact us to discuss you needs and options, or schedule a complimentary cloud advisor appointment.

3 Reasons to Secure Your Data with SaaS Data Protection Solutions

Data protection icon

What is SaaS Data protection and why You Should Consider it

SaaS data protection refers to the measures and strategies that software-as-a-service (SaaS) providers implement to safeguard their customers’ data from unauthorized access, alteration, theft, or loss.

SaaS data is not immune to permanent data loss. Microsoft and Google make no guarantees when it comes to restoring deleted data, whether from human error or a malicious act. While Microsoft 365 and Google Workspace (formerly G Suite) may make collaboration more efficient, data protection and management is a shared responsibility. Both Google and Microsoft include some basic recovery capabilities, but they not enough to protect your business.

SaaS providers use a combination of technical, administrative, and physical controls to protect their customers’ data. Encryption of data in transit and at rest, access controls and permissions, firewalls, intrusion detection and prevention systems, multi-factor authentication, regular security audits and assessments, and disaster recovery and business continuity plans are examples of these controls. SaaS providers also have legal and regulatory obligations to protect their customers’ data, depending on the type of data and the jurisdiction in which they operate. This may include compliance with industry standards such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA).

Here are 3 major reasons to add SaaS data protection to your Microsoft 365 or Google Workspace solution.

Overall, SaaS data protection is crucial for maintaining the trust of customers and ensuring the confidentiality, integrity, and availability of their data. The three reasons below are vital to understand as it relates to how to secure data in SaaS.

1: Data Loss Due to Permanent Deletion

If an employee accidentally deletes a critical spreadsheet from OneDrive or Google Drive, or a deleted folder of important emails passes the retention period in Trash, neither Microsoft nor Google will be able to recover your data.

Even if those files are within your retention period, locating and restoring lost data can cost you more time than you can afford.

2: Data Loss Due to a Ransomware Attack

If your business suffers a ransomware attack, you cannot roll-back your data to a point-in-time before the attack without a backup solution. Your data is likely gone forever.

More than losing valuable business data, you will face potentially crippling costs.  You may choose to pay the ransom (without any guarantee your files will be unlocked). You may work to rebuild your lost data. Either way, you will spend significant money, time, and lost productivity trying to save your business.

3. Time and Money Lost in Recovering Files

Retaining critical user data when employees leave your company is costly without a backup solution in place. The time spent to recover data might be more than what your business can afford. SaaS Data Protection and backup solutions lets you retain past employee data without the need to keep their Microsoft 365 or Google Workspace account active. You save time and money.

Whether you lose data or time, the impact to your bottom line can be significant. To address this challenge, you need a secure solution for this growing reliance on the cloud.

Learn more about Cumulus Global’s data protection and security solutions. To ensure your business continues to run smoothly, schedule a complimentary cloud advisor appointment.

Service Update: Datto SaaS Protection

Service Update: Datto SaaS Protection. The latest Datto SaaS Protection platform is now available to all of our costumers. For more recent customers, you are already on the newest platform.  For our longer term SaaS Protection (aka Backupify) customers, the transition process will begin as early as February 1, 2021. The process will complete before May 31, 2021.

Benefit:

With this move, all Datto SaaS Protection customers will have access to the latest features. These include protection for Microsoft Teams and Google Shared Drives, and the Daily Backup Success Report.

Process:

To ensure a smooth transition, any data on the legacy platform will be archived in one of Datto’s secure Microsoft Azure instances. A fresh backup set will initiate on the new platform. We can assist you in exporting your legacy backup data if you prefer to not have it stored by Datto on Microsoft Azure.

There are some unique aspects of the transition for some of our customers, our Service Team will contact you as needed to discuss your transition.

Please contact us with any questions or concerns.

SaaS Backup Myths – 4 Dangerous Misconceptions Debunked

SaaS Backup is just as important, and necessary, as backups for data hosted on in-house servers and systems.

Data protection iconWith more remote work, our reliance on SaaS applications and services such as Microsoft 365 and Google Workspace has become more critical to our success. Easy access to files and folders from anywhere and the integrated collaboration tools keep our teams connected and productive.

