Posts

How your disaster recovery plan can make you more productive

There’s no doubt that a good disaster recovery plan (DRP) can be extremely useful in a crisis. Indeed, it’s one of the things that very often determines whether or not a business will survive a catastrophic event such as a fire, flood, or ransomware attack.

In fact, the difference it can make is huge. One report noted that up to 40% of businesses with no plan in place were unable to recover quickly or fully from a ransomware attack. With a plan in place, just 7% of businesses suffered the same fate.

With both malicious attacks and natural disasters on the rise (2017 was the most expensive year on record in terms of natural disasters), it’s clear that having a robust DRP in place is more important than ever before. But the value of a disaster recovery plan during a catastrophic disaster isn’t the only reason to spend some time creating one. A good DRP can also make your business more productive.

Here are four ways in which a solid Disaster Recovery Plan can help your business, even during non-crisis times.

1. It allows you to retain access to data

Secure, off-site backup of key data is an important part of any solid DRP – but having essential resources backed up in the cloud can be immensely useful in a range of ways. First and foremost it enables your employees to be more flexible. Should a device break, for example, work can still continue on another device, with cloud-based files and software still available. Plus employees are empowered to work as normal even when traveling or working from home.

2. It ensures robust communications

Multiple, robust means of communication should be a part of your DRP, as the ability to communicate will be vital during any disaster that threatens your business. But having several functional, reliable channels of communication can also make your office more productive in general. Sometimes one means of communication is more suited to a particular task than another, and having options allows employees to pick the most appropriate one.

It also helps deal with small disasters. Inclement weather or a network outage can cause chaos. That chaos is significantly reduced if your company still has at least one functioning means of communication.

3. It helps you know your assets

A detailed inventory of key assets should be a part of any DRP. This is extremely useful when it comes to making an insurance claim, or replacing lost or damaged equipment. Consider also, however, that a detailed and up-to-date hardware inventory could have a range of other uses, from ensuring that devices are maintained and kept up-to-date, to repurposing old equipment rather than letting it go to waste.

4. It keeps your prepared

A good DRP isn’t something you can set up and forget. It requires routine testing, maintenance, and regular training of employees. This is an opportunity not only to instill a sense of preparedness, but also to introduce employees to emergency contacts and procedures, and help them learn more about the structure of the company.

Training staff to support the implementation of a disaster recovery plan, for example, may involve familiarizing them with the IT helpdesk options available to them. This will obviously be useful in the event of a disaster but is also pretty handy for helping them resolve more everyday concerns.

Conclusion

A disaster recovery plan might be crucial to your business during a crisis… but it can also make a significant difference when everything is working as normal. Just one more reason to be prepared.

Contact your managed IT services provider today for help creating and implementing a disaster recovery plan to keep your business safe.

The quick guide to business continuity

There are some things in business you can predict with accuracy, but there’s a lot that’s anything but predictable. For example, you have no way of knowing when a natural disaster, software misfire or simple power outage will strike.

It’s not a comfortable feeling, thinking that your company’s fate is out of your control.

The good news is that you don’t have to be out of control, even when everything around you feels like chaos. Not if you have a plan. Specifically, a business continuity plan.

Read on to learn more about business continuity plans: what they are, why they’re so essential, and how to create one for your business.

What is a business continuity plan?

A business continuity plan is your plan for keeping your business productive, even when there are significant obstacles in your way. In other words, it’s a way of preparing for unforeseen circumstances (like natural disasters and cybersecurity breaches) that critically threaten your company’s efficiency and bottom line.

Before you wave off the idea of disaster striking, keep in mind that “disasters” can take many different forms:

  • As mentioned before, there are natural disasters, like earthquakes, fires, tornados, hurricanes, snowstorms and floods
  • You should also be prepared for hardware issues, like hardware failure
  • Then there are minor emergencies, like a power outage, inclement weather days and temporary loss of internet connectivity
  • And finally, a big one—cybersecurity-related issues, like ransomware

Their common element is simple. Any of these events can take your network offline and leave your staff without the tools you rely on day after day.

