Why do so many business owners treat their computers like Rodney Dangerfield... they just don't get any respect! They are an after thought, an annoyance, or unfathomable gadget that is here today and gone tomorrow. The truth is that we have become so dependent on computers to perform some of the most basic business tasks we could never imagine being without them. And, frankly our businesses couldn't function with out them. Why does it take a crisis or major disruption before computers get any respect?!
Anita Campbell wrote an article "5 Success Tips You Never Learn in School" for the online magazine Small Business Trends that echos my sentiment above. The fourth tip in her article is "Treat Your Computer Systems Like a Factory Production Line".
Anita Campbell explains, "For millions of business owners like me, our computers are the biggest set of business equipment we have — and they’re crucial. Without a computer system, I cannot operate my business.Yet, why do so many of us still treat our computer systems as if they’re discretionary gadgets? That’s one of the mysteries of the universe. It’s the Rodney Dangerfield syndrome — they “get no respect.” We don’t back up our data regularly. We don’t do maintenance (such as de-fragging or critical updates) the way we should. Our electronic files are a disorganized mess. We practically ignore our computer systems until a problem happens. Then the problem turns into a full-blown crisis."
So, why do so many business owners ignore their computer systems until there is a full blown crisis? And, that crisis is often a major disruption that can be very expensive due to not only repair costs, but also lost productivity or business. As the industry saying goes, "There are those that backup their data, and then there are those that WILL backup their data!" Why does it take a crisis or major disruption before computers get any respect?!
I agree with Anita Campbell that the aforementioned seems to be one of the mysteries of the universe, but I believe the essential answer to that mystery is as follows: If you don't want your business to come to a grinding halt, because your computer systems aren't functioning, then your goal should be to find ways to prevent problems from occurring or at least minimize the impact of computer disruptions. It seems to me that most business owners would like to accomplish the aforementioned goal, but don't know the "how" of attaining that goal. Then they turn to their computer technician whom they only pay when the computer breaks down. Since, that computer technician only gets paid when the computer is NOT functioning, there is no financial incentive for him to prevent problems from occurring. So, where can a business owner turn to for advice on preventing computer problems and mitigating disruptions?
In the next series of blog posts entitled "The Five Pillars of Computer Reliability and Stability" I'll detail the steps you can take to prevent computer problems and mitigate disruptions in non-technical language. I'll present the "Five Pillars of Computer Reliability and Stability" in a management framework that you can use to manage your computer disruptions more effectively as well as either get you current technician on-board with preventing or mitigating computers disruptions or find a computer technician that will work with you toward that goal.
Thursday, October 11, 2012
Thursday, September 27, 2012
SMB's Suffer High Incidents of Bank Fraud
Guardian Analytics and the Ponemon Institute have combined to publish the results of their Business Banking Trust Study. The study underscores the battle against increasingly sophisticated bank fraud campaigns targeted at small to medium sized businesses.
Some of the reports highlights:
- 56% of businesses experienced a bank fraud attack in the last 12 months. Of those that experienced fraud, 61% were victimized more than once. 75 percent of the businesses participating in the study experienced online account takeover and/or online fraud.
- In 78% of fraud cases, banks failed to catch fraud involving the illegal transfer of funds or other nefarious practices such as information identity theft.
- 38% of respondents said they access their company's banking accounts from mobile devices including smart phones and tablet PCs like the iPad, compared to only 23% in 2010.
What are can you do to avoid being a victim? The follow are best security practices
- When you access your bank account online, do it from a computer that is NOT used to access the Internet or email. You should have a dedicated computer that accesses only your bank account and nothing else. As an alternative, you can configure a "virtual" computer using VMware Workstation. This creates an environment similar to having a separate computer without having to purchase separate computer hardware. Ask Avisotek for more details or your computer service provider
- Change your bank account password every 30 days
- Make sure your computer has a firewall that filters incoming and outgoing network communications. The Anti Virus software should perform "full scans" every day. Security updates to Windows XP or Windows 7 should be performed weekly.
- The computer you access your bank account online should be used for business purposes only. DO NOT download and install games, wallpaper, music, weather bug, desktop themes, etc.
Friday, June 29, 2012
To Cloud Backup or Not To Cloud Backup
To backup your company data in the "Cloud" with an online backup provider or to backup to only a local hard drive? That is what many small business owners are asking themselves these days.
