No Power? No Problem. Just Plan Ahead…

Natural disasters, severe weather and even cars that knock over electric poles, can all wipe out power sources and cause businesses to lose the ability to communicate through cellphones, landlines and email.  If you are a business owner, being forced to inconveniently and unproductively “wait it out” is usually not an option.  And, power outages can be much more than inconvenient; they can be costly.

A study by the University of Lincoln has concluded that “power cuts will become more regular around the globe as electrical supply becomes increasingly vulnerable and demand for technology continues to grow at an unprecedented rate.”1    And, The Washington Post reports that “the U.S. grid is aging and stretched to capacity. More often the victim of decrepitude than the forces of nature, it is beginning to falter.   Experts fear failures that caused blackouts in New York, Boston and San Diego may become more common as the voracious demand for power continues to grow. They say it will take a multibillion-dollar investment to avoid them.”2

Organizations need to be prepared for a power outage, regardless of the cause. That preparation should be focused on preserving data both inside the office as well as data located on servers stored in an offsite data center.  All of your digital assets, including software, are vulnerable to being wiped out during a power failure.  To protect your business and eliminate that vulnerability, you need to do some prep work to back up your data and implement basic hardware security measures.

Many business owners prefer not to think about this, but safeguarding your assets will allow your organization to at least partially function during an event vs. being at the mercy of the power grid.  The amount of time and money it takes to prepare for a potential power failure is fractional compared to the amount of time and money it would take you to rebuild your empire of digital assets from scratch.  Digital assets get wiped out all the time during power failures.

Back up your data and get your employees on board with performing regular backups of their work. This is the most basic of all requirements for being ready for a power outage, but many people don’t do it, either because they don’t know how or it can seem overwhelming. Not backing up your files is taking a huge risk that everything could be gone in the blink of an eye.

Organizations with larger networks should have backup servers that can continue to distribute data during, or, after an emergency.  Off-site data backup is recommended, and, data may also be saved to the cloud.

Even if you have multiple backup locations for your files and don’t have to worry about losing your digital assets, you still need to be aware of the potential for losing your physical devices like computer hard drives, power sources, and motherboards. It should be noted that solid state drives are not immune to being fried by a power surge.

It is not the power outage that causes damage to your hardware, it’s the power surge that does the damage. A surge protector is one way to prevent damage to computer hardware, but it’s not a guarantee – sometimes they work, sometimes they don’t. How well it works will depend on how much power your particular unit is designed to withstand and if you’ve replaced it.

If your equipment is damaged, the most efficient and cost-effective fix is to replace the unit.  While the hardware may not be expensive, the labor costs alone will often outweigh the price of a new machine.

If you’ve got your data backed up, you probably don’t need to worry much about the cost of replacing your hard drive; most hard drives are fairly inexpensive. Even so, it’s a hassle to replace, so you should protect your hardware as much as possible.

The first line of defense against power outage issues that impact business continuity is on-site power protection. This is a proactive measure that requires planning and implementation before the power outage occurs. To protect data and servers, organizations should have uninterruptible power supplies, or UPS’s, and ideally, an on-site backup power supply, such as a generator. This can ensure that your business suffers no loss of data in the short term, while your continuity plan is being implemented.

In addition to backup power solutions, load-capping software and power distribution units should be considered. For short-term outages, battery backup may be sufficient for communications and VoIP systems. Planning should include identifying and outlining battery specifications and status as well as battery-replacement policies. Emergency battery-powered lighting should be available in multiple areas around your building if you do not have a backup-lighting system.

The cost of providing on-site power for a long period of time can be high, so for outages that last longer than an hour, organizations should have alternative options, such as an off-site location for protecting data and ensuring access.

Securing off-site data backup and disaster recovery solutions, such as Bryley’s Business Continuity, is something every business should have in place before a power outage occurs, and most organizations should take that a step further and move all critical IT infrastructure into the cloud. Data centers provide improved resiliency, reduced power and cooling expenses, and easier infrastructure management, in addition to ensuring continuity during power outages.