Here are 4 common, but dangerous, myths and misconceptions about SaaS applications and services that will put your data and your business at risk.

Top 4 Software as a service (SaaS) Backup Myths Dispelled

Myth 1: SaaS Applications do not Require Backup

While SaaS applications protect against data loss in their cloud servers, this does not protect against user error, accidental and malicious deletion, or ransomware attacks. And while accidental deletion of files is by far the most
common form of data loss in SaaS apps, ransomware can be the most damaging. Ransomware is designed to spread across networks and into SaaS applications, impacting many users.

Ransomware isn’t only an on-premises problem. It can and does spread into the cloud, especially when using the OneDrive and/or Drive File Sync clients.

You need a way to quickly revert files, folders, settings, and permissions in the event of an attack.

Myth 2: File Sync is a Backup

While file sync tools like Microsoft OneDrive or Google Drive File Sync do create a second copy of files and folders, they do not replace backup. File sync automatically copies changes to synchronized files. If a file or folder is infected with ransomware, the malware will automatically be copied to all synced versions of that file.

File sync services do offer some restore capabilities via versioning, but they fall short of a true SaaS backup solution.

  • If a file is deleted, older versions of the file are also deleted
  • End users control backup and recovery, so you have no control over coverage or process
  • Large restores are a time-consuming, manual process.

Beyond simply lacking the restore capabilities of a backup solution, file sync and share can introduce ransomware to Microsoft 365 or Google Drive. File sync and backup are not competitive solutions, rather they can and should be used together.

File sync and share tools are for productivity; backup is for data protection and fast restore.

Myth 3: SaaS Applications are Always Available

While SaaS apps are highly reliable, outages do occur. In 2020 alone, Microsoft 365 suffered five significant outages in the space of six weeks. Last year, Google Workspace suffered a global outage, leaving users with no access to for several hours.

Outages and slow restore times are not just an inconvenience. When you cannot access important business data, productivity falls and revenue suffers. Creating backups that are independent of a SaaS provider’s cloud servers is the only way to ensure access to essential files in the event of an extended outage.

Myth 4: Microsoft and Google are Responsible for Backup

Microsoft and Google ensure they will not lose your cloud data. However, they do not take responsibility for restoring data if you lose it. This is why Microsoft recommends third party backups for Microsoft 365 data, having defined the concept of the Shared Responsibility Model.

In the Shared Responsibility Model:

  • Microsoft and Google protect your data against:
    • Service interruptions due to hardware or software failure
    • Loss of service due to natural disaster or power outage
  • You must protect your data against:
    • Accidental deletion and damage
    • Hackers, ransomware attacks, other malware
    • Malicious insiders

The Shared Responsibility Model places the onus of SaaS data protection squarely on you. Google and Microsoft are responsible for keeping their systems up and running; you are responsible for preserving and securing your data.

FAQs

What are the disadvantages of cloud backups?

Many people are wondering what the drawbacks of cloud backups are, and while there are more pros than cons, there are certainly still a few key factors to consider. These include the following SaaS backup drawbacks:
  1. Cost
  2. Complexity
  3. Time-consuming
  4. Data recovery time
  5. Risk of failure
  6. Security concerns

Do I need to backup SaaS?

Yes, it is important to backup SaaS data to ensure that your critical data is protected against loss, corruption, or cyber attacks. While SaaS providers typically have their own data backup and recovery processes in place, they may not always guarantee the recovery of data lost due to user error, malicious deletion, or other data loss scenarios.

Why cloud backup may not be the best choice?

While cloud backup solutions can offer many benefits, they may not always be the best choice for all organizations. The main downsides include the following:
  1. Cost of cloud backup solutions can be expensive
  2. Security concerns still remain
  3. Dependency on internet connection
  4. Lack of control over how data is stored, accessed, and managed.
  5. Compliance concerns
  6. It can be difficult and costly to switch to a different provider or to migrate your data to a different solution in the future

To review your data protections, and your ability to recover from accidental or malicious loss, contact us or schedule an appointment with our Cloud Advisors.

