Posted by Richard Schissler on Fri, Oct 22, 2010 @ 11:22 AM
Businesses are constantly evolving and changing. Is your disaster recovery plan changing, too? It should be otherwise it might not work!
Every company can experience a business-altering event at any time: floods, explosions, accidents, even computer malfunctions—the list is endless. Or even a molasses tank rupture:
If you already have a disaster recovery plan, you’re prepared to prevent such events from disrupting your normal operations—or at least you were at the time you created the plan. But how long ago was that?
As your business has grown, it’s likely that your products and services, or at least the way you deliver them, has changed as well. For example, the increase in technology-based processes over the past few years has likely increased your reliance on the availability of computer systems and data for your business to function effectively.
These changes might necessitate a change in your disaster recovery plan. As a result, we recommend a regular review of your plan. If you make changes, these change should be tested and any new processes documented so all employees can be trained accordingly.
Finally, keep in mind that reviewing your disaster recovery plan isn’t a one-time event. Because changes to your products and services, or the way you deliver them, are likely to continue, reviewing your disaster recovery plan should be a regular process.
How Confident Are You That Your Data Could be Restored?
WesTec Services specializes in helping companies prepare and review their Disaster Recovery Plans. Please contact us for a free evaluation of your disaster data protection needs at (713) 682-4000 or sales@westecservices.net
For more information go to www.westecservices.net/BackupDisasterRecovery/
Photo: Courtesy of Boston Public Library; Title: Panorama of the Molasses Disaster site; Globe Newspaper Co. (Creator)
WesTec Services, A Houston IT provider that offers a wide range of services including: Network Installation/Service, Telephone Systems/Service, Video Surveillance/Access Control and Office Equipment
CALL TODAY at (713) 682-4000
Posted by Richard Schissler on Fri, Oct 15, 2010 @ 05:38 PM
A Big Response to a Big Disaster; it really does not matter how big your company is!
Unlike enterprises size companies, many smaller companies cannot afford optimal in-house strategies and solutions available and called for in Business Continuity Planning (BCP). A good Business Continuity Plan is designed to make sure your firm is able to timely recover from a disaster and reopen for business as quick as possible. Those companies that do not prepare one or are unable or unwilling to spend the money and time to prepare one are consequently at an elevated risk of being put out of business due to any major loss of data. Loss of data could mean emails lost, accounting data lost, patient or client files lost, company records lost, client legal records or orders lost and so on.
BCP is the blueprint for how businesses plan to survive everything from local equipment failure to global disaster. Data-oriented BCP, an indispensable component of business planning regardless of organization size, poses the following challenges. Smaller businesses generally lack the in-house IT resources to achieve these demanding planning, technical and process requirements. Therefore, many SMBs either neglect to implement any data-oriented business continuity plan or else approach data backup and recovery in a sporadic, rudimentary fashion that fails to conform to the best practices of BCP.
Issues such as identifying what data to back up; identifying how frequently to back up and related costs and ROI; retaining the ability to recover not only the most recent data, but also data from older time horizons, such as past quarters and years; and retaining the ability to monitor and manage the integrity of ongoing data backup processes so that backup failures can be diagnosed and remedied before adversely impacting the BCP lifecycle must be examined. Once the issue is analyzed a solution must be chosen and added to the Plan. Every company must examine their challenges, the range of existing solutions and their drawbacks and put a plan in place.
WesTec Services, A Houston IT provider that offers a wide range of services including: Network Installation/Service, Telephone Systems/Service, Video Surveillance/Access Control and Office Equipment
CALL TODAY at (713) 682-4000
Posted by Richard Schissler on Tue, Oct 05, 2010 @ 03:45 PM
Many data losses are the result of simple blunders that could easily have been prevented. To keep yourself from becoming a statistic, check over this list of top security blunders to ensure you’re not committing any of them.
1. Unsecured wireless networks
Wireless networks present the single most common security vulnerability among most companies. Just think of the volume and sensitivity of information flowing over wireless networks in a single day: point-of-sale transactions involving credit cards, emails detailing confidential data, remote workers accessing the company database, and instant messages.
The problem with wireless networks is that they aren’t physically constrained. With the right device, anyone can sit outside of an office building and “sniff” the wireless traffic for valuable data, or come right in and access your systems.
Correction: Simply apply better encryption protocols to your wireless network, or choose stronger wireless encryption, such as WPK. For portals that need to remain open, for remote VPN access for example, ensure that you have a secure authentication program in place. Your IT support can set this up for you.
2. Weak passwords
We all know choosing strong passwords is a hassle. We all have so many passwords for so many things, and remembering a complicated series of characters is difficult. So, many of us cheat and use the same password for years or pick a simple password that is easy to remember.
The problem is that hackers know this. Weak passwords are vulnerable to dictionary attacks, where hackers build extensive lists of possible and likely passwords and test them on entry portals to your network.
Correction: Develop and enforce a strict password policy that applies to all your users. Then monitor to ensure that passwords are updated regularly company wide.
3. Forgetting to delete identities of former employees
On occasion, employees leave a company on bad terms. If employees are disgruntled enough to commit malicious activity, they could access sensitive company data by simply using their employee credentials if they haven’t been deleted. They don’t even have to hack in, but can essentially walk right through the front door.
Correction: Set up a standard protocol for dealing with employee exits, and ensure that outdated employee identifies are deleted from your system as soon as possible. These protocols should apply to any employee exit, whether on good or bad terms.
4. Irresponsible use of USB drives
USB drives are handy, cheap, plentiful, and small, which can present security vulnerabilities in two ways.
An employee might copy sensitive company data onto an unencrypted USB drive and then lose it, making the data accessible to anyone who picks up the device. Or, a malicious attacker can load a virus onto a USB drive and leave it in a conspicuous place for an unsuspecting employee to pick up and try to use. Once the drive is opened on a machine, it can deliver its payload and infect the machine, or worse, your network.
Correction: Educate your employees about the potential security risks of using USB drives. Invest in encrypted USB drives for employees who handle sensitive data but also need mobility. Another option is to lock out the use of outside drives from any machine without permission.
5. Unencrypted hard drives on notebooks
Most employees’ access and store company files through a VPN connection, but working files often end up on notebook hard drives. That represents a lot of potential places for sensitive data to linger unprotected.
Occasionally, notebooks are lost or stolen. It’s just a fact of life. An unencrypted hard drive, and the files that are stored on it are open and available to anyone using the notebook.
Correction: Develop a company-wide policy that regulates security on your mobile devices. A comprehensive policy will include protocols for reporting and following up on notebook thefts or losses. You can also require that notebooks be checked by your IT department on a regular schedule.
If you would like additional information about security or business continuity please contact us at sales@westecservices.net or call us at (713) 682-4000.
WesTec Services, A Houston IT provider that offers a wide range of services including: Network Installation/Service, Telephone Systems/Service, Video Surveillance/Access Control and Office Equipment
CALL TODAY at (713) 682-4000