For a small business with inadequate (or no) Disaster Recovery Plan, online backup can be a huge step in the right direction from a data protection standpoint. A company's data is considered one of the most valuable assets a business possesses, and should be protected in the event of a total disaster such as a fire, flood, earthquake, or theft. Therefore, having an offsite backup is very prudent. However, business owners should consider some of the security concerns associated with putting your data on someone else's computers.
Acccording to Kevin Beaver, information security consultant with Principle Logic LLC, "How do you know your backups are going to be secure? It's more than just 'we encrypt' and 'you'll have a login,'" said Beaver. "Online backup environments are just like any other Web application. There are literally tons of security flaws that can be exploited to put your backups at risk. Don't fall for the common 'we're SAS 70 certified' response. Ask for an independent penetration test/security assessment of Web-based environment and ensure the vendor's assessing for new security flaws on a regular basis."
Security expert Jon Toigo, CEO of Toigo Partners International echoed this sentiment. "A lot of cloud vendors will tell you everything you want to hear in order to get your business, but it would take a lot of time and energy for you to go and investigate whether they can deliver what they are saying they can. Interview other customers and make sure there are ironclad security policies in place before choosing a vendor."
If you personally don't have the time to weed out the "Cloud" hype from reality, then consult with your computer services consultant or contact Avisotek.
Also, data backup should only be one component of a full Disaster Recovery Plan. If your server or computer that stores all your company data has a complete meltdown, how quickly do you need to have that computer up and running? Two hours? One day? 72 hours?
How quickly data can be restored from a Cloud backup provider depends on your Internet bandwidth and how much data needs to be recovered. Your can easily recover one Word document in 10 minutes or less. However, recovering 200 GBs of data or thousands of files is another matter. It could take days or even a week. You will need to know what the data transfer rate is in order to calculate how long it will take to fully recover ALL of your data in the event of a complete disaster. If it is going to take too long, then you will need to explore other alternatives.
For a small business with inadequate (or no) Disaster Recovery Plan, online backup can be a huge step in the right direction from a data protection standpoint. A company's data is considered one of the most valuable assets a business possesses, and should be protected in the event of a total disaster such as a fire, flood, earthquake, or theft. Therefore, having an offsite backup is very prudent. However, business owners should consider some of the security concerns associated with putting your data on someone else's computers.
Acccording to Kevin Beaver, information security consultant with Principle Logic LLC, "How do you know your backups are going to be secure? It's more than just 'we encrypt' and 'you'll have a login,'" said Beaver. "Online backup environments are just like any other Web application. There are literally tons of security flaws that can be exploited to put your backups at risk. Don't fall for the common 'we're SAS 70 certified' response. Ask for an independent penetration test/security assessment of Web-based environment and ensure the vendor's assessing for new security flaws on a regular basis."
Security expert Jon Toigo, CEO of Toigo Partners International echoed this sentiment. "A lot of cloud vendors will tell you everything you want to hear in order to get your business, but it would take a lot of time and energy for you to go and investigate whether they can deliver what they are saying they can. Interview other customers and make sure there are ironclad security policies in place before choosing a vendor."
If you personally don't have the time to weed out the "Cloud" hype from reality, then consult with your computer services consultant or contact Avisotek.
Also, data backup should only be one component of a full Disaster Recovery Plan. If your server or computer that stores all your company data has a complete meltdown, how quickly do you need to have that computer up and running? Two hours? One day? 72 hours?
How quickly data can be restored from a Cloud backup provider depends on your Internet bandwidth and how much data needs to be recovered. Your can easily recover one Word document in 10 minutes or less. However, recovering 200 GBs of data or thousands of files is another matter. It could take days or even a week. You will need to know what the data transfer rate is in order to calculate how long it will take to fully recover ALL of your data in the event of a complete disaster. If it is going to take too long, then you will need to explore other alternatives.