9 Cyber Security Tips for Small Businesses

Since the start of the COVID-19 pandemic, cyber threats and ransomware attacks have accelerated, exceeding 30,000 attacks per day in the US. Cybersecurity measures have never been more important. The move to remote working environments as well as the vulnerability of global economies in crisis has created an open-season for cybercriminals. No business—big or small—is safe.

Small and medium businesses (SMBs) seemingly have a target on their backs, so strengthening your SMB security posture is essential right now. The good news: There are ways to protect your business against ransomware attacks. Read on below to learn about our top nine cyber security tips and best practices to keep your small business safe.

Here are nine tips you that boost your business’ resilience to cyber attacks:

Communicate & Educate

1. Conduct a security risk assessment

Understand potential security threats (e.g., downtime from ransomware) and the impact they may have on your business (lost revenue). Use this information to shape a security strategy that meets your specific needs.

2. Create straightforward cybersecurity policies

Write and distribute a clear set of rules and instructions on cybersecurity practices for employees. This will vary from business to business but may include policies on social media use, bring your own device, authentication requirements, etc.

3. Train your employees

Because cybersecurity threats are constantly evolving, an ongoing training plan should be implemented for all employees. This should include examples of threats, as well as instruction on security best practices, and periodic testing.

Prevent & Protect

4. Protect your network and devices

Implement a password policy that requires strong passwords and monitor your employee accounts for breach intel through dark web monitoring. Deploy firewall, VPN, and next-gen antivirus technologies with advanced threat protection. Ensure your network and endpoints are not vulnerable to attacks. Implement mandatory multi-factor authentication. Ongoing network monitoring is essential, as is encrypting hard drives.

5. Keep software up to date

This cyber security tip involves being vigilant about patch management. Cyber criminals exploit software vulnerabilities using a variety of tactics to gain access to computers and data. Your IT provider should automate this for your businesses with a remote monitoring and management. Keep your mobile phones up to date as well.

6. Back up your data

Daily (or more frequent) backups are a requirement to recover from data corruption or loss resulting from security breaches. Consider using a data protection tools that take incremental backups of data periodically throughout the day to prevent data loss. Remember that you need to protect your data in the cloud as well as you protect your data on local servers and workstations.

7. Know where your data resides

The more places data exists, the more likely it is that unauthorized individuals will be able to access it. Use data discovery tools to find and appropriately secure data along with business-class Software-as-a-Service (SaaS) applications that allow for corporate control of data. Eliminate redundant and “Shadow IT” services.

8. Control access to computers

Use key cards or similar security measures to control access to facilities. Ensure that employees use strong passwords for laptops and desktops. Give administrative privileges only to trusted staff as needed.

Respond & Recover

9. Enable uptime

Our final cyber security tip dives into responding and recover. Here, it’s vital to choose a powerful data protection solution that enables “instant recovery” of data and applications. In fact, 92% of managed IT service providers report that companies with business continuity disaster recovery (BCDR) products in place are less likely to experience significant downtime from ransomware and are back up and running quickly. Application downtime can significantly impact a business’ ability to generate revenue. Can your business afford downtime costs that are 23X greater (up by 200% year-over-year) than the average ransom requested in 2019?

Get In Touch To Learn More About Cyber Security Tips and Best Practices

The best defense is a good offense. A robust, multi-layered cybersecurity strategy can save your business. Contact us to learn more and for a free Cyber Security Assessment.

Prepare Your Business for the Next Normal

(Updated 5/4/20)

With some states and local jurisdictions beginning to loosen or remove stay-at-home and essential business orders and advisories, many small businesses will begin to adjust for the next phase of response and recovery.  For some, this will be a re-opening; for others it will be another shift in how we conduct our business on a day-to-day basis.  Either way, the process will be a minefield of financial, operational, legal, liability, and personnel issues. Before “flipping” the sign from closed to open, plan your return with care and compassion. Both will be needed to keep your employees, customers, and business safe.