When that happens, whether it’s for a few hours or a few weeks, what will you do? How will you stay in touch with your employees and customers? What critical processes will you need to keep online, no matter what, for the sake of the company’s stability? For that matter, what’s the first thing you would do in the wake of a true disaster?

The answers to those questions form the basis of your business continuity plan.

Why is business continuity so important?

Business continuity matters because you don’t have a bottomless bank account. When a disaster sidelines your business, you can only afford to be out of the game for so long before it will do you in.

We know. That sounds dramatic. And we’re not ones to use scare tactics at all, but the stakes really are that high. Without a business continuity plan, you’re risking your company’s entire future.

You can’t stop disasters from happening, you can prepare for the worst, which dramatically increases your chances of survival if something goes wrong.

MCA team

Building your own business continuity plan

The best advice we can give here is to seek the consultation of a business continuity expert. This is complex stuff. A thorough strategy really does warrant professional help.

However, anyone can begin thinking about risk and making plans for the future. Plus, we know a lot of small businesses simply don’t have the funds to hire a consultant. With that in mind, here’s what you need to know to create a basic business continuity plan.

Identify your assets

A lot of small business owners are tempted to start the process by thinking about everything that can go wrong. You might find yourself drawn specifically to thinking about how to recover from a fire or flood, for instance.

That’s generally only a good idea if you already know your business is facing an imminent risk. If, for example, there’s a hurricane bearing down on your data center.

Otherwise, it’s better to think of business continuity not in terms of possible risks, but in terms of what you might lose and how it would impact productivity.

What assets does your company have? What purpose does each device, vendor, key employee, location, and piece of hardware have within your organization? And what solutions do you rely on for communication and what will you do if those systems go down?

You can’t understand or prepare for every risk your company could possibly face. But you can start thinking about things you might lose and how you’d overcome the resulting challenges.

Think about downtime

Next, consider what’s absolutely necessary for your business to continue operations and start mapping out contingency plans for keeping those processes online.

We’ll give you a basic example. Let’s say you use email and smartphone for most of your internal communication. What will you do if your email server is offline and the cell phone towers are down? What’s your backup plan for communication?

Think through every detail. Who takes the lead on re-establishing communication? Do you start by reaching out to employees or customers? What will you coach employees to tell customers? And does everyone in your organization know this plan? (Because they should.)

All of that will serve to shorten the length overall downtime and minimize its impact.

MCA data center

Implement preventative controls

Preventative controls help you avoid disasters. They’re not failsafe, but they do decrease your risk.

For instance, back up your business data regularly. That way, a disastrous hardware or software failure becomes an inconvenience (you have to restore the most recent backup) rather than a catastrophe (you lose a significant amount of data).

Preventative measures, like regular on and off-site data backups, represent an investment of time and money. Lower expenses where you can, but do not cut corners. Trust us. You’ll be glad you were on top of prevention if and when you need it.

Map out your recovery strategy

Finally, map out about your overall recovery strategy. Document as much as you can. Train your staff. And make sure there are copies of the plan in places where people can easily get to them.

Business continuity is useless if everyone doesn’t know the plan and isn’t prepared. Keeping everyone in the loop is absolutely critical. In fact, just the exercise of mapping your plan out will likely draw your attention to weak points in the plan.

backup icon

Final thoughts

Business continuity plans help you recover from a disaster and preserve your company’s long-term viability.

Taking the time to carefully assess your company’s assets, determine what’s critical, mitigate your risk, and figure out how to get key assets back online will save you when it counts. If you can afford it, this is definitely an area where hiring a pro is recommended. But if you can’t, don’t neglect business continuity. Do what you can to prepare your company.

