data

Password Basics

loginscreen.png

You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are sloppy with passwords.

There are many ways data can be breached, and opening some link they shouldn't is one of the most serious security sins employees can commit, but today we’ll just talk about passwords.

Here are some basic practices that you should require your employees to follow. These are basic tips. System administrators should implement other policies, such as those that forbid using passwords previously used and locking accounts after a few failed attempts to login. But just for you as a manager, here are a few tips.

  1. Change Passwords - Most security experts recommend that companies change out all passwords every 30 to 90 days.
  2. Password Requirements - Should include a of mix upper and lowercase, number, and a symbol.
  3. Teach employees NOT to use standard dictionary words (any language), or personal data that can be known, or could be stolen: addresses, tel numbers, SSN, etc.
  4. Emphasize that employees should not access anything using another employee's login. To save time or for convenience, employees may leave systems open and let others access them. This is usually done so one person doesn't take the time to logout and the next has to log back in. Make a policy regarding this and enforce it.

These are just a few basic password tips, but they can make a big difference in keeping your business's sensitive data safe.

Series: Ransomware Part 1

thumb-12.jpg

The daily reports of cyber-crime are important reminders about the need to protect your business from malicious behavior that could threaten the success of your business. There are so many different things that can attack your computer, steal your data, and wreck your day. One of the most troublesome has been the development of ransomware. (FYI. Ransomware isn’t actually all that new-- some version has been around for decades)  Ransomware is a type of computer virus that takes your data hostage and like any kidnapping scheme, demands money for the release of your data.

Why is ransomware so nasty? Because it steals the most important thing your business possesses. Data. Worse, once infected there isn’t generally a way out. No one can “disinfect” your machine. You aren't going to be able to call in IT support to solve the problem. Basically, you have three options.

  1. Pay the ransom. This payment is usually via credit card or bitcoin (a digital currency). Some ransomware viruses even provide help lines if you're having trouble. Of course there are no guarantees your will get access to your data–these are thieves you’re dealing with.
     
  2. Don’t pay and lose your data - This has its obvious downsides, unless…
     
  3. You have a safe, clean backup. In that case, you are stuck with the nuisance of restoring your data with the backup, but you aren’t out any money. However, this comes with a caveat: your backups have to be clean. The problem with ransomware viruses is that just making backups may not be sufficient to protect your data, as the backups can be infected also. In the next blog, we will address your need to add an additional layer of protection to handle ransomware attacks.

The SCARY Misunderstanding Most Business Owners Have About Their Backup System

 
OSB-disaster.png

Unless you’ve been living in a tomb, you know you should be backing up your computers and server. But here’s something you probably DON’T know that will come back and “bite” you: simply having a backup of your data is NOT ENOUGH to guarantee you could be back up and running fast in the event of a disaster.

Having a data backup merely means that you have a copy of your company’s data stored somewhere; it does NOT mean you have a way to instantly restore your network back to normal – a shocking dose of truth most business owners discover after they’ve experienced a major network crash or data-erasing disaster.

For example, if your network dies because of a hardware failure, your entire company is down, period. No e-mail, no printing, no accessing your database, customer records, and more. Until whatever caused the problem can be fixed (which might involve ordering replacement parts), your business is deader than a door nail.

So You Reach For Your Backup Only To Discover... 

Your information is there, but without a server, you have nowhere to load that information, and no way to access it. On top of that, a backup only holds your data, not your operating system, settings, or software applications. So even if you can load the data, you can’t actually use it without re-loading all the software applications—no small feat. Even IF you have all the software disks and key codes (most people don’t), it could still take days — possibly weeks— to rebuild, and the costs can run into the thousands.

 That’s Not The Half Of It

The three most common causes of server downtime are hardware failure, software corruption and human error. But nearly 20% of businesses suffer damaging downtime from fire, flood, theft, or other natural disasters, and 44% of them never recover—and that’s mostly because they didn’t have a disaster recovery plan in place.

A disaster recovery plan covers more than just backup. It maps out how to get your business restored and running again in every possible scenario.

For example, if another company in your office building has a fire, the police may quarantine your building preventing you from even entering your office. Or if a major storm knocks out power, Internet or the phone lines, you need a plan “B” for servicing customers, taking orders and keeping things rolling.

3 Crucial Components To A Disaster Recovery Plan

1.    Have One! As the old adage goes, “If you fail to plan, then you plan to fail.” When it comes to disaster recovery, nothing could be more accurate.

If something happens to your office, will your employees be able to work from home? Do you have an alternate plan for your phones? Where would you temporarily set up shop? How quickly could you get technology equipment you need to function like computers, scanners, or printers? How will you access the Internet? Make a point to document the answers to these questions.

2.    Onsite Server “Virtualization.” In a downtime situation, virtualization is basically a business owner’s lifeline to his business. Once only available to big businesses with deep pockets, this now affordable technology can literally get you back up and running just as you were before the disaster... in as little as 24 hours. If the disaster doesn’t take out your whole office, virtualization can have you back in business the same day.  Here’s how it works. A second server makes exact copies of everything on your server—operating system, software applications and data—every 15-60 minutes.

This server replica, also known as an “image,” can take over if your main server fails or gets corrupted. No need to re-load software, reconfigure your network, or re-load your data. In as little as 30 minutes, everyone in your company can get back to work, just as they were before the downtime. Compare this to the days or WEEKS it could take without virtualization; the productivity and money savings is staggering. Side Note: If you are still using old tape backups, you NEED to throw them away and virtualize your server with an offsite backup!

3.    Offsite Image of Your Server. Fire, flood, theft, natural disasters, or even faulty office sprinkler systems can physically damage your office equipment, including your server and your backup system.