Prepare the Groundwork

Guidance on opening is coming from many sources. We recommend a top-down approach, starting at the federal level and working down the your local municipalities and property owners.

  1. Start with the expertise and guidance from the US Centers for Disease Control and Prevention (CDC).  The CDC website  provides guidance for different types of businesses and gathering places that centers on three mitigation strategies:
    • Personal protective measures (e.g., hand-washing, cough etiquette, and face coverings) that persons can use at home or while in community settings
    • Social distancing (e.g., maintaining physical distance between persons in community settings and staying at home)
    • Environmental surface cleaning at home and in community settings, such as schools or workplaces.
  2. Review current laws and regulations under the Families First Coronavirus Recovery Act (FFCRA). This legislation requires almost all employers to provide expanded sick time, medical leave, and family leave pay for employees dealing with illness or childcare issues themselves or within their immediate family unit.  Make sure your return to work plans accommodate these programs and
  3. Second, understand your state’s rules and regulations with with respect to physically opening your business.  Many states are staging how they will allow business to open.  Then, check with local governments where your business is located and where your employees live.  In some states, municipalities and counties are adjusting how they implement state and federal orders and advisories to address local needs and issues.
  4.  Understand your state’s unemployment rules and regulations. In some states, lifting of stay-at-home orders may mean employees are no longer eligible for unemployment even if you keep your business closed or cannot bring everyone back to work. Your team will have differing concerns and levels of comfort; it is important to provide them with timely and accurate communications.
  5. Check with your landlord. Many office and retail complexes are setting up guidelines and rules for how businesses can and will be able to operate in their properties.  Some office complexes, for example, are limiting access to employees only and restricting access to trades and delivery personnel.
  6. Ask your landlord what additional steps they will be taking to clean and sanitize bathrooms, elevators, stair railings, door handles, and other common areas and high touch surfaces.  You and your employees will want and need to know how safe the environment will be when then return to the office or store.

With an understanding of how you can and want to take your next steps, create a Communications Plan.  More than just determined who, when, and how you will share information with employees and other stakeholders, the plan should provide a clear and easy way for employees to get answers to their questions.  As many smaller businesses do not have internal HR resources, you may want to assign a particular manager or executive team to the role.  If you have a contracted HR service or consultant, you will need to coordinate both the process and information. Set clear expectations for how quickly you will answer questions and how answers to common questions will be addressed to the company at large.

Prepare Your Place

As you do your groundwork, begin planning and putting your workplace together for the return of staff.  Social distancing is the current normal. With an expected recurrence of COVID-19 in the fall, social distancing will be part of our lives, and work places, for some time to come. For employees to return, you may be considering:

  • Setting up protocols to ensure that workers who may be ill, or have been exposed, do not enter the workplace and accidentally infect others.
  • Placing dividers between work spaces, or re-configuring your office layout to create separation.
  • Acquiring additional office space, temporarily, to allow more team members to return.
  • Requiring the use of masks or other appropriate personal protective equipment (PPE). Depending on your work environment, this may be full-time or only when employees leave personal work spaces and head to common or communal areas.
  • Cleaning and sanitation of common areas, like kitchens and break rooms, and high touch surfaces.
  • Coordinating disinfection and sanitation efforts with building management and neighboring businesses in leased office spaces.
  • Ensuring availability of cleaning supplies, disinfectants, and sanitizers.
  • Creating a means for employees to express concerns about the work environment and actions of others, without fear of retribution.

For some businesses, the safest course of action will be establishing split shifts or a rotating schedule of employee teams working in the office. Doing so can ease physical separation issues, but we should expect that some employees will need to, or want to, continue working from home.

Prepare Your People

Communications — timely, open, and honest — will be critical for successfully taking the next steps with your business.  For many, personal anxiety and stress will be high as we navigate shifts in our personal and work lives.

Provide your team as much information as possible on what to expect, and how things will move forward, as you go through each upcoming phase of your plans.