Put the "Plan" into Recovering from a Disaster
Four Essential Elements For an Effective Disaster Recovery Plan
Step #1: Identify Which Systems Are Absolutely Critical to Operating Your Business
There are three areas you need to assess: data, systems, and communications. Determine the data that is critical. Your customer database and accounting may be critical, but your employment applications forms may not be. On what computer systems is this data stored? Your company data may not be stored in one location. Data can be scattered over many computers. Also, determine which computer systems are critical. Perhaps, your company website availability is not important, but being able to access the Internet is. Sure, you need to access your customer database, but is printing also critical? Lastly, how do your customers communicate with you? How long can your business survive if all forms of communication are disrupted? What percentage of customers get a hold of your company through the telephone, email, or website? If 90% of you customers choose to contact your company using the telephone, then you could consider your phone system is far more critical than email.
Step #2: Determine How Long You Can Be Without These Critical Systems
If you clients could not contact you because all you communication systems are disrupted, how long will it take before they will contact a competitor? If you cannot process orders, at what point will you lose revenue and potentially loose customers? If you need your systems functional in 24 hours, then a solution that will get those systems functional in 7 to 10 days is not the right solution for your business.
Step #3: Know the Value of Your Critical Computer and Communications Systems
It is easier to figure out what the replacement costs of you computers are, but what about that customer database? How many hours have you spent entering information, comments, orders, etc? How much did you pay employees to enter this data? Sure, you will need this information for insurance purposes. You do need to make sure you are properly covered. And, you can't determine the best coverage until you know the replacement value of your systems and how much business you may lose as a result of the system being down. But, insurance companies do NOT cover data loss, only lost business. How long would it take to reconstruct your customer database? How much would it cost you to have all that data re-entered into the database? You may be surprised to find out that your database may be valued at tens of thousands of dollars.
Step #4 Have a Disaster Recovery Plan in Writing!
This is the most important element that you must have. When a disaster occurs you must be ready to recover and get your business up and running otherwise your business will be a statistic. As simple as it may sound, just thinking through in advance what needs to happen if your server has a meltdown or a natural disaster wipes out your office, will go a long way in getting it back fast. At minimum, the plan should contain details on what disaster could happen and a step-by-step process of what to do, who should do it and how. Also include contact information for various providers and username and password information for various key web sites and services. Writing this plan will also allow to think about what you need to budget for backup, maintenance, and disaster recovery. If you can’t afford to have your network down for more than a few hours, then you need to a plan that can get you back up and running within that time frame. You may want a redundant server, allowing your office to run off the redundant server while the real one is being repaired. And, with “virtualization” there are real inexpensive options to having a redundant server. If you can afford to be down a couple of days then there are less expensive solutions. Once written, print out a copy and store it in a fireproof safe, and offsite copy, and a copy with your IT consultant.
"Open for Business" disaster planning recovery series is an excellent source for those wanting to properly and fully plan for staying open for business in the event of any major disaster.
http://www.disastersafety.org/ofbInfo?execution=e5s2&execution=e5s1&execution=e5s1&type=ofb_basic
Step #1: Identify Which Systems Are Absolutely Critical to Operating Your Business
There are three areas you need to assess: data, systems, and communications. Determine the data that is critical. Your customer database and accounting may be critical, but your employment applications forms may not be. On what computer systems is this data stored? Your company data may not be stored in one location. Data can be scattered over many computers. Also, determine which computer systems are critical. Perhaps, your company website availability is not important, but being able to access the Internet is. Sure, you need to access your customer database, but is printing also critical? Lastly, how do your customers communicate with you? How long can your business survive if all forms of communication are disrupted? What percentage of customers get a hold of your company through the telephone, email, or website? If 90% of you customers choose to contact your company using the telephone, then you could consider your phone system is far more critical than email.
Step #2: Determine How Long You Can Be Without These Critical Systems
If you clients could not contact you because all you communication systems are disrupted, how long will it take before they will contact a competitor? If you cannot process orders, at what point will you lose revenue and potentially loose customers? If you need your systems functional in 24 hours, then a solution that will get those systems functional in 7 to 10 days is not the right solution for your business.
Step #3: Know the Value of Your Critical Computer and Communications Systems
It is easier to figure out what the replacement costs of you computers are, but what about that customer database? How many hours have you spent entering information, comments, orders, etc? How much did you pay employees to enter this data? Sure, you will need this information for insurance purposes. You do need to make sure you are properly covered. And, you can't determine the best coverage until you know the replacement value of your systems and how much business you may lose as a result of the system being down. But, insurance companies do NOT cover data loss, only lost business. How long would it take to reconstruct your customer database? How much would it cost you to have all that data re-entered into the database? You may be surprised to find out that your database may be valued at tens of thousands of dollars.