Head this off by having an exact copy (an image) of your server’s operating system, settings, programs, and data sent daily to an offsite location. Also make sure this image can be quickly loaded on to a server and shipped to you. With this in your plan, a tornado could rip open your office and destroy everything, yet you could be back up and running within a few days.

Want To Make SURE Your Business Can “Stay Open” After a Disaster? 

Contact us to see how our backup solutions can make sure your core business stays up and running and no horror stories happen. We can make sure:

  • Your files are automatically backed up every night right over the Internet. No more rotating and storing tapes or running the risk of tape failures!

  • Your data is safe from fire, floods, storms, viruses, hackers, hardware malfunctions, and human error!

  • You can back up ALL of your data and not be limited to the size of your tape drive.

  • Should a disaster occur, you can be back up and running the very next day…we GUARANTEE it.

 

Plus, we’ll map out a disaster recovery plan for your company’s network so everyone in your office will know what to do if the server dies or your employees can’t get into your physical location.To get started, call us at 214-270-0850 or send us an e-mail to sales@prototypeit.net. Don't quite believe us? We've experienced our own disasters. This is why you have a disaster recovery plan.  Back during the big freeze of 2013 we had a flood in the office Sunday evening and we were back up the next morning. It did take a while to clean things up a bit, but we are stronger for it and now know our DR Plan worked.

Happy Halloween!

 

The 10 Disaster Planning Essentials for a Small Business Network

 

September is...

If your data is important to your business and you cannot afford to have your operations halted for days – even weeks – due to data loss or corruption, then you need to read this report and act on the information shared. A disaster can happen at any time on any day and is likely to occur at the most inconvenient time. If you aren’t already prepared, you run the risk of having the disaster coming before you have in place a plan to handle it. This report will outline 10 things you should have in place to make sure your business could be back up and running again in the event of a disaster.


1.    Have a written plan. As simple as it may sound, just thinking through in ADVANCE what needs to happen if your server has a meltdown or a natural disaster wipes out your office, will go a long way in getting it back fast. At a minimum, the plan should contain details on what disaster could happen and a step-by-step process of what to do, who should do it and how. Also include contact information for various providers and username and password information for various key web sites. Writing this plan will also allow you to think about what you need to budget for backup, maintenance and disaster recovery. If you can’t afford to have your network down for more than a few hours, then you need a plan that can get you back up and running within that time frame. You may want the ability to virtualize your server, allowing the office to run off of the virtualized server while the real server is repaired.  If you can afford to be down for a couple of days, there are cheaper solutions.  Once written, print out a copy and store it in a fireproof safe, an offsite copy (at your home) and a copy with your IT consultant. 


2.    Hire a trusted professional to help you. Trying to recover your data after a disaster without professional help is business suicide; one misstep during the recovery process can result in forever losing your data or result in weeks of downtime. Make sure you work with someone who has experience in both setting up business contingency plans (so you have a good framework from which you CAN restore your network) and experience in data recovery.


3.    Have a communications plan. If something should happen where employees couldn’t access your office, e-mail or use the phones, how should they communicate with you? Make sure your plan includes this information including MULTIPLE communications methods.


4.    Automate your backups. If backing up your data depends on a human being doing something, it’s flawed. The #1 cause of data loss is human error (people not swapping out tapes properly, someone not setting up the backup to run properly, etc.). ALWAYS automate your backups so they run like clockwork.


5.    Have an offsite backup of your data. Always, always, always maintain a recent copy of your data off site, on a different server, or on a storage device. Onsite backups are good, but they won’t help you if they get stolen, flooded, burned or hacked along with your server.


6.    Have remote access and management of your network. Not only will this allow you and your staff to keep working if you can’t go into your office, but you’ll love the convenience it offers. Plus, your IT staff or an IT consultant should be able to access your network remotely in the event of an emergency or for routine maintenance. Make sure they can.


7.    Image your server. Having a copy of your data offsite is good, but keep in mind that all that information has to be RESTORED someplace to be of any use. If you don’t have all the software disks and licenses, it could take days to reinstate your applications (like Microsoft Office, your database, accounting software, etc.) even though your data may be readily available. Imaging your server is similar to making an exact replica; that replica can then be directly copied to another server saving an enormous amount of time and money in getting your network back. Best of all, you don’t have to worry about losing your preferences, configurations or favorites.  To find out more about this type of backup, ask your IT professional.


8.    Network documentation. Network documentation is simply a blueprint of the software, data, systems and hardware you have in your company’s network. Your IT manager or IT consultant should put this together for you. This will make the job of restoring your network faster, easier AND cheaper. It also speeds up the process of everyday repairs on your network since the technicians don’t have to spend time figuring out where things are located and how they are configured. And finally, should disaster strike, you have documentation for insurance claims of exactly what you lost. Again, have your IT professional document this and keep a printed copy with your disaster recovery plan.


9.    Maintain Your System.  One of the most important ways to avoid disaster is by maintaining the security of your network. While fires, floods, theft and natural disasters are certainly a threat, you are much more likely to experience downtime and data loss due to a virus, worm or hacker attack. That’s why it’s critical to keep your network patched, secure and up-to-date. Additionally, monitor hardware for deterioration and software for corruption. This is another overlooked threat that can wipe you out. Make sure you replace or repair aging software or hardware to avoid this problem. 


10.    Test, test, test! A study conducted in October 2007 by Forrester Research and the Disaster Recovery Journal found that 50 percent of companies test their disaster recovery plan just once a year, while 14 percent never test. If you are going to go through the trouble of setting up a plan, then at least hire an IT pro to run a test once a month to make sure your backups are working and your system is secure. After all, the worst time to test your parachute is AFTER you’ve jumped out of the plane.