As you communicate with your team, keep in mind that employees may be dealing with personal COVID-19 impacts, such as:

  • Death of a family member of close friend
  • Sick or quarantined family member(s)
  • Loss of income by a spouse/partner/family member
  • Supervision of children learning from home
  • Lack of available daycare
  • Anxiety and stress
  • Feeling unable to return to working in the office

Be prepared to deal with the human side of Covid-19, not just the logistics.

  • Anticipate and have answers ready for employees about your requirements and their options
  • Establish a feedback loop and listen to staff issues and concerns
  • Engage your HR staff, service, or consultants to assist with communications, feedback, and responses
  • Update plans and timing as needed to mitigate staff concerns and business conditions

Prepare to Settle In

Set Expectations

As noted, above, experts are telling us to expect local/regional COVID-19 outbreaks throughout the fall and winter. With this expectation, we should plan for future stay-at-home orders and business restrictions. These will likely vary by location, complicating your planning efforts.

Remote work will be part of our operations for the foreseeable future. As you plan your next steps, make sure that your team is ideally equipped to continue working from home.

In the scramble to respond to stay-at-home orders, many businesses make necessary technology decisions for the near-term.  Now is the time to step back and take a long-term view. Employees may be working on home computers, using personal software, and working in a less-then-ideal space. Many businesses are also finding employees have signed up for free or consumer IT services to work around limitations, such as difficulty accessing files on company servers.  We still have a responsibility to keep information secure and private, and our employees and businesses safe.

Get Your IT Resources in Place

Settling in means adapting work environments — at the office and in employees’ homes — to our anticipated reality.

  • Improve security and access to company systems and data
    • Move data from on-premise servers to cloud file services to improve access and security; Map drives to cloud-data for compatibility with desktop software
    • Use Remote desktop and VDI solutions to move on-premise applications to the cloud, providing easy, high performance access without distributing data to remote computers
  • Ensure employees have workable use of your phone system (see this post for more info)
  • Reduce the need for remote PC, VPN and other remote access solutions that increase cost, complexity, and delays
  • Eliminate the need for shadow IT services by helping employees use existing capabilities in your productivity suite
  • Provide devices for employees that do not usually work from home
    • Consider rental, lease, and device-as-a-service option to manage costs
  • If unable to provide devices, upgrade home computers:
    • Add memory for performance and ensure the ability to run business applications
    • Deploy licenses of business software, even if employees are using consumer versions of the applications
    • “Next Gen” endpoint protections from viruses, malware, and ransomware
    • Web filtering and DNS security to prevent malware from infected websites
  • Provide employees with helpful accessories, such as noise cancelling headsets for video calls

We are here to help you plan and execute your next steps.  Our free Response and Recovery Assessment will help you with your planning, fully utilize your existing IT Services, and identify budget-friendly solutions to address any unmet needs and priorities. Email us or complete the form on our home page to schedule your assessment.


 

Coronavirus: Prep Instead of Panic

Updated Mar. 23, 2020. (new content in italics)

Coronavirus is in the news with broad localized impact.  The Centers for Disease Control is urging everyone to prepare for a major public outbreak of COVID-19 will strike the United States. Here is a high level update:

  • Extensive “Community Outbreaks” have been identified by the Centers for Disease Control (CDC), with confirmed cases rising at a sharp rate in several areas of the country.
  • Several states, counties, and local governments are issuing lock-down or “shelter-in-place” orders, severely restricting business and personal activities.
  • Many states and local governments restricting meetings and services.
  • School are closing for extended periods of time. Government facilities are closing to the public
  • Employers are restricting travel and meetings
  • Employers are telling employees to work from home
  • Restaurants and bars are restricted to carry-out and delivery only
  • Mandatory quarantines are in place in some areas

What does this mean for us and our businesses?

