Small Businesses according to American Express Open
As you can see, some of the items on this list are things that you can install onto your computers to help protect you from the bad stuff, the others are things behaviors that if followed would greatly reduce your risk.
You and your employees’ confident in the security systems and products is the #1 threat to your network. It doesn’t matter what anti-virus software or other safe-guards you are running if your employees do not surf safely. This will result in porn pop-ups or more nefarious spyware that will quietly steal information. Websites promising free stuff, result in theft of information like your mother’s maiden name, high school, etc. used to answer common security questions leading to theft of otherwise secure data. Think before you click!
No one can deny the popularity of social networking sites like Facebook. Threats range from malware (eg. viruses, worms, spyware) to scammers trying to steal your identity, information and money. Businesses are using these sites to communicate with their colleagues and clients, so blocking outright is no longer an option. Educating your employees and enforcing a strong acceptable use policy.We can help you develop a policy, then monitor compliance using a Unified Threat Management device that controls and reports on network access.
Mobile is the largest growth area in computing. Mobile devices such as smartphones and tablets are growing at an incredible rate. These small mobile devices often contain sensitive business data and they are easily lost or stolen. Be sure to password protect and encrypt data on all mobile devices whenever possible. Ensure you include mobility and BYOD (Bring Your Own Device) in your acceptable use policy and your enforcement system.
Although the cloud is many things, in its basic form it involves using the Internet to access and store your data. When you use programs that store their data online such as email, Facebook, DropBox and others, you are working in “the cloud.” Using the cloud for automated off site backup has rapidly gained popularity and is just the beginning. Companies like Microsoft and Google envision the day when we will use inexpensive terminals or devices such as tablets instead of computers to run programs and access data located somewhere on the Internet. Data should be secured not only where it is stored but as it is transmitted over the Internet.
The most watched viral video of 2012 was Felix Baumgartner’s supersonic free fall from 128,000 feet. It has been clicked on 30,500,000 times and still counting. What’s the secret, did that many people really want to watch a guy jump from 128,000 feet, or where they watching to see someone achieve a dream.
How is it in your business are you still working in the business and not on the business. What’s holding you back.
If you are feeling held back by outdated systems and yesterdays’ IT, you need to give us a call. We can help you move your business forward, with ways to work for profitability and efficiently in IT. Maybe we can help you create time for you to work on your own bucket list.
Just as we did after Hurricane Irene in 2011, we review the steps we took with our customers and our own business. We are also noting what lessons we can take away for the next event.
There were a couple major differences from Hurricane Irene. In this storm, our home and office (new location, but in the same general vicinity) were both effected the same way. We lost power in both locations nearly at the same time, and power was restored at nearly the same time. Also unlike Irene, we had moved our systems to our cloud platform rather than hosting it in our own office. Doing so provided us the ability to continue to use our business tools to support our clients while our own power was not available. This is one of the benefits of cloud computing – assuming it is configured and designed correctly. For more information on the cloud, here.
As we did with Irene, we added frequent manual reviews of each client’s systems, particularly the systems responsible for backup. We increased the frequency of copying business data offsite to keep the chance of loss low. We also checked the systems offsite to make sure they were ready to recover too. Since the weather could potentially effect more than one client, it was important to reduce the time to recover for each one.
As the storm came through, we continued to monitor systems in each client location. Even as our power was lost in our office and our home, we were still able to continue our monitoring using mobile technologies (iPad on Verizon LTE for example). Unlike Irene, Hurricane Sandy took power out in our area on Monday early evening and at least one client earlier than that.
In the morning, we remotely were able to check to see if our clients’ systems were still operational and provided updates to each of them. Many customers had trouble getting into their offices because of various reasons including homes without power, problems with the transit system, and downed trees. Many therefore worked remotely from coffee houses or other locations where they could find a place to plug in and connect. Interestingly enough, mobile data communication systems were available even when we were unable to make voice calls.
Unlike Irene, the major problem that effected businesses was prolonged nature of the power outages. For one customer that was completely down, we were able to recover them to our Triada Recovery Cloud and, as employees received power and connectivity, they were able to at least continue to process orders and run their business. One day we even opened our offices to them so that they could have several people come work in one location. It was important for that business to continue to work with their clients and show that they were still in business. Unfortunately, many businesses lose customers during a time like this as their clients go elsewhere and don’t come back. I learned that tidbit from my mother. My mother owned a hair and beauty salon for many years. Her experience was that even though her clients preferred her service, when she took vacation or was otherwise away (like during an illness), people still wanted to get their hair done and had it done by others. Some of those won’t come back.
