Statistics are showing that each year over 50% of small firms are victims of a cyber attack or data breach. Why does this matter? Most smaller firms have not prepared business continuity plans to keep their IT infrastructure going in the event of an attack. Failing to do so often leads to the failure of the business. Delaying the creation of a business continuity plan is a bit like a younger person delaying writing a will, on the grounds that they are not likely to die soon. That may be true, but if the worst occurs the consequences can be severe for their heirs.

If the chance of a breach that could compromise your data or cripple your IT infrastructure is over 50%, there is every reason to immediately develop plans for how your business could maintain operation in the event of an attack on your IT systems.

This is an effort that shouldn’t be delayed. Contact Net DirXions, Inc to help you develop a complete and holistic business continuity plan immediately. Your income and your future depends upon it.

With the devastating fires in California this month,  every business has to prepare for the worst. Those that don’t may never fully recover from a disaster. But not all disasters are created equal. And not all businesses are at risk for every kind of disaster. That’s why we’ve put together this quick Disaster Survival reference guide to help you ensure that your business can keep operating even if a natural disaster strikes. 

BUILDING FIRE OR FLOODING

Description: Fires or floods within an office or building can range from small incidents of short duration to the complete destruction of the facility. 

Potential impact: Even a relatively small fire/flooding incident can have a very disruptive impact on a business. For example, a small fire in an office on an upper floor can result in the complete flooding of computers and telephone systems in the offices below as the building’s sprinkler systems kick in and firefighters seek to extinguish the blaze. Similarly, even a relatively limited amount of water leaking from a broken pipe or valve can put some or all of a business’s technology infrastructure out of commission. A large fire, of course, can force a business to have to relocate all of its operations temporarily or permanently. 

Risk factors: There are approximately 100,000 commercial building fires in the U.S. per year, according to the National Fire Protection Association. Those at highest risk include manufacturing facilities, as well as offices located above or in proximity to restaurants because cooking is a primary cause of non-residential structure fires, just as it is in homes. 

Warning times: Water damage from failed plumbing, sprinkler systems, etc. can short-circuit electronic equipment with zero warning. However, building alarm systems typically give employees a few minutes to shut down critical systems and evacuate the premises. 

A large fire, of course, can force a business to have to relocate all of its operations temporarily or permanently.  

Technology Continuity: 

As noted above, the severity and length of business disruptions caused by fires and flooding can vary considerably. 

To be prepared for extended or permanent facility damage, businesses should: 

• Maintain continuous off-site backup of data, applications, and server images. 

• Have arrangements in place for re-routing incoming calls to an alternative site and/or to employees’ mobile phones. 

• Prepare an emergency posting for the company website that can be activated immediately and progressively as the consequences of the event unfold. 

Prepare an emergency posting for the company website that can be activated immediately and progressively as the consequences of the event unfold. 

People Continuity: 

Because building fires and flooding only affect individual structures (or, at worst, just a few adjoining ones as well), businesses impacted have a lot of options for keeping people productive. Business Continuity plans should include: 

• Arrangements in advance with a nearby shared/furnished office space provider, hotel, college, or other facility for an immediate/temporary operations command center. 

• Next-day workspace provisioning in another company facility, emergency failover “cold site,” or at home personal desktops/laptops with appropriate call forwarding. 

• Internal communications for keeping employees updated on resource availability, recovery status, etc. • Any necessary third-party contracting for shipping/receiving, mail processing, duplicating, etc. 

Process Continuity: 

Again, because building fires and flooding are highly localized, they typically only disrupt processes that touch a single company location. Business continuity plans therefore need to provide for alternative locations and means to perform actions such as: 

• Answering phones

 • Processing orders 

• Issuing invoices 

• Signing checks 

• Filing reports required by regulatory mandates 

Businesses may also seek policy provisions that address work done from home or other locations while the facility is under repair (and/or a new location is secured) as well as business losses that may occur despite best–effort BC planning and execution.

Insurance Considerations: 

A properly insured business should have a policy that covers the expenses above, in addition to the physical damage directly caused by the fire or flood. Businesses may also seek policy provisions that address work done from home or other locations while the facility is under repair (and/or a new location is secured) as well as business losses that may occur despite best-effort BC planning and execution 

Don’t steal. It isn’t nice. And… it makes you extremely vulnerable you security hacks if you “steal” software packages. Smaller firms often will use unlicensed software packages to save money. This is especially true if they only need a program for a specific task. Aside from the legal and ethical issues involved here, there is a very selfish reason not to do this. Software providers are constantly sending users updates to their programs, and those updates aren’t just about features. They include fixes to security holes and protections against specific new viruses that have been discovered. So, the longer you have an old, outdated software program on your PC or laptop, the more vulnerable you become. Is it really worth saving $200.00 when your entire business’s IT infrastructure could be put at risk? We suggest not.