A few more tips…

  • Always plug computers and laptops into surge protectors instead of directly into the wall.
  • When your laptop or other digital device is done charging, unplug the charger immediately. This saves your battery from losing charge capacity, and it also makes sure your device won’t get fried if there’s a power surge.
  • Have an uninterruptible power supply (UPS) at every desk and make sure your employees know what to do after a power surge. The UPS may only give them enough power to properly shut their machine down, so they’ll need to act fast.
  • Always unplug your electrical devices during a storm, especially a lightning storm. There is no surge protector in the world that will protect your computer from a lightning strike.
  • Not every organization requires a dedicated generator for backup power because most businesses can tolerate the downtime of a short-term power outage.  Many office buildings have standby generators that companies can rely on.  Be sure to know if you are equipped with a standby generator if your organization requires one.

Remember, having a plan and being prepared is your first line of defense.  If you are concerned about the emergency power outage strategies your business has or some other network issue, please contact us at 844.449.8770 or by email at ITExperts@Bryley.com.

We would be glad to help you assess and mitigate your risks.

References:

  1. https://www.sciencedaily.com
  2. https://www.washingtonpost.com/local/trafficandcommuting/aging-power-grid-on-overload-as-us-demands-more-electricity/2012/08/01/gJQAB5LDQX_story.html?utm_term=.0119ff3e554b

Securing your Organization’s Computer System and Company Data

Cybercrime can have severe consequences for organizations that are victimized. “Cyber criminals want your company’s financial data, customer lists, credit card information, intellectual property, and anything else they can sell. Besides the immediate impact on your organizations’ ability to operate (for example, ransomware can shut you down), there are significant costs associated with a data breach.”1 These costs include:

  • Potential fines from regulatory agencies for failure to protect personal identification data (PI) or personal financial information (for example a credit card number). Some fines have been in million dollar multiples.
  • Loss of customers.
  • Loss of business reputation.
  • Inability to attract new customers or clients.
  • The cost of notifying all persons and businesses that had their data breached.
  • Costs of providing credit monitoring and identity theft protection for all involved.
  • The potential cost of defending a class action lawsuit against your company for failure to adequately protect sensitive information.

The following tips contain some best practices for keeping your organizations’ computer system, programs, and data, safe from prying eyes.

  • Make sure your firewall is on so that intruders cannot access your system from the internet.
  • Install security software and keep it updated.
  • Filter all email for computer viruses.
  • The more popular a program used by your business is, the more appealing it is a target for cyber criminals. Criminals know that many users do not regularly patch their programs against malware infections, so popular programs give them a wider pool for targeting. Make sure that your computer programs are updated as soon as a security patch is released.
  • Exercise caution when using free 3rd party software claiming they check for software updates. Free software may be bundled with malicious software.
  • Instruct employees that they should never open emails from unknown senders since they might be a source of infection to your company’s computer system. Attached malware might be anything from a virus to ransomware.
  • Tell your employees they should check with senders they know if an email has a suspicious attachment. A phone call to the sender can help avoid the consequences of a data breach.
  • Inform employees they should not open websites they are not familiar with and they should make sure the address bar is the site they want to visit. A random click could take them to a website that is just waiting to download malware onto your company computer system.
  • Buy your software from a reputable buyer and never use pirated software as it may be infected with malware.
  • Before using thumb drives and other portable media, scan them with security software to ensure they are virus.

Protecting your company’s data and infrastructure should be a top priority, but you do not need to do it alone.  The Bryley security team has the training and expertise to protect your company’s data and infrastructure. Please contact us at 844.449.8770 or by email at ITExperts@Bryley.com. We’re here for you.

Resources:
1 https://www.us-cert.gov/ncas/tips (US Computer Emergency Readiness Team)
https://www.consumer.ftc.gov/articles/0272-how-keep-your-personal-information-secure (Consumer Information / Federal Trade Commission
https://www.adp.com/who-we-are/data-security-and-privacy/safeguard-your-data/minimize-the-risk-of-computer-viruses-and-malware.aspx (ADP)
www.smallbusinesscomputing.com (Small Business Computing)
https://resource.elq.symantec.com (Symantec)
http://guides.wsj.com/small-business/technology/ (Wall Street Journal)

 

Why Backups are Critical in Fighting Ransomware

Ransomware – usually Crypto Locker and its variants – is a form of cyber-malware based on encryption software that seeks payment (ransom) to undo the damage; when infected, the malware typically encrypts all data files, rendering them useless until the ransom is paid.  (Encryption software scrambles a files’ contents and creates an encryption key, essentially a code used to reverse the process.  Unless you have this key and the encryption software, the files remain unreadable.)

