4 Checkpoints to Make Your Disaster Recovery Plans Bulletproof

If you store larger volumes of files or customer data, your business is always at risk of a data breach or ransomware attack. If you can save your business from being encrypted, the second hurdle comes with meeting the compliance for your industry, as well as the companies you serve. As business’ working in the SF Bay Area, it’s our responsibility to assist in the various data-protection regulations that cost companies, more than money, sometimes it costs a business their reputations.

In this blog, we will discuss the key elements to building your next backup strategy:

1. Determine What Frequency Fits YOU
Most of the time, business’ have a hard time finding a starting point when it comes to disaster recovery and data retention. First, you will need to define how often you should back up, these are based on industry attacks or the amount of data you’re hoping to save. Does it depend on the volume of data that your end-users produce? To maximize both your investment backing up data every 24-hours has become the minimum for most industries, with once a week slowly dying out. Planning today for the worst, especially when coughing-up large amounts of money for ransomware payments are no guarantee that you get your data back.

2. Can Your Backups become Automated
Don’t leave a margin for error to occur, forgetting to run a backup device has no excuse! If you’ve made the mistake of losing large volumes of data or forgot to run your backup rest-assured in knowing, most enterprise-grade backups work to fix the “human error,” by automating the process entirely.

3. Data & Backups Can Scale
In the past, scaling infrastructure was cumbersome and difficult. To avoid the headaches, companies have begun safeguarding data, by taking several routes to backup data. With ransomware becoming more prevalent with encrypting backup devices, a single copy for many larger organizations simply won’t be enough.

Having local on-premises backups (accessible faster) works great when paired with storing data in the cloud. Many businesses’ have begun this process, between Microsoft OneDrive (Excel, Word, PowerPoint) Adobe Suite (Acrobat) and customer information, do you really know where all these copies reside? Does your business have a fail-safe strategy in place for fast recovery?

4. Avoiding the Trial by Fire Mindset
I’m sure many of you have heard that practice makes perfect, but regularly testing backups, and monitoring their alerts daily has become common-place in today’s connected landscape. One of the many famous stories surrounding backup incidents can be found no further than Pixar’s California Office in Palo Alto, CA.

“Back in 1998 the developers at Pixar were creating the movie, Toy Story 2. An animator working late on file cleanup entered a command that accidentally deleted almost all the production files. Recalling the backups taken every day, the animator didn’t panic. However, when the team went to recover the files after coming in the following day, they found a solution that was no-longer working. This was in 1998, so the amount of time needed to properly test these solutions was far-greater, and the procedures have quickly become streamlined. In a sudden turn of events, the technical director for the movie had an offsite backup they used to restore the footage and bring the $100,000,000 Doller film to market.”

As you and I both know, the movie was produced but this story highlights one of the MOST common ways a business suffers from not having a backup solution, and a plan to compliment it. Building a solid strategy should be mission critical to businesses currently going without. Bring together your solutions arsenal and align your backups, ransomware protection. Staying protected from such attacks as ransomware, 24 hours a day, 7 days a week, 365 days a year, can be tough, but making sure your business is prepared, cannot be ignored, learn a better methodology to alerting your staff of backup success, and status.

3 MSP Best Practices for Protecting Your Users

Cybercrimes are reaching all-time highs, with many organizations being hit with at least one of the 230,000 attacks that occurred in 2017. As a Managed Service Provider, it’s our job to make security a priory for clients in 2018. By following 3 simple best-practices, we use to begin protecting NetCentral Partners. Built to enhance MSP security, mitigate client risk, and grow your revenue.

User Education

Effective anti-virus is essential to keeping your business protected, but it’s simply not enough. With increased risks and social engineering, many have found the need for user education as a major objective for 2019. By educating end-users through security awareness training can reduce the cost of infection or data breaches. These tactics have evolved, and are beginning to target businesses through social engineering, and the favorite method for delivering an attack.

Common Social Engineering Includes:

–  Typically, an email from a trusted friend, contact, or colleague, whose account has been compromised. The message will usually have a URL link to open or download, and invoice or website.

–  Phishing emails, comments, or text messages luring readers to confirm the legitimacy of your accounts. These are usually fake email vendor emails that have been spoofed or recreated by these criminals.

–  Fraudsters are more common in major business cities like San Francisco, Oakland, San Jose, California. These criminals leave USB or zip-drives around the company’s premises, in hopes a curious employee takes it. Hoping a curious employee will insert the temporary storage it into a computer providing access to company and personal data that is saved on your systems.