As I look at some of the locations that were harder hit than the NYC metro area such as the Jersey shoreline, it is obvious that this could have been a bigger concern than it was. Fortunately we had the right kinds of processes and systems in place that allowed us and our customers to get through it. But like anything, there is always room for improvement. One lesson we learned from Irene resulted in our increasing our level of communication with our clients, during and immediately after the storm so they didn’t have any surprises as to what they were stepping into.
Something that was very obvious to our clients this time around was that although they were confident we would be able to recover their primary systems or keep them running in their existing location; they weren’t as that they could go someplace to do their work when their power or communications were not working in their own homes. In addition, they weren’t happy that they had to rely on the utilities to return power to their location and are looking at alternative power sources.
Unfortunately, one reaction this time which I anticipate (which happened during Irene as well) was that businesses may be lured into putting their data into the cloud. Depending on your cloud provider and their design, this may be a good solution. But at least for one colleague, their cloud phone system was run out of a datacenter in downtown NYC which was completely out. They had to scramble to have their phone numbers rerouted to new systems. Cloud is not a panacea. Proper planning needs to take place first, and of course your trusted IT adviser would be the first person to ask.
It is not magic. We will monitor your network 7/24/365. We will fix problems before they become disruptive network issues. And yes, we can do all of this while you get a good night’s sleep. For more information give us a call and see how we can “work” the magic for you.
Halloween is one of our favorite holidays. Not for the candy and not for the “scary old house” on the hill, but for Charlie Brown. Enjoy this Charlie Brown Classic and have a great Halloween.
The biggest technology related news this week, besides the Royal Wedding, has been the various outages with online services and cloud providers including Amazon, Rackspace, Yahoo, and Sony. This isn’t the first time this has happened and it won’t be the last. Cloud detractors use it as a way to show how the cloud or more broadly online services can’t be trusted for your corporate data or applications.
I’m not going to argue that fact. I think there is enough fear, uncertainty and doubt (FUD) around that and there are plenty of cloud cheerleaders that are positioning themselves on the other side. However, I wanted to discuss something that is being somewhat forgotten in the midst of all the cloud-frenzy and that is proper planning. It seems for many companies, both large and small, are putting applications and data in the cloud and are automatically going to be resilient to outages. Cloud proponents maintain that service providers who are in the business of providing hosting services are better positioned to run datacenters and infrastructure than most businesses. I frankly don’t disagree with this statement, however ultimately it is the business’ or their consultant’s responsibility to properly design the entire environment that sits on top of the cloud provider’s infrastructure. A failure in a component of the cloud ecosystem should not cause a complete outage.
If you are building a system that your business dictates that it requires high levels of uptime, you must include that in your design, whether it is a cloud based or traditional infrastructure. It is as if a failure in a database driven web application with two or more web-servers but only had one database server would be the fault of the database server vendor as opposed to the architect that set up the infrastructure to begin with. Similarly if you are building services that are using an elastic compute front-end and its back-end storage is only on a single storage system, you run the risk of an outage affecting the storage system taking the whole system down.
There are always trade-offs between the cost of a resilient system and the amount of uptime required. For example, if you require 99.9% up time (which amounts to around 9 hours of unplanned downtime each year) then you need to build a system that supports that and adding additional ’9′s grows the cost exponentially. An online flower merchant should plan based on the fact that these 9 hours may occur during the days leading up to Valentine’s Day, for example. Of course in all likelihood outages wouldn’t collect together and happen at the same time.
Unfortunately, businesses that have been hastily throwing their applications and data in the cloud (even very large systems) without failure planning. Without failure planning, businesses leave themselves to undo risk. Whether you are planning applications in your office, at a hosted datacenter, or in the cloud, proper planning with failure in mind is more important than anything.
Check out our Free BDR checklist http://triadanet.com/bdr
As we “weathered” the storm and are coming out the other end, what have we learned from this event? My home and my office are in the same town, but on different ends and they experienced the storm differently. The roads around my office were flooded and could not be reached (except by boat) but had power and connectivity. I use the term physical isolation with connectivity on the BDR whitepaper (http://triadanet.com/bdr) that I published recently. At home, we have a complete loss of power and Internet connectivity except for laptop power and 3G/4G connectivity using a Verizon MiFi.
First we assessed our situation with all of our clients. Although our backup systems have a combination of automatic checking and some periodic manual checking, we felt it was prudent to review each client at a moment in time prior to any potential outage. We reviewed existing backups both onsite and offsite and added some additional backups to take place if it made sense to minimize recovery point gaps (Recovery Point is the difference between your last backup and when you suffered your outage…and therefore the gap in data loss when you bring things back online). This also had the added benefit of potentially reducing recovery times (Recovery Time is how long it would take to bring systems online from when an outage or disaster is declared). We felt these were important since the event could potentially take out more than one client at a time and reducing both of these would allow us to bring up more clients sooner.