Recently, hospitals and police departments have become victims of ransomware.  Hollywood Presbyterian Medical Center was forced to pay a $17,000 ransom in bitcoin to regain control of their computer systems and after repeated attempts to decrypt their data, the Tewksbury Police Department was forced to pay the $500 ransom.

Other than paying the ransom, which is risky and not recommended since it potentially makes you more of a target in the future, the only way to thwart ransomware is by restoring the corrupted files through a backup that was created before the infection.

A properly planned and implemented backup process is vital since data stored on a network server represents many hours of effort over time, making it impractical and usually impossible to recreate.  A properly functioning, multi-point-in-time backup is necessary to provide restoration under these and other scenarios:

  • A server fails
  • A file is deleted
  • A template is written over
  • An application upgrade fails and must be restored
  • A document is inadvertently changed and saved by a user

A backup should be a complete, recoverable copy of not just data, but the entire server/network environment.  It should have these properties:

  • Sequenced over many days
  • Complete image
  • Offsite storage

If you’re ready to get serious about protecting your business data, select a talented Managed IT Services/Managed Cloud Services company, like Bryley Systems, to help you double-check your IT infrastructure, recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss. Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

IF you Recognize these Signs, THEN it’s Time to Outsource your IT

It’s Time to Outsource your IT!

Do you Recognize these Signs?

Small business owners have to keep their budgets tight. It’s a fact of life. In today’s competitive world, decisions become difficult when it comes to hiring specialized positions – especially within IT departments.

IT is such an important topic because of the critical need to keeping your organization running efficiently and safely. There are technical challenges to overcome. For example, have you determined what hardware and software best fits your business needs? How will you manage all of this internally? Are you prepared to handle a data security breach?

When it comes IT support, it may seem advantageous to hire an IT Manager or CTO internally to maintain tight control over these functions. However, keeping these functions in-house may not be the best option for your budget.

According to recent research by CompTIA (the IT Industry Association), the most proactive approach is turning to a managed IT service provider. By doing so, your costs can be reduced by nearly 50%. Since managed IT service providers offer certified engineers with a wide range of capabilities, studies show that they will outperform your in-house team at a lower overall cost. Discovering this after an issue arises could put your organization at greater risk.

Take a look at our tips on when it may be time to begin outsourcing your IT:

  1. Staying Focused on Your Priorities. By outsourcing your IT you will be less likely to be sidetracked putting out fires. You can focus on priorities such as supporting your customers without having to deal with interruptions like trouble-shooting software, hardware, network, or user issues. There are major issues that can occur such as a breach to your firewall which threatens data, or your VPN failing, or disruptions in your VoIP phone service. Ask yourself, are you really prepared to handle these issues? And why would you want to? Offloading your IT support and leaving it in the hands of ‘experts’ will save you time, money, and frustration.
  2. Cost Management. Keeping an office running efficiently and safely with just one full-time computer expert on your staff is nearly impossible. The average help desk or systems admin personnel expenses can quickly add up to big dollars especially when you have to keep certifications current and training up-to-date. The main reason to outsource IT is to lower your costs by only paying for what you need, when you need it.
  3. The Need For Reliable IT Experts. The world of technology is always changing. If you don’t currently have the proper IT resources available, the symptoms of an IT problem may be bandaged but never addressed at the root. This leaves your technology in a break-fix cycle that is never ending. Having an outsourced IT provider will give you peace of mind and expert guidance. Your dedicated Managed IT Services Provider will understand your environment, make appropriate recommendations, and manage your infrastructure to avoid frustration, lost time and wasteful spending.
  4. Offloading Security Worries. There are many areas of IT security that challenge business owners. There is spam filtering, virus scanning, firewall management, data backup, and more. These tasks can be overwhelming and deciding what to do first can be confusing. By putting all of this in the hands of a managed IT service provider, they will have the time, talent, and resources to handle it. They will have the familiarity with the best tools available, and the experience to prioritize the tasks for you. Shifting the burden to meet standards and security requirements for your organization will allow you to sleep at night.