Experts currently agree that potential for wide-spread outbreaks exists and there is an urgent and critical need to minimize the spread of the virus.  That said, we should expect, and be prepared, to address localized issues.  These can include:

  • Employees being quarantined at home, or while traveling, due to possible exposure or systems.
  • Closing offices to facilitate social distancing
  • School closings, requiring employees to remain home with children.
  • Localized building shutdowns, including government offices, courts, etc.
  • Impact on, or hesitancy to use, public transportation; reduced public transportation schedules
  • Cancellation of conferences, meetings, and events.
  • Hesitancy to travel, or restrictions on travel destinations.

Each of these feels manageable if the inconvenience is only for a limited time. But with quarantines running 14 days (or more) and concerns that the virus might live on surfaces for as long as nine days, these disruptions may create serious challenges.

Question to Ask and Consider

  • Have we communicated a policy to employees that “Safe is better than Sorry”
    • Do employees know to stay home and avoid meetings if they are not feeling well?
    • Should your business alter or halt normal operations?
    • Should you close your facilities to some or all employees?
  • Can your employees easily and efficiently work remotely?
    • Does this include employees who normally work at the office?
    • What materials, documents, or services might they need?
    • Will functions, such as customer service, function properly with remote users?
    • For employees that don’t normally work at home:
      • Do they have sufficient Internet bandwidth?
      • Do they have the software needed to use your VoIP phone service?
      • Do they have an appropriate device (personal or company-provided)?
      • If using personal devices, do they have the necessary software and versions?
    • Can you extend business phone service to workers at home? If so, are you comfortable
      getting this setup?
  • Do you have the ability to replace travel and on-site meetings with video conferencing?
    • Are enough of your conference rooms equipped for conferencing?
    • Is your team comfortable using the equipment and services?
    • For employees who do not normally work remotely or use audio/video conferencing:
      • Do they have access to audio/video conferencing services from their devices?
      • Do they understand how to use the services from their computers or phones?
      • Are they comfortable with using these services?
  • What functions can be scaled back or delayed with minimal impact to operations, cash flow, customer service, etc.?
  • Which functions are critical to your business continuity?
  • Will supply chain issues disrupt your business?
  • How might the evolving economic fallout impact your business?

Steps to Take

As you consider and answer the above questions, and others, you can better understand how to prepare.  For some, enabling more remote work may be as simple as a temporary cloud file service or migrating files from on-premise file servers to cloud file services.  Other businesses might consider ensuring team members have suitable computers at home or company laptops available if needed. Now might be the time to add Teams Meeting or Hangout Meet hardware and services to your conference rooms and huddle areas. And some businesses may want to expand remote access to business systems or relocate applications to cloud servers.

The good news is that you are not alone.  As you monitor events, assess your risks, and plan, we are here to help.

Please:

  • Join our Open Office Hours on Wednesday March 18, 2020 at 2:00 pm ET.
  • Contact us and take advantage of our expertise and, if appropriate, our services.

We are in this together.

Thank you,

 

 

Allen Falcon, CEO and Pragmatic Evangelist

Risk and Reward – Protecting the Value of Your Business

Business ContinuitySeveral weeks ago, in a town not far from our headquarters, a massive fire destroyed a building housing six small businesses.  Our local business journal followed up a few weeks after the disaster with a poll asking business owners how prepared they are for a major disaster.

  • Fewer than 50% of responding business owners feel that they are fully insured, have an emergency plan, and could be up and running in a few days.
  • 39% feel that it could take a month or so, but they could eventually reopen
  • 17% felt they would be out of business or would required state and local aid to survive

While not a scientific sampling, the results are alarming.  Alarming for a few reasons:

  • Even with insurance, it can take days or weeks to get authorization so you can move forward with your emergency plan.  Securing a new location and replacing fixtures, inventory, etc. takes time, as does recovering computer systems and data.
  • More than 50% of businesses closed for 7 days due to a disaster fail within 6 months of reopening.  While many businesses might re-open in a month, the future will be challenging.

Your Risks are Yours

A major fire in a block of retail and service businesses creates specific challenges, as do storms and floods.  Many more businesses, however, experience disasters equal or greater in scope even if they do not have the same level of physical damage. Some examples we have seen.