7 Things You Should do Before You Contact IT Support

Something’s wrong with your computer, laptop, tablet or phone. It’s not an uncommon situation, with one study finding that the average employee loses a lot of time to IT-related issues. Whether it’s a mysterious error message, an intermittent blue screen, or routine freezing and hanging, the first instinct is to pick up the phone and call your IT support desk.

That is, of course, the right thing to do. Your IT help desk has the knowledge and skills to help resolve almost any IT-related issue… but before you make that call, there are some things you may wish to try that could help instantly resolve your problem, and which will, in any event, make the process of getting help for your problem faster and smoother.

Try basic troubleshooting

For many tech-related problems, there are a few steps you can take yourself that will resolve the vast majority of problems. Let’s start with one you’ve probably already heard of: turn your computer off and turn it back on again. It may sound basic, but it really does resolve a lot of problems – by some estimates more than half of reported IT-related issues can be resolved in this way.

If, on the other hand, a piece of hardware doesn’t seem to be working as it should (or if your computer appears completely unresponsive) it’s worth making sure it’s plugged in correctly. Ensure that it hasn’t been unplugged since last you used it and that all cables are firmly in place.

2

Run a Google search

For minor issues, a quick Google search can often work wonders. Some problems arise because you may accidentally have changed a setting or moved a vital file. A Google search for a description of your problem or any error message you’ve received can help resolve the problem instantly.

While this is a great solution to some problems, unless you’re able to find a simple and well-explained fix that you can fully understand, it’s still worth contacting IT support – it’s their job to monitor issues and maintain the health and efficiency of devices in your workplace. A Google search is only an appropriate way to tackle relatively minor errors.

3

Run a virus scan

Your computer should be equipped with anti-virus software. If you’re still able to, it’s a good idea to run a full scan of your system. You should have regular scans scheduled as part of routine maintenance, but running a scan when you encounter a problem can catch anything that has struck in the hours since the last scan.

Some anti-virus software will be able to quarantine and remove threats on its own. If it can’t, IT services will nonetheless find the information and logs it’s able to provide useful in neutralizing the threat.

4

Save error messages

By this point in the list you’ve run through some basic troubleshooting measures and your problem still hasn’t been resolved. It’s time to put in a call to your IT help desk. Before you do, however, there’s some information you can gather to help get your issue resolved quickly, and get back on track as soon as possible.

If you get an error message, for example, make a note of exactly what it says. Although it may sound like nonsense to you, many error messages contain a lot of information which an IT professional can use to help diagnose a problem.

5

Make a note of what happened

While your memory is still fresh, try to map out what lead to the issue. Were you updating something? Were you using a particular piece of software? Did you notice anything strange in the hours leading up to the issue, such as your device running slowly, or making system noises? The more information you’re able to provide, the easier it’ll be for the IT helpdesk to make a clean and clear diagnosis, and the quicker you’ll get to a solution.

6

Can you recreate the issue?

Does the problem occur on a regular basis? And if so, can you pinpoint what it is that makes it happen? Knowing that a problem occurs when you try to run a certain piece of software, or when you try to shut down your computer, for example, can really help narrow down the field of possible issues, and get you to a prompt solution.

7

What are you working with?

Finally, it’s extremely useful to know what machine, what operating system and what software you’re working with. Some devices have this printed on their casing, or on a sticker, while others will provide it under the heading of “About”. If you’re able to, make a note of this information before placing your call. Knowing how up to date the hardware and software can be instrumental in resolving IT issues.

Conclusion

It’s never fun having to deal with IT problems, but by following these steps you can resolve some simple issues for yourself, and ensure that when you do have to call your IT help desk, they can get you to a solution quickly and easily. With luck, you can be back at work within minutes rather than hours.

DIY network maintenance every business owner should know

Managing your network probably isn’t your favorite part of being a business owner. Unfortunately, it’s most likely at the top of the list of things that keep you up at night. In fact, according to the 2018 Small Business Risk Report conducted by Forbes Insights, 94% of businesses face cybersecurity risks.