Step #4 Have a Disaster Recovery Plan in Writing!
This is the most important element that you must have. When a disaster occurs you must be ready to recover and get your business up and running otherwise your business will be a statistic. As simple as it may sound, just thinking through in advance what needs to happen if your server has a meltdown or a natural disaster wipes out your office, will go a long way in getting it back fast. At minimum, the plan should contain details on what disaster could happen and a step-by-step process of what to do, who should do it and how. Also include contact information for various providers and username and password information for various key web sites and services. Writing this plan will also allow to think about what you need to budget for backup, maintenance, and disaster recovery. If you can’t afford to have your network down for more than a few hours, then you need to a plan that can get you back up and running within that time frame. You may want a redundant server, allowing your office to run off the redundant server while the real one is being repaired. And, with “virtualization” there are real inexpensive options to having a redundant server. If you can afford to be down a couple of days then there are less expensive solutions. Once written, print out a copy and store it in a fireproof safe, and offsite copy, and a copy with your IT consultant.
"Open for Business" disaster planning recovery series is an excellent source for those wanting to properly and fully plan for staying open for business in the event of any major disaster.
http://www.disastersafety.org/ofbInfo?execution=e5s2&execution=e5s1&execution=e5s1&type=ofb_basic
Thursday, June 7, 2012
LinkedIn Password Compromised - What Should You Do?
Yesterday, LinkedIn confirmed that millions of LinkedIn users passwords have been compromised. Later, LastPass’s and LeakedIn websites offered tools to enter your LinkedIn password to find out if it had been compromised. Why bother! Just change your password! It would take less of your time than going to one of these websites....and you should be changing your password regularly anyway.
I agree with Jim Bliss comment to article "How to Check If Your LinkedIn Password Was Stolen" on mashable.com:
I agree with Jim Bliss comment to article "How to Check If Your LinkedIn Password Was Stolen" on mashable.com:
Saturday, May 12, 2012
"Disaster Recovery Plan" May Not Be Sexy, But It Will Save Your Business Assets
I think Dale Carnegie said it best "plan for the worst, and only good things can happen". In previous blogs I've talked about how 50% of businesses file for bankruptcy immediately after a disaster which prevents them from accessing their data for 10 days or more. 93% will file for bankruptcy within one year following a disaster. Clearly, these companies were ill prepared, and the worst happened because of this lack of preparation.
In the blog "What Kind of Disasters Can Put Your Business Out of Business" I discussed what were the most common disasters that caused these companies to file for bankruptcy. Many of these so called "disasters" do not fall in the category of "acts of God". In fact, the majority of these disasters are "man made" and therefore are 100% preventable.
It does take information to know what to do, and it takes motivation to implement a plan. Sitting on the information won't do you any good. You need to put that information into action. Now that I've outlined what can happen and how certain disasters can impact your business, you will need to know what can be done to prevent, mitigate or even recovery from these disasters.
The best approach to managing disasters is a combination of the following:
But, what is this disaster prevention and planning going to cost my business in time and money?
That is an excellent question, but you are putting the cart before the horse. You should first ask, "If a particular disaster strikes my business, what will be the financial impact on my business?" And, you need to determine not just the short term financial impact, but potentially the long term financial impact as well. Once you have put together reasonably accurate financial impact numbers, then you can start examining the disaster prevention and recovery planning costs. At this stage it is more like shopping for insurance.
In the next series of blogs I'll drill down into more detail about the most effective methods of disaster recovery and prevention planning.
In the blog "What Kind of Disasters Can Put Your Business Out of Business" I discussed what were the most common disasters that caused these companies to file for bankruptcy. Many of these so called "disasters" do not fall in the category of "acts of God". In fact, the majority of these disasters are "man made" and therefore are 100% preventable.
It does take information to know what to do, and it takes motivation to implement a plan. Sitting on the information won't do you any good. You need to put that information into action. Now that I've outlined what can happen and how certain disasters can impact your business, you will need to know what can be done to prevent, mitigate or even recovery from these disasters.