These attacks are usually devised through relevant and timely education can minimize your exposure to breaches caused by user error. By training our partners and clients on social engineering, and other tactics including ransomware, email passwords or data protection, you assist in fostering the behavior with which you wish to see across your organization.

Backup & Disaster Recovery Plans

Your IT support team should always stress the importance of backups and creating a disaster recovery plan, with regular testing of each asset. If hit with ransomware, without a secure backup, businesses face the intended ultimatum. To pay the ransom and risk the money or lose countless amounts of company data.

We’ve continued to offer our clients options to fit their network, with automated cloud-based backups and physical appliances for any company’s data retention policies to avoid encryption. With access to data anywhere at any time, the best form of proactive support comes with the industry knowledge gained from building business continuity plans.

Things to Consider:

–  Who declares the disaster?

–  How are employees informed?

–  How will you communicate with customers?

The secret to building the perfect disaster recovery plan for your business comes after the plan is implemented. The most common failure point for many businesses before NetCentral support is a failure to test a backup solution. Then a small-scale disaster or accident occurs, and your business can’t restore its data. Imagine the loss of business financials, intellectual property, client data. Insurance won’t pay you for lost information, and your disaster recovery plan is the only thing between business risk and your employees. Once a plan has been implemented and adopted by the staff, it’s important to develop your process.

Patch Management

Patch Management continues to be one of the largest areas of vulnerability for businesses with more than 2 “production” servers. Most updates are security related and should be updated as needed. Outdated technology, including an operating system (OS) or Java, are common exploits in several of this year’s largest cyberattacks. By staying atop of operating system updates, you prevent your business from learning a “very costly lesson.” A great example, of this, was back in 2017, with Windows 10. Win10 initially only marked 15% of malware files, while Windows 7 machines saw over 63% according to Webroot’s 2018 Threat Report.

Patching Process

Your patching process should feel like “a never-ending cycle,” of auditing existing systems to generate a complete inventory of all your production systems, their standardization, and operating systems and applications. By building these standards with a trusted IT support team, your patching process will become easier. Through the classification of vulnerabilities, higher priorities can be remedied, while lower vulnerabilities begin to be automated, never disrupting your workday again.

By following these best practices, your business can begin thinking like an MSP. This will ensure the safety of your business, but also securing customer data. Business owners looking to scale operations should be looking to align business objectives, with an MSP that focuses on your IT experience, if you’re in need of IT Support and Services, we can help! Contact us, to begin talking about your IT stance.

Retention Best Practices: What to Do with All of That Data

Your data retention and customer information are the lifeblood of your business – there’s no denying data’s importance, especially in day-to-day operations. Today, organizations across all industries are tasked to protect this vital info, retain it, and provides access at all hours. Yet, all we’ve seen was a lack of the appropriate archiving and retention policies upon initial inspection.

Building Data Retention

As your MSP, it’s our job to be your strategic advisor and help them understand exactly what their retention requirements are for various business needs. By looking to clean up your IT environment and implement retention policies for more secure, and accessible data you can gain an edge on the pitfalls of errors and mistakes.

By establishing data retention policies, here are some key points you should consider. Keeping in mind, that not all data is created equal—the first step in establishing appropriate retention policies, which data needs to be archived, and for how long.

 

Step 1: Classifying

Strike a balance between what’s optimal for your business needs vs. cost-effectiveness, by asking some of these questions before classifying or deleting data.

– Is this info critical for the customers’ business operations?
– Would your data be classified as a permanent document of any kind?
– Is your data considered proprietary intellectual property?
– Does your data reflect the current, legitimate and useful information or needs?

Data that fits none of these criteria may be suitable for deletion – although most data is generally retained for at least a twelve-month period, with a very small percentage needing to be retained after that period for legal holds. Assess value and risk before deleting anything and consider cost and storage requirements when choosing to keep anything else. There should be no arbitrary or ambiguous data—everything must be accounted for.

Step 2: Compliance

There is a hierarchy to follow when determining which data must be stored. Ensure data retention policies align with any of the following compliance or regulatory restrictions:

Regulatory Compliance
Whether it’s HIPAA, FINRA, PCI, or other regulatory concerns, know your verticals, and know the law. What data must be kept (and for how long) can vary significantly from one industry to the next.

Legal Concerns
Retain all data that could be subject to legal discovery or would be needed in legal action should it arise.

Pro Tip: If you need a long-term storage solution for less time-critical data, you can leverage our series of cost-effective data retention and BDR solutions.