Bryley Systems has 30 years of experience taking the worry off of our clients’ shoulders and effectively managing IT environments at a predictable cost. For more information about about Bryley’s full array of Managed IT Services, please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Why Is Data Loss So Serious?

Data Loss Can Completely Cripple Business Operations. In the event of extreme data loss such as the loss of an entire database, even temporarily, it is not uncommon for the impacted business processes to fail at multiple levels. The organization may be rendered helpless, unable to fulfill orders and struggling to update employee records. Producing financial reports and providing customer services may also be impossible.

This occurs because technology is the backbone of most business operations and most of these operations are connected through a central IT system. Therefore, any disruption to the IT system can affect other business areas such as phone systems and manufacturing processes. As a result, employees may be idled for prolonged periods of time while the lost data is being recovered. Productivity will suffer.

The Impact of Data Loss on Sales. Organizations can suffer significant harm when data loss makes it impossible to interact with customers, often resulting in lost sales. Since email is the primary channel of communication between organizations and their customers, if your email system were to go down, how difficult would it be for you to conduct business as usual? Any disruption in your communication with leads, prospects, or clients can translate into lost business. For instance, should you fail to submit a proposal or bid on time, the result would potentially be a major loss of projected revenue.

The same applies when a data breach is directed at a call center or CRM provider. This is particularly true for small businesses that rely on independent call centers for customer support assistance and Customer Relationship Management (CRM) providers for managing customer relationships. In a worst-case scenario, the harm resulting from an attack on either of these two might be enough to force a small organization into bankruptcy.

Data Loss Resulting from Theft. Data loss can also take the form of data theft where a hacker breaks into a computer or network and steals critical private business information. Business plans, product designs, and a variety of other mission-critical information can disappear. The economic impact of information theft is difficult to measure because the extent of the harm caused may only manifest itself over a long period of time.

Data theft often results in lawsuits, breaches of contracts, regulatory compliance failures, and loss of business.

Lawsuits and hefty fines typically go hand-in-hand when a company experiences data theft. As an example, if personal information such as names, addresses and financial account numbers are accessed by hackers, then organizations may find themselves embroiled in lengthy legal court battles.

Data thefts can also result in contract breaches and a variety of fines and lawsuits. Shareholders, for example, can sue an organization for failure to perform duties outlined in a contract. Customers can sue companies for direct and collateral damages resulting from a data theft that caused an order to be delayed or lost.

Regulatory Compliance Failures. In 2007, the State of Massachusetts Legislature passed 201 CMR 17.00, a comprehensive set of regulations addressing data breaches. Under these laws are a set of regulations that affect any business that collects and retains personal information of its customers. For the purpose of these regulations, “personal information” includes names, social security numbers, driver’s license numbers or financial account numbers, including credit or debit card numbers.

The regulations took effect January 1, 2010, and mandate that personal information – a combination of a name along with a Social Security number, bank account number, or credit card number – be encrypted when stored on portable devices, or transmitted wirelessly or on public networks. Additionally, the regulations call on organizations to utilize up-to-date firewall protection that creates an electronic gatekeeper between the data and the outside world and only permits authorized users to access or transmit data, according to preset rules.

Loss of business isn’t uncommon after data loss incidents especially if the loss was a result of a preventable event such as a security breach. Customers may feel that the company didn’t take adequate measures to safeguard their information and may therefore choose to discontinue doing business with the organization for fear of a similar event recurring in the future.

Data loss or theft can strike any organization. The wise choice is to be proactive by deploying an up-to-date and secure data backup system.

The main takeaway from these costly consequences of data loss is that businesses bear a huge responsibility for protecting the data they own. Failure to do so means facing serious operational and legal ramifications.

If you’re ready to get serious about protecting your business data, select a talented Managed IT Services/Managed Cloud Services company, like Bryley Systems, to help you double-check your IT infrastructure, recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss. Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

 

The Costly Consequences of Losing Your Business Data – Would You Take the Risk?

Lost data is not a trivial matter. Don’t play with fire! Prevention is worth an ounce of cure.

Like it or not, technology occasionally fails. It can happen to you. Why take the risk when instead you could be taking steps to protect your data and prevent disasters. Being prepared is always the best option. Implementing a system for secure data backup/data recovery is one of the best ways to protect your business against loss of precious data, whether it’s a result of a hard drive crashing, an unintentional deletion, or a disaster such as a fire, flood, or storm.

