Tag Archives: disaster recovery

Our Systems Are Down! A CEO’s Nightmare!

In this day and age, having some sort of computer to do your job is as necessary as air. Chances are, if you have a lot of computers in your business, you also have things like servers, routers, access points, and switches. These are all critical pieces to maintaining your business and your employee’s productivity level.

Have you ever stopped to think about what would happen if your business suffered a catastrophic event? How long would it take to get you back up and running? Do you know if your critical data is being backed-up and if it is, how often is that happening? If you are reading this and starting to feel a tightening in your chest because you aren’t sure of your answers, then it’s time to stop ducking your head in the sand.

In a survey done by IHS in 2015, the average of cost of outages totaled the $700 billion dollar mark. This number has only increased for the past year in 2017. This total includes the loss of employee productivity, revenue and the cost to the fix the issue, which surprisingly was the lowest cost of the three.

So how do you calculate downtime loss?  Our friends over at My IT Pros shared with this basic formula:

 LOST REVENUE = (GR/TH) x I x H

GR = gross yearly revenue

TH = total yearly business hours

I = percentage impact (a high percentage would mean you can’t complete any transactions, will lose clients and have a PR nightmare)

H = number of hours of outage

Finally, to calculate the expected annual cost, multiply this number by the number of expected annual hours of outage. If you do this and you are absolutely panicking, don’t worry. While all of this sounds like something out of a nightmare, the solutions are fairly simple. We would first recommend that you have incremental back-ups of your critical data that are stored both locally and in the cloud. This way, if your hardware were to fail, with the help of your IT provider, you can pull your data down from the cloud onto a backup server (part of the redundancy plan). Secondly, we recommend that you have a redundant environment. Now, this can mean a variety of things but at minimum, it would mean that you’d have a secondary server that is only for emergencies. At maximum, it would mean having clustered servers where there are more than 1 server and if something were to fail, the data just seamlessly moves to the next available hardware.

We don’t want to see any businesses have to deal with this nightmare. If you are unsure of what disaster recovery plan you have with your current IT Provider, it may be time to strike up that conversation. If you have any questions and would like to discuss how downtime could affect you and how ECMSI can help you prevent a disaster please feel free to contact us at 330.750.9412.

Local Governments Cyber Security Crisis in 8 Charts

Within the past few weeks, two large American cities learned that their information systems were hacked. First, Atlanta revealed that it had been the victim of a ransomware attack that took many of the city’s services offline for nearly a week, forcing police to revert to taking written case notes, hampering the Atlanta’s court system and preventing residents from paying water bills online. Then, Baltimore’s 311 and 911 dispatch systems were taken offline for more than 17 hours, forcing dispatchers to log and process requests manually. Both attacks could have been prevented. And they are more evidence of the poor, if not appalling, state of local government cyber security in the United States.

We know this because in 2016, in partnership with the International City/County Management Association, we conducted the first-ever nationwide survey of local government cybersecurity. Among other things, the survey data showed just how poorly local governments practice cybersecurity.

Under near-constant attack, but not fully aware

Nearly half – 44 percent – of all the respondents told us they experience cyberattacks at least daily. Based on prior research, we are confident that rate is actually much higher.

The volume of attacks isn’t dropping – and in some cases it’s increasing.

But even so, many communities didn’t know how frequently they are attacked, and most didn’t count or catalog initial attacks – though more than half did track more serious incidents and breaches.

More than half weren’t able to determine who was attacking their systems.

Unprepared to respond, and with not enough support

Certainly, there are local governments that do a commendable job with cybersecurity. If previous research into government information technology systems and electronic government can be a guide, they are most likely larger, more well-funded and more well-managed governments. However, the data from our more recent survey strongly suggest that at least some, and perhaps even a large fraction of, local governments may be unable to respond to electronic intrusions.

In part this is because few local officials are aware of the need for cybersecurity. Nearly two-thirds of the respondents to the survey, who were nearly all information technology or cybersecurity officials, said that top managers understood the need. However, among other groups in local governments, awareness dropped considerably. Perhaps as a result, support for cybersecurity efforts was also not as strong as Atlanta’s and Baltimore’s experiences suggest it should be.

With most local government officials and staff unaware and unsupportive, it is not surprising that cybersecurity is so poor among American local governments. Atlanta Mayor Keisha Lance Bottoms admitted that cybersecurity was not a high priority, although “it certainly has gone to the front of the line.”

And yet, crucial barriers remain, largely to do with how much money is allocated to cybersecurity efforts.

Getting more people in the know

If local officials are going to do a better job protecting their information assets, they’ll first need to know a lot more about what’s actually happening. The numbers of survey respondents who answered “Don’t know” to our questions was surprisingly high. No top local officials, whether elected or appointed, should be unaware of basic cybersecurity information, like whether their systems have been attacked or breached, or who’s attacking their systems and why.

Knowing these answers will only become more critical as computing becomes more deeply embedded in systems running “smart” cities. If computers control traffic lights, sewage plants and electrical grids, then the consequence of attacks is more severe than just loss of information or computer services.

Source: Norris, Donald, et al. “Local Governments’ Cybersecurity Crisis in 8 Charts.” The Conversation, 3 May 2018, theconversation.com/local-governments-cybersecurity-crisis-in-8-charts-94240.

This article was originally published by The Conversation. See here

Shut Off Your Bluetooth When You’re Not Using It!

Privacy and security seems to always be on everyone’s mind today. Intuitively we are always making sure our homes are locked before we leave and that our cars when left aren’t vulnerable to any intruders. Just like our homes and cars, we keep our technological devices secure and locked with some sort of authentication, but they too have a variety of different entrances for an intruder to sneak their way in.