During the storm and prior to our power outage at home, I monitored systems in each client office: services, power, and connectivity. Where we were able to, we tested UPS systems to ensure that a power disruption would give us time to shut equipment down without damage. The majority of the storm took place after hours in our area. When we lost power at our home on Saturday night/Sunday morning, I continued to monitor my own systems. Fortunately, our office network did not suffer a power outage and we were able to continue to remotely monitor our clients’ systems.
In the morning, I remotely was able to check to see if our clients’ systems were still operational and provided updates to each of them. Many customers had trouble getting into their offices because of flooding, transit issues, or downed trees, so they worked remotely. Ensuring that their remote connectivity was available was key.
The other issue that arised were systems/connectivity outside of the scope of the office and its locations. For example, one client had perfectly fine internet connectivity, but one of the peering relationships was not working well and therefore voice calls were not passing through properly. These types of issues are difficult to diagnose and report particularly after a major event when the ISP is worried about making sure their customers are up and running and not necessarily the problems any peers may have. This is unfortunate because it ultimately affects the service of a broad number of clients.
Another issue that came up were people working from home (including myself). Fortunately, I was able to reach my office. But many that commute into New York City were cut off and local coffee shops didn’t have power or were otherwise closed. Those that had cellular service were able to at least use those devices to keep in contact by phone and email.
As I look at some of the locations that were harder hit than the NYC metro area, it is obvious that this could have been a bigger concern than it was, but fortunately we had the right kinds of processes and systems in place that allowed us and our customers to get through it. But like anything, there is always room for improvement. Besides letting clients know that their systems were still operational during or after the storm, greater communication leading up to a known event should have taken place. In addition, since some events cannot be planned for like a hurricane, periodic communication in addition to testing plans would be prudent to keep things top of mind.
One unfortunate side effect of these sort of event are knee-jerk reactions and vendor FUD (Fear-Uncertainty-Doubt). For example, one of the things that is cropping up are the large number of cloud related vendors telling companies that if your systems were in the cloud then you won’t have had down time or worried about an outage. This is only partially true. (See “Learning from the Cloud Outages and Failure Planning”) Just like anything else, your systems have to be properly planned out and you need to understand what sort of events you are going to be protected from. Maybe you have an inhouse system that you still can utilize when your office does not have Internet connectivity; that would not be a good solution to put in a cloud). But if you have an applicatin that can be used by a distributed workforce or you have backup systems, those may be good candidates for the cloud. A cloud or hosted solution for your particular critical applicatinos can be a completely viable solution assuming you understand the caveats or they may not. Do your homework and talk to your trusted technology advisor.
Statistics show that disaster preparedness is the single greatest way to increase your odds that you will come out the other end in good shape. For your home, the Red Cross has put together a checklist that you can download and use. Download it here. You probably already have most of these items in your home, but it may make sense to drag them out and put them all in one place.
Keep cellphones charged and use text messaging and turn off extra services like GPS and WiFi as a way to keep battery use down. Keep cash on hand as power outages will affect credit card transactions and ATMs. If you have to evacuate, power down your equipment at home, turn off water and gas. If you have a generator, make sure you have adequate fuel.
Chances are that as most hurricanes, Irene will be largely diminished by the time it reaches us, but with heavy rain and wind comes the high potential loss of power and area flooding. Make sure you have the right supplies to safely get around your house including flashlights with batteries, safe candles, etc.
Have you put together a Disaster Plan for your family? Where do you go and how do you contact each other if you are separated either before, during or after an event? What is each family member’s roles and responsibilities?
Now that your family is in order and prepared, is your business? Most smaller businesses shut their doors after a major event never to reopen. This is a sad state like preparing your family for disaster, preparing your business is the single greatest way to ensure it comes out the other end. Many of the same items for your family apply here as well.
Do you have a Disaster Preparedness plan? Sign up to receive our Pragamatic Business Backup and Business Risk report for free http://triadanet.com/bdr
Bergen County including Northvale, Norwood, Harrington Park, Old Tappan, Emerson, Englewood, Closter, Demarest, Westwood, Paramus, Dumont, Hillsdale. Pearl River, Ridgewood, Englewood Cliffs, Closter, Fort Lee, Hackensack, Teaneck, Montvale, Oradell, River Edge
Rockland County including Nanuet, Piermont, Orangeburg, New City, Nyack and Spring Valley.
Westchester, Stamford CT, Morris County, and Manhattan
201 Firenze Street
Northvale, NJ 07647