 

Step 3: Deletion

Once your identified data no longer serves any useful purpose, there’s more to do than simply emptying your desktops recycle bin. Set expiration dates for all data when establishing retention policies unless it’s designated to be retained in perpetuity. It should be noted, that when data has exceeded the retention limits, it should be deleted immediately.

Finally, data that is retained must be data that is accessible. Choose a fast and searchable archival method to access data and determine what frequently-used data (if any) should be kept “live” outside of archival applications.

For anyone unsure of their backup and disaster recovery technology, and its configuration, we can help. With over 30 years of experience, with information technology, our trained IT consultants can get you started down the right path.

 

Secure your Remote Desktop Protocol RDP with Managed IT Support protection.

How to Devise a Budget that includes your Disaster Recovery Plans

Planning and disaster recovery, more importantly, budgeting, is one of those tasks few business continuity managers look forward to completing every year. After all, it can become a pretty involved, and complicated processes for anyone, often seen as sobering to tally-up the final bill. Love-it or hate-it, devising a business disaster recovery (BDR) budget is a necessary evil which nobody can avoid. On the bright side, there are some simple steps you can take to ensure you spend wisely on a disaster recovery budget.

Rally the Troops

Call in the troops with a rallying cry for disaster recovery to protect the entire organization. By design, planning and budgeting should involve the CEO, or top-level management, and department leaders across the company — not only IT. Key members from varying departments like sales and customer service can drive budgeting needs by contributing valuable insights on how systems and resources are used, performing, and the maintenance needed. Business owners and CIOs can see what the plan entails, and decide how to best execute the proposed strategies while staying within the budget.

Know What’s Important

After you’ve rallied the troops and the advocates, your next step would be to focus the bulk of your disaster recovery planning efforts around your most precious asset. For most, business begins and ends with data. Data can be perceived as analytical, or informational bits and bytes that make up the information that runs your business.

Commonly, these budgets should be structured in a way, to cover vital company information from various angles. An example of this can be found at some level of most businesses. The entire organization uses a firewall(s), to ward off network attacks at the perimeter level. Anti-virus and end-point protection halt threats on production servers or prevent data encryption. Although the equipment varies from one company to another, but eventually technology breaks. Having an on-site, and an off-site backup plan will ensure that your business line data can be recovered fully, and reliably.

Business Risk Weigh-out

Now it’s time to hone in on actual disastrous scenarios. This is when your staff can assist in identifying the biggest threats to your business. Begin to engineer strategies to minimize the exposure and risks to data. Your hardware and data’s physical location is always a factor, but most organizations should thoroughly plan for both natural and accidental disasters. Although you might have prepared a comeback from fire or flood, have you given thought to disgruntled employees? What about cybercriminals, and hacking?

From here, we can begin working on a budget that properly reflects, the tools and resources needed to put your strategy in place. Our managed service partners have the freedom to budget in anything from training internal-staff in advanced cybersecurity measures to our network monitoring process. Your budget must cover the workforce needed to spring into action during these disaster recovery scenarios.

Prioritize Your Assets

One of the biggest mistakes you can make in disaster recovery planning is treating each system and process as equals. Why? Because it often leads to employing “grade-A” protection across your infrastructure. Not quite sure where your resources rank in the pecking order? Well, this is where a detailed business impact analysis (BIA) comes in handy. A BIA will identify each resource in your environment. It will also help drive your budgeting efforts based on their order of importance.

Fund Your Budget Wisely

Smart budgeting is about setting your limits and staying within those very boundaries. Your ability to stay within that safe zone will largely depend on your organizational structure, but some companies are already allocating a sizable portion of their budget towards disaster recovery services. Typically, we see those that operate disaster recovery as its own separate line-item, taking a more targeted approach for every department.

Your Peace-of-Mind

Unfortunately, things don’t always go according to plan. Failed backups or lapses in communication, these roadblocks can lead to stumbling over the hurdles to recovery. Your disaster recovery can be seen as an ongoing process, without a time constraint, you can periodically test your solutions along the way.

If your company is struggling to get over any of the hurdles on the road to successful disaster recovery, contact us to begin a no-cost, no-obligation conversation with one of our friendly staff members.

Three Most Common Network Security Failure Points for Businesses

Network security continues to be at the forefront of Bay Area businesses. The threats posed to an Information Technology (IT) network are well known – there’s a new story daily of malware or hackers tampering with or destroying data. Most companies make an effort to prevent such attacks on their IT infrastructure, but many, if not most, don’t do enough.