  • A distributor of customized office supplies lost all electronic business records for the past three years when they where hit by ransomware. The attack corrupted their on-site backup servers as well as their main file and database servers.
  • A news publisher lost all of their physical servers, firewalls, and networking equipment when a sprinkler head failed in their small equipment room.
  • A small plastics manufacturer lost the ability to use their process control systems when embedded Windows workstations were corrupted by a malware attack.

In each of these examples, businesses with customer commitments, production schedules, and deadlines were idled for days. For some, full recovery can take months.  Beyond the hard cost of recovering systems and data, these businesses suffered from soft cost losses.  Missed customer commitments, delayed invoicing and collections, and the time employees spent on the recovery effort all have lasting impacts on your business.

Business Continuity is a not just a good idea, it is a responsibility. 

As business owners, our employees, vendors, and customers count on us.  While people can empathize with the impact of a fire, there is less understanding for businesses that fall victim to cyber crime.  Malware, phishing, ransomware and other attacks are generally preventable when your team is alert and aware of the risks and when you put reasonable identity, data, and system protections in place. And since no protection is perfect, you need to be able to recover quickly enough for your business to continue operating smoothly.

Here is some food for thought:

  • Know Your RTO:  Understand how quickly your business needs to Return to Operational.  Maybe you can work on paper for a few days. Maybe you need to be up and running in a few hours because you are at a standstill until systems are back online. Your RTO goal will guide your decisions on what protection and recovery/continuity services are the right match for your needs and budget.
  • Assess Your Risk: Understand the different disaster scenarios and how they may impact your business.  Think about physical issues, such as loss of power and catastrophic system failures, as well as other disruptions, such as cyber attacks and potential actions by a disgruntled employee.
  • Watch Your Flank: Asses how different types of threats could impact your business.  We are beyond hiding our computers behind firewalls. We still have physical threats, but we also have threats focused on networks, user identities, access control, third party services, and data sources and services. Each threat vector needs a plan for protection, response, and recovery.
  • Factor in Humanity: We used to talk about balancing security with ease of use.  Today, the humanity equation is different as most IT disasters take advantage of human factors like our fundamental desire be helpful when asked. In many ways, your team is your best defense. They need to understand the risks, the methods of manipulation, and the signs that something is not quite “right”.  Your team needs to understand the value of inconveniences like multi-factor authentication and enhanced privacy and access controls — that these protect them as well as the company.

Your next step.

Contact us.  It is time for a serious conversation about protecting the value of your business.  A basic assessment of your business continuity profile will identify risks and gaps. From there, we can discuss improvements and their business value so you can make informed decisions that balance your risks, needs, and budget.  Business Continuity solutions — from disaster prevention through recovery — do not need to bust your budget.   For most business, changes in security settings on existing systems paired with modest, incremental services provide the protection and recover-ability you need.

Inertia: The Science of Business Continuity

Newtons CradleTo paraphrase Newton’s Laws of Motion (with credit to Galileo) …

Absent an unbalanced force, an object in motion will stay in motion and an object at rest will stay at rest.

While this holds true for objects in a friction-less environment, it holds true for our businesses as well. Our businesses are in motion, working each day to service our customers with rhythms and cycles throughout each day, week, month, and year.

Our business cycles continue, until we meet an unbalanced force.

Some forces we expect, like changes in the economy that occur over a period of weeks or months.  Others forces are event-driven, such as storms, cyber attacks, and key employee departures. The sudden nature of event-driven forces can catch us by surprise, cripple our businesses in the short-term, and disrupt our normal cycles for the long-term.

A Case in Point

A company here in the northeast manufactures and distributes a customized product that customers generally replace or re-order every 2 to 3 years.  80% of the firm’s business is repeat, creating a strong and stable business. The company was hit by ransomware twice in a 3 month period.  The first attack, scrambled their files and their servers, but left their financial system in place.  They lost a day’s worth of data.  The immediate recovery took 3 days; the full recovery took nearly two weeks.  After three days of cleaning systems and restoring data, the company’s systems were up and running. They then had to enter the initial day lost data and all of the business activity for the 3 days their systems were down.  They allocated 1/3 of everybody’s time to recover the data, reducing productivity by 33% and impacting their responsiveness to customers. To enter the 4 days of missing data took over 10 days with the team working part time.