It just keeps showing up in the news. Ransomware seems to just not come to an end. If you haven’t heard, ransomware is a particularly nasty virus that freezes access to your data and then demands a ransom, usually in bitcoin. The worst thing about it is that once you are hit, there is almost nothing you can do. There are only 2 options: don’t pay the ransom and lose your data, or pay it. There is no “downloadable” fix. You are stuck. With ransomware, the ONLY cure is prevention.

In the case of ransomware you need to be constantly updating your data and securing it in isolation from your network. Even then, if your backup system overrides your older data each time it backs up, you can actually save the virus if it has infected your system at the time of the backup. To make sure you are as protected as you can be, we strongly recommend you contact a technical security expert to consult on the best way to protect against ransomware and other security hacks.

Many small firms are pretty busy handling their own business, and don’t give much thought to what they would do if a natural disaster from a bad snowstorm to much worse hit their physical location and cut power, or physical access to the building. What if the equipment storing all of your data and software needed to run day to day operations became inaccessible? What would happen to your ability to continue to serve your clients or customers?

Though we call it the cloud, with images of gray skies and rain, the cloud can be a ray of sunshine. It is an excellent and cost effective resource for smaller firms to make sure they maintain 24/7 access even in bad weather. Because everything is maintained off site, you can (1) bypass disruption or damage that may have occurred at your physical site, and (2) access what you need to keep your business functioning from any remote location.

Small firms need to realize they are most vulnerable to business disruptions, as they have less capital and fewer resources to carry them through a bad period. The cloud represents a simple and value driven resource to address business continuity issues that could turn a small firm’s business upside down.

If you’ve been following the news, the Internet of Things (IoT) is getting increasing attention. You’re probably also thinking this is some Silicon Valley fancy thing that will take years to reach the rest of us.

Not really. You probably already have some items of your own tied into the Internet of Things.

First of all, what is the IoT? Simply, it is any object that collects data about itself or its surroundings, and then transfers that data across a network to some other object, which can then make use of that data. For example, if you have a baby monitor that sends crib pictures from upstairs to your phone, you’re tied into the IoT.

But what about business people? Where is it showing up in the workplace? You may have security cameras tied to a network where they can be monitored by a PC or phone. A front door lock that can be remotely opened via phone. A thermostat that can changed by the same phone. Internal lights that go on when you phone approach. All of these are part of the Internet of Things.

If you have questions about whether being tied into IoT presents a data security issue or hacking threat, you should contact a service consultant to discuss these issues. Headlines are now appearing about hacking into the IoT for nefarious purposes. It is a good idea to stay ahead of the curve because as a business, data is a revenue-critical issue. Seriously, you don’t want the front door telling someone your client’s private data.

Any business that stores customer payment information must comply with a number of state and federal regulations. The legal, healthcare, and financial sectors have a number of laws tailored specifically for them (such as HIPAA or CISPA). If you run almost any kind of professional practice or agency you probably have very specific data security requirements. Running afoul of these regulations puts you at risk for legal action and probably means that you have bad security in place.

As a professional, your focus needs to be on your clients and running your firm. Regulatory requirements to ensure data security can be complex and include rigorous testing requirements. Ensuring compliance with the regulations can be a serious distraction for you and take you into territory where your experience is limited.

One of the best solutions is to work with a third party who has strong credentials in the area of regulatory compliance and data security. When you are working with a third party to set up security or data storage, make sure that they have experience working in your industry. Finding a service provider with experience in your profession can give you peace of mind knowing that you can focus on running your business without the distraction of ongoing technology concerns.

You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are careless with passwords.

1. Change Passwords – Most security experts recommend that companies change out all passwords every 30 to 90 days.
2. Require passwords that mix upper and lowercase, number, and a symbol.
3. Teach employees NOT to use standard dictionary words ( in any language), or personal data that can be known, or can be stolen: addresses, telephone numbers, SSNs, etc.
4. Emphasize that employees should not access anything using another employee’s login. To save time or for convenience, employees may leave systems and screens open and let others access them. This is usually done so one person doesn’t have to take the time to logout and the next take the effort to log back in. Make a policy regarding this and enforce it. If you see this happening, make sure they are aware of it.

These are just a few basic password hints, but they can make a difference.