The most popular digital entrance into a electronic device today is through its Wifi. We have all heard of the horror stories of connecting to a wrong network in a public place and having your personal information stolen. But few people think about how their Bluetooth can be effected. Minimizing your Bluetooth usage minimizes your exposure to the vulnerabilities. Most recently, an attack called BlueBorne allows for any affected device with Bluetooth turned on to be attacked through a series of vulnerabilities. These vulnerabilities don’t stem from the Bluetooth itself but the implementation in all the of the software including Windows, Andriod, Linux and iOS. This potentially puts millions at risk.

 

The Blueborn attack starts by going through the process by scanning devices with Bluetooth on, it then starts probing them for information such as device type and operating system to see if they have the vulnerabilities it can latch on to. The Blueborn bug can allow hackers to take control of a device and access private information. This attack can also spread from device to device in one motion if other vulnerable Bluetooth enabled targets are nearby.

The best defense against this Bluetooth security flaw is to make sure your device system is always updated with the latest software and firmware. This make sure there are no vulnerabilities in the implementation of Bluetooth within your operating system. Bluetooth does many amazing things that seem almost magical and the benefits outweigh the calculated risk of turning it on. However when not in use it is best to make sure to keep your Bluetooth setting off and use it when you know you are in a safe and secure area.

My Coffee Machine Got Hacked

In today’s world it seems like anything can fall victim to a cyber attack. We all know that a computer, wireless network, server, (etc.) can be compromised. Now imagine that you’re at work and you see a ransomware message on your coffee machine’s screen. That’s right… a COFFEE MACHINE. This may sound ridiculous but it did happen and could happen to any workplace. Bet you didn’t know ransomware is now a part of the new continental breakfast.

A chemical engineer with a degree in computer science posted this instance on Reddit and explained exactly what happened that led to this attack on their workplace coffee machine. It all began when a factory worker encountered a ransomware message on his computer, he then called the help desk to get the issue resolved and stepped out to grab a cup of coffee. The worker then noticed the same message on the coffee machine’s screen. Now, this ransomware did not just shut down the employee coffee supply and hold it for ransom (which, that would be a whole other nightmare),this ransomware spread throughout the factory and shut down factory systems. So how did this all happen?

Coffee machines are supposed to be connected to their own isolated WiFi network, the person who was installing the network made the mistake of connecting it to the internal control room network, when they noticed the coffee machine still wasn’t getting internet they then connected it to the isolated WiFi network. While a hacker was poking around in their systems they noticed that huge security fall and managed to squirm their way into the system and gridlock the entire factory network.

A coffee machine is not the only issue, practically any computer- implemented or computer enabled device can be compromised, this then leads to a wild search for what else is connected to that same network that could also become infected? Network vulnerability is like a screen door. If you do not pay attention and their is the tiniest hole in the screen somehow at least one fly will manage its way through and get into your home.

Being proactive and making sure your systems are always being monitored for any issues is very important. Implementing the right security precautions and making sure your network is sealed tight is the only way to prevent malware from grid locking your network. Finally, please make sure your office coffee machine is installed properly!

Winter 2017: Disaster For Your Data?

fence with ice hanging off with snow covered trees in background
With winter just around the corner, everyone around you may be getting “all wrapped up” in the upcoming holiday season…

But you’ve got a business to run, customers to keep happy and mission-critical data to keep safe, even if a major blizzard, lightning strike, windstorm or epic flood is taking place right outside your door.

Here are 5 easy steps you can take this holiday season to get your office prepared for this winter’s worst, without seeming like Mr. Grinch.

Be ready for power outages. A power outage can hurt your business in more ways than you think. Besides employee downtime, it takes time to safely get everything back up and running. Then you need to make sure no critical files have been damaged or lost.

Autosave features can help minimize lost files in a sudden power outage. An uninterruptible power supply (UPS) can give your team anywhere from ten minutes to an hour to back up files and properly shut down equipment. If you need longer power durability during an outage, you might want to look into a backup generator.

Keep lines of communication open. Customer frustration due to production delays and not being able to reach key people at your company can be very costly in terms of both revenues and your company’s reputation. Here are three ways to make sure calls to your office don’t get bobbled when a storm rolls in:
1. Create a new automated greeting to let callers know about changes in hours or closings.
2. Set up an emergency override that automatically reroutes key phone lines to one or more numbers that can be reached during an outage.
3. Make sure you and your staff can access voice mail remotely – from a smartphone, by e-mail as an attached sound file or transcribed message, or as a text notification.

Manage employees working from home. Many of your employees can work from home if need be. But you’ll need to prepare in advance if it’s not the norm at your company. Have your IT specialist check with employees who could work from home during rough weather. They’ll need a virtual private network (VPN) to safely access the company network. Be sure it’s set up well in advance to avoid any glitches when that winter storm hits and you need it most.

Have a disaster recovery plan (DRP) ready to go. Unless you can afford to shut down for days at a time, or even just a few hours, it’s absolutely critical to keep a written DRP on hand. Write out step-by-step details of who does what in every type of winter disruption – from simple power outages to blizzards, flooding or building damage caused by heavy winds or lightning. A downed network can cost your company big-time every minute it’s offline. Make sure your plan includes one or more ways to get it back up and running ASAP. Consider virtualizing key parts or all of your network so your team can access it remotely. Once you’ve written out your plan, keep one copy at your office, one at home and one with your IT specialist.

Trying to recover your data after a sudden or serious outage without professional help is business suicide. One misstep can result in losing critical files forever, or weeks of downtime. Make sure you’re working with a pro who will not only help set up a recovery plan, but has experience in data recovery. The old adage about an ounce of prevention applies doubly when it comes to working with the right people who can help you prepare for – and recover from – whatever winter throws your way.