The best approach to managing disasters is a combination of the following:
- Disaster Prevention
- For those events that are within your control to prevent then take the steps necessary to prevent the disaster from occurring. Even if you are not confident you can 100% prevent the event, even reducing the likelihood or mitigating the effects can save money or even your business.
- Disaster Recovery Planning
- For those events that are outside your control then develop a plan to recovery from these disasters in such a way that produces the minimal impact on your business when that disaster strikes
But, what is this disaster prevention and planning going to cost my business in time and money?
That is an excellent question, but you are putting the cart before the horse. You should first ask, "If a particular disaster strikes my business, what will be the financial impact on my business?" And, you need to determine not just the short term financial impact, but potentially the long term financial impact as well. Once you have put together reasonably accurate financial impact numbers, then you can start examining the disaster prevention and recovery planning costs. At this stage it is more like shopping for insurance.
In the next series of blogs I'll drill down into more detail about the most effective methods of disaster recovery and prevention planning.
Saturday, March 24, 2012
What Kind of Disasters Can Put Your Business Out of Business
When a disaster occurs you will want be ready to recover and get your business up and running ASAP, otherwise your business might be a statistic. Considering that 93% of companies that lost access to their data for 10 days or more filed for bankruptcy within one year of the disaster, and 50% file for bankruptcy immediately, you can't afford not to be prepared...unless you are prepared to completely lose your business!
In order to prepare you need to know what to prepare for...
What kind of disasters caused the above mentioned businesses to file for bankruptcy?
As you can see, not all disasters are "Acts of God" out of your control. In fact, numbers 2 through 8 are 100% preventable. To prevent these disasters you just need to know what process, procedures, or products to put into place.
How did these disasters impact the businesses to the point of putting the company out of business?
The answer is actually pretty simple. Essentially, the businesses were unable to deliver their product or service to their clients because...
And the above is just to name a few causes, but you get the idea.
Next Blog: What steps you need to take to prevent the above from happening to your business.
In order to prepare you need to know what to prepare for...
What kind of disasters caused the above mentioned businesses to file for bankruptcy?
- Fire, flood, earthquake, tornado, or other natural disaster that caused major damage to the computer systems or completely destroyed the building where the business was located
- Theft of the major or all computer systems and/or data
- Electrical surges, brown outs, or power outages that caused electrical damage to the computer systems
- Act of sabotage which in most cases were directed at the most important data or database by a disgruntled employee or contractor
- A lawsuit brought against the company for lack of required data security
- Lack of sufficient environmental controls which caused the computer systems to overheat to the point of complete failure
- A virus infection which was designed to wipe out or erase all data on a computer hard drive
- Hardware failure from normal usage
As you can see, not all disasters are "Acts of God" out of your control. In fact, numbers 2 through 8 are 100% preventable. To prevent these disasters you just need to know what process, procedures, or products to put into place.
How did these disasters impact the businesses to the point of putting the company out of business?
The answer is actually pretty simple. Essentially, the businesses were unable to deliver their product or service to their clients because...
- Customers could not communicate with the business due to phone or email systems being unavailable
- Ordering, inventory, and accounting databases were lost or unavailable preventing the processing of customer orders
- The good name or reputation of the business was lost causing customers to go elsewhere because of lack of reliability, slow delivery of product, or lack of confidence their private data is secure
And the above is just to name a few causes, but you get the idea.
Next Blog: What steps you need to take to prevent the above from happening to your business.
Subscribe to:
Posts (Atom)
Why LastPass’s and LeakedIn’s password checking tools (above) are really not a good idea:
1) They only check a subset of the leaked passwords. Therefore, even if you get a ‘clear’ result this can not be relied upon as there are many leaked passwords that are not checked against.
2) Recommending users to enter their passwords into third party sites is asking for trouble, desensitizing users to the problems of phishing.
3) Sooner or later (if not already) a site will spring up claiming to check passwords only to store them for nefarious use (yes, without a corresponding username / email address it is arguably less problematic; however, it would still be useful data for a cracker enabling them to hash the captured password and see if there’s a match and, bingo, you’ve done their work for them).
Far better advice, IMO, is to ignore the checking tools and just change your password.
Checking with these tools provides no security or assurance whatsoever.