Inertia Takes Hold

This initial event changed the cycles and motions of the company. Whenever dealing with any business activity during the outage and recovery periods, they need to double check to make sure the information entered was complete and correct. And since some activities, like shipping and invoices related to prior activities, they need to double-check these connections.  Long after the two week recovery period, productivity is still down as the company’s daily motion now includes double-checking information that they are not sure they can trust.

Lesson NOT Learned

With so much focus on getting the business back into its normal rhythm, and the additional cost involved, the company did not act on recommendations that could help prevent a future attack and better ensure their ability to recover should a future attack occur. Whether the second attack was a different attack or they had failed to fully clean their systems does not matter.  The second attack was not caught until after the company’s backup server was hit, rendering their backups useless.  The company lost three years of data.

Inertia Creates a New Cycle

To recover from this attack took more than balancing data entry and on-going business. It was not feasible to manually recreate three years of data. While entering about 6 months of data for the fiscal year, they settled for a solution that created new methods and rhythms with long-term effects. They recalled all of their paper records from storage into an expanded warehouse space.  When a customer calls to re-order product they ordered 2 or 3 years ago, they search and retrieve the physical paperwork so they can create the new order. Every returning customer creates a scramble to find the paperwork in short order. Actions required in an emergency become part of the new normal. Inertia.

What You Can Do

You can be prepared with solutions that balance external forces beyond your control.

  • An educated and aware workforce balances the human manipulation that enables cyber attacks
  • Advanced threat, DNS, and web protections balance the forces of cyber attacks hitting us daily.
  • A robust backup/recovery and continuity system balances the forceful impact of disruptive events, giving you the ability to be up and running in hours not days.

If the company in our case study had implemented the recommended solutions after the first attack, they second attack would have disrupted the business for less than half a day — and may not have happened at all. The investment in communication, prevention, and recovery, while not trivial, was minor compared to the short term recovery and long term impact on the business.

If you are not ready or willing to have your business’ inertia redirected by forces beyond your control, now is the time to act.


Contact us for a free, no obligation, Cloud Advisor Session to discuss your business recovery and continuity needs and plans.


 

Pending Storm; Pending Doom

A quick scan of the weather headlines late on Thursday afternoon: a “Nor’easter” storm going through rapid escalation, know as “Bombogenisis”, looks ready to hit New England tomorrow with rain, snow and hurricane force wind gusts. Now it is Sunday, and many small and midsize businesses along the northeastern coast are wondering when, or if, they will be able to reopen. The impact of disasters is increasing. We can argue about climate change versus weather. We can discuss our aging infrastructure. We can debate whether to plan for disaster causes or effects. If we do not, however, make our businesses more resilient, the quantity and severity of disruptions will continue to grow.

The coming storm should not foretell coming doom.

By taking advantage of proven cloud services, most small and midsize businesses can protect themselves from disruption. Many businesses in coastal areas of New England may be without power and other utilities for 2 to 4 days. Businesses with no continuity plan are down and out. Given that about 50% of businesses shut down for a week will fail within six months, “down and out” can be fatal. If you rely on VPN or remote desktop to on-premise systems, you are still at risk — no power means no on-premise networks or servers.

Businesses with key systems in the cloud, however, can be up and running if employees have power and Internet access.

So what are your next steps?

First, measure the impact on your business of a disruption lasting one day, three days, and five days?  As you do, consider the full cost of recovery, including post-disaster productivity loss as your work to recover lost data and time while keeping things moving forward.

Second, consider the value of keeping your business running rather than having to recover and regroup. Beyond the dollars and cents, understand the value to your customers, to your reputation.

Third, contact us for a complimentary Cloud Advisor Session to discuss your cloud and continuity strategies.

library

Nothing Found

Sorry, no posts matched your criteria