Data loss, without proper protection, will impact business operations in multiple ways.

First, if the lost data and business records cannot be recovered – and this is a real possibility – you’ll be effectively out of business until the data and records can be replicated. The downtime you’ll experience will be crippling. This is a worst case scenario, but one you should be proactively working to prevent.

Second, the lost data might be recoverable. This is the most common scenario in organizations that back up their data –to an outside location, separate from the primary source. Still, recovering the data can be a lengthy process. There’s also the possibility that not all of the data will be recovered.

And third, when a disaster strikes, whether it results in the temporary or permanent unavailability of data, it can also cause critical business applications to fail. This is especially the case in relational databases. For instance, if the central database containing customer information becomes unavailable, then the sales system might also fail.

If you’re ready to get serious about protecting your business data, select a talented Managed IT Services/Managed Cloud Services company, like Bryley Systems, to help you double-check your IT infrastructure, recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss. Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

Recommended Practices:  Dealing with CryptoLocker

This is a multi-part series on recommended IT practices for organizations and their end-users.  Additional parts will be included in upcoming newsletters.

CryptoLocker surfaced in the fall of 2013; it is a ransomware trojan that, upon activation, encrypts all data files to which the infected end-user has read-write access, and then demands payment to decrypt.  It typically hides as an attachment within a phishing email and can even work over a home user’s VPN connection to encrypt data files on the organizations’ server(s).

cl-ex

The cyber-criminal’s intent is to receive untraceable payment via cyber-currency in exchange for a decryption key to unlock the data files, forming a one-to-one relationship between the cyber-criminal and the infected user:  The cyber-criminal knows the user is infected and awaits payment; if thwarted in his/her extortion attempt, that information is retained by the cyber-criminal, which could reduce future efforts to pursue your organization.

Of greater concern; if an individual or organization pays the ransom, that information is also known, recorded, and potentially shared for future attempts.  Basically, if you pay the ransom, you may be targeted for new efforts.

The cyber-criminal is likely acting within a crime syndicate; he/she might not even be technically savvy since CryptoLocker tools are readily available and easy to use.

We have recently seen a significant upswing in CryptoLocker attempts; the source emails spoof the email addresses of known parties while the attachment might carry a seemingly harmless “PDF” extension.  The message is compelling; an end-user unwittingly clicks the attachment and starts the process.

The first best step is prevention:

  • If feasible, use group policies or AppLocker to restrict software execution1
  • Limit access only to needed files; make them read-only where appropriate
  • Update security patches on all operating systems and end-user applications2
  • Deploy and continually update anti-malware apps on all end-user devices2
  • Deploy a robust, anti-spam solution that can block executables2
  • Consider blocking or quarantining all incoming attachments
  • Setup a backup routine that addresses data files frequently3

For more information, Jonathan Haskell of ComputerWorld reviews group policy restrictions in his article:  “CryptoLocker:  How to avoid getting infected and what to do if you are”.  Also, Third Tier and SMB Kitchen have jointly released a CryptoLocker Prevention Kit to assist in developing these group policies.

Education is also critical4:

  • Schedule regular training reviews with your end-users
  • Demonstrate to your end-users how to spot potential threats
  • Discuss the dangers of clicking attachments, even those from known sources

If you are infected by CryptoLocker5:

  • Identify the infected computer and remove it from the network
  • To be prudent, change online and system passwords
  • Create forensic images of infected computers
  • Preserve all firewall, Intrusion Prevention, and Active Directory logs for potential analysis by law-enforcement officials

Index of referenced articles:

1 See the January 2015 Bryley Tips and Information article: Recommended Practices:  Manage End Users via Active Directory and the February issue for the article: Recommended Practices – Part 7:  Resource Management via Active Directory.

2 See the June 2015 Bryley Tips and Information article:  Recommended Practices:  IT security cheat-sheet.

3 See the April issue of Bryley Tips and Information for Bryley Basics:  How ransomware (CryptoLocker) makes backups more critical.

4 See the May 2015 Bryley Tips and Information article: Recommended Practices: Basic IT training for end users

5 View detailed prevention and response techniques in CryptoLocker Prevention and Remediation Techniques, presented by fishnet security.