So while there definitely is reason to be concerned, you can alleviate some of the risks by following a few simple strategies.

94% of businesses face cyber security risks.” Forbes Insights

Provide training

Your employees are your first line of defense against threats. Having everyone trained and involved is vital to keeping your network safe and secure. You can begin by scheduling a company-wide meeting to specifically discuss security and compliance.

Rather than a formal training session, start with a dialog approach that allows everyone to share stories and ask questions. This will enable you to get an understanding of how well-informed your employees are about your current solution and determine how much training will be needed. Then it will be easier to start the project with a clear idea of what to cover first.

Run simple courses

Employee training will make your staff more effective at their jobs (even the little things help a lot!). Training on creating strong passwords, using two-factor authentication, how to recognize phishing scams and routinely run software updates on their computers will help everyone get up to speed quickly. This is an easy way to greatly reduce the probability of cyber attacks due to employee negligence.

Provide transparency and open communication

Employees need to feel comfortable and safe, even if they’ve inadvertently put your network at risk. It’s important that they come to you when something happens so you can deal with it quickly. That way you can execute your data recovery plan as quickly as possible.

Provide tools that enable self-monitoring

Enable your employees to have some control over the safety of their company. By giving them the tools they need and the responsibility to use them, they’ll be more invested in helping you maintain your network security, saving your IT staff time and energy.

Test regularly

Taking an inventory of your network for vulnerabilities can help you nip a potential problem in the bud—or prevent it altogether. By testing for weaknesses when you’re not in the midst of a crisis, you can save money and hours of downtime.

Although testing may seem time-consuming and disruptive, setting a regular schedule should make it a lot more manageable. Determining what can be tested simultaneously, picking low traffic times and staggering systems should make this process less tedious and more efficient.

So rather than blocking off an entire day or days to do it all at once, you can devote a minimum of time over the course of a few days and get the same effect. Of course, consulting with experts is always a good idea, and they can tell you which course of action will work best for your organization.

VPN Monitoring tools

Although a Virtual Private Network (VPN) provides encryption to protect your data, testing for leaks weekly will help to discover any problems that could potentially harm your network.

Run a services audit on servers

Over time your servers will be running more services than you need. Clearing these out on a monthly basis will make your network less vulnerable as well as improve their overall performance. Make sure that if you use a hybrid cloud solution that any third party does the same with their servers.

“The key to an effective cybersecurity strategy is regular penetration testing and continuous intrusion detection efforts.”
CIO

Update frequently

When a vulnerability is discovered, companies will issue patches to counteract it. If you’re not keeping everything up-to-date, you could miss out on major bug fixes and face potential risks.

While keeping everything updated has its challenges, software updates can be made with relative ease.

Important things to remember:

Update your OS and software

Updating software doesn’t usually take a lot of time. Some even give you the option to update automatically when it becomes available. You should keep an eye out for any significant changes but most updates mainly consist of minor patches or incremental improvements.

Update your router

Firmware tends to be out of date after only one year so you might have to update the router manually. This will ensure you have the most recent bug fixes and any security updates. If all else fails, you can always just replace your existing router for a new one.

When it comes to your servers and hardware, things can get a little more complicated. That’s not to say that’s it’s difficult. It just might take more time and energy to ensure you have everything you need to keep your network running smoothly.

Update servers

The good news is that typically your servers are less vulnerable to attack. The bad news is that if a cyber attack does occur, it can infect all your other systems. Updating your servers is crucial but it usually requires downtime so plan accordingly.

Update hardware as often as needed

How often you update your hardware is up to you. However, there are risks associated with keeping outdated technology around for too long. Frequent breakdowns and loss of data could hinder employees’ ability to work at peak efficiency. Running an annual assessment at the very least should help you make a determination when to pull the plug, make upgrades or invest in new equipment.

“Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years,” René Gielen, Vice President of Apache Struts

Be proactive

Taking steps to ensure that you have protocols in place to prevent attacks before they happen is probably the best way to save yourself some headaches in the future. Although you might be hesitant to spend the money upfront to beef up your security, it will save you money in the long run.

Invest in an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS)

An IDS will notify you of botnets, malware, worms, Trojans and can test for vulnerabilities. An IPS do the same thing but can also be set up to take actions like blocking traffic when a threat is detected.

Fortify your firewall with a Web Application Firewall (WAF)

A WAF will protect against remote file intrusion, cross-site scripting and forgery and other threats that could put your customers’ information at risk.

Install antivirus/antimalware

Make sure your servers and computers all have the same software installed (maybe make a central backup on a central server). This will help to avoid conflicts that could lead to gaps in your protection.

“Many businesses remain too defensively-focused in the way they address cyberthreats.”
TechRepublic

Final thoughts on network maintenance

There are always going to be threats to your network. However, taking a proactive approach and putting a plan in place can help to significantly reduce your risk. If you find that you’re having difficulty with any of these points, it might be time to switch around your internal organizational structure.

Once you’ve determined a plan of action, be sure to stick to it. Make a commitment to hold yourself and your team accountable to keep your network safe and secure.

The MCA approach to disaster recovery

You’ve built your business. It started as an idea, then it grew. Somewhere along the way, you grew as well.  You bought that fancy ERP system, you built accounts, analyzed revenue, tracked expenses and optimized your processes.  You’ve even bought those really expensive servers to run it all.

But if you’re honest, did you really give the same amount of attention to your “what if” plans? I mean, it probably was a “what if” that inspired you to start your business. It was most likely a “what if” that grew your business and optimized it.

But “what if your business immediately stopped”, probably didn’t make the list when planning. Yes, we are talking about a business. But it’s kind of more than that, isn’t it?  We’re talking about people, payroll, families, commitments, products and reputation.  It’s kind of a big deal.

At MCA, we focus on the things that matter, so you can focus on the things that matter.  This means asking the “what ifs” to avoid the “what nows?”.

Our approach to disaster recovery and business continuity

There is a big difference between disaster recovery (DR)  and business continuity (BC)—the difference being big in mindset, process and money.  So understand that disaster recovery is the action plan to recover critical systems. Business continuity is the execution of the preventative plan to keep all aspects of your business running despite an interruption.

Understanding the cost of downtime

To effectively plan, we need to know what is at stake.

  1. Develop your RPO and RTO – Recovery Point Objective (RPO) is the point in time which you recover to. For example, if you’ve backed up a file 30 minutes ago, and made a bunch of changes, and lost the file in the middle of the changes, your RPO would be 30 minutes, because that is the most recent version of the file in existence. Recovery Time Objective (RTO) is the amount of time it takes to restore operations based on your RPO.  If using the previous example, the RTO of 30 minutes would mean that a restoration of a 30 minute RPO would make the file 60 minutes old.  This is because it took 30 minutes to restore a file that was 30 minutes old.
  2. Implement production solutions with the DR vs. BC, the cost of downtime, and your RPO & RTO in mind. Our goal is to implement all solutions with resiliency in mind.  If and where possible, implement technology solutions that can withstand RPO failures and can recover within the RTO.
  3. Implement a Backup and Recovery solution to recover from catastrophic disaster, user neglect and data corruption. Stuff is going to happen.  We still need to recover, and fast.   Corruption, deleted files and crashed systems must still be recoverable within the RTO and RPO window.
  4. Evaluate. Repeat. This process constantly evolves based on your business and technology needs.

You may not be able to stop unexpected emergencies on your own, but you can make sure your data is always protected. That’s the assurance data backup gives you.

Working with our disaster recovery & business continuity experts will be essential in the event of catastrophic data loss. When you know your data is safe and secure, you’re free to focus on the things that really matter to you—at work and at home. Now that’s peace of mind.

Contact us today to learn more about our solutions for data backup and recovery.