Here are some common mistakes companies make when it comes to network security:

Failure to Plug All the Holes

Most companies with a network connection to the internet have some sort of firewall regardless of hardware, software, cloud or on-premises. But how carefully was that device chosen and how was it configured? Your choice of the firewall should be more than a call to your internet service provider. With so many choices, it can become difficult to wade through the separate vendors. There are thousands of logical ports through which a hacker could gain access to the network, are they all protected? These are the questions you will need to ask yourself as a tech-savvy individual.

The network edge is not the only attack vector. Malware can breach the network via email, a USB port or through an infected website. A firewall alone cannot prevent all threats from entering your network.

Failure to Build Security into the Corporate Culture

The old saying is, a chain is only as strong as its weakest link. Similarly, network security is only as strong as its weakest point. Systems and devices can help, but unwitting employees can expose the network to attack, and in many cases, accidentally launch the malware. Having a good Security Policy is important. Enforcing it, and making sure everyone from the boardroom to the mailroom follows it is even more important. Employees should be trained in how to recognize common email scams.

Keys to Network Security

IT network security is critical and requires an IT consultant with up-to-date experience in all the ways business networks can be attacked from outside sources. Malware, hackers and other cyber attackers present serious risks to your system. Network security demands a robust plan for prevention of attacks and what to do when attacks occur. Corporate culture can be part of the problem or part of the solution.

Failure to Assess and Update Security Measures

Technology changes occur at an accelerated rate. How can the firewall that was installed three years ago be effective against the latest methods and technologies used by cybercriminals? The technology within the company changes, as does the personnel. These create a lack of continuity which isn’t scalable in any fashion

Regular assessments of the network’s security, along with reviews of the corporate Security Policy, and continued education for the staff, is necessary to stay as far ahead of the “bad guys” as possible. They’re not standing still, so you can’t afford to, either.

It’s wise to have a third party conduct security assessments (some industries even require it), and an IT consultant can help you create a workable plan to bolster your network’s protection against attack and keep it up to date.

Data Backup and recovery ebooks for Bay Area business

Multi-Factor Authentication: Locking down Your Business Data from Hackers

Logging into systems has been common for information workers for decades. The idea was, only you would know your login and password, and this would keep your information safe. The company data you’re protecting is more important than ever, and the tools cyber-criminals employ to get access to your data are growing in sophistication – making multi-factor authentic the best fit for most businesses.

Security experts have been recommending multi-factor authentication as a means of protecting access to systems for years, but what does the term mean?

What Is Multi-factor Authentication:

Multi-factor authentication adds different levels – in addition to what you know, it may also employ “who you are,” (Biometrics) or “what you have.” (physical token, or personal device) Using more than one level of authentication makes “hacking” into your accounts nearly impossible. The largest benefit to most businesses securing their data with multi-factor authentication is the use of single sign-on.

We’ve grown accustomed to passwords that must be changed every so often. However, multi-factor authentication often employs information that is generated when you try and log in, and is used only once, creating a different set of credentials each time.

Does this add complexity to the user experience? Yes, by design – but if you’ve ever watched someone quickly scan an access card (something they have) and then enter a quick code (something they know) to access a facility, you can see how quickly this can become routine.

Adoption of Multi-Factor Authentication:

For many vertical industries, companies must comply with regulations regarding physical and technical security. Those who provide services, or support to those companies should also be familiar with its compliance as well. Multi-factor authentication is no longer an “enterprise product.” Being found in such technology as Office 365, Microsoft 365, G-Suite (Gmail), or the latest cloud environments.

Wish to Enhance Security in Business-Line Applications?

Clare Computer Solutions can help your company evaluate options for multi-factor authentication, and then implement the solution that best suits your needs. Contact us to get started – the stakes are too high to wait.

Spooked by the Number of Zombie IT Projects at Your Business?

Have you ever started IT projects at your company that burst out of the gate with great verve and energy, only to get bogged down in problems and questions, stalling out at 90% completion forever? This is referred to as a “Zombie IT Project,” and they can be annoying, or at worst, they can be a devastating drain on time, money, and company assets.

 

“Why is our organization having such a hard time crossing-off these zombie projects?”

 

 

Unrealistic Goals from the Outset

Sometimes, a project can be doomed from day one, because the final goal is not realistic. Hindsight will usually pinpoint what went wrong for most companies, but by then, it’s too late. You’re months into the project, your money has been spent, and you’re left with an undead, Zombie IT Project on your hands!

 

Resource Issues

Your project goals might be realistic and on target, but you may have bigger problems ahead, with resource issues. The personnel needed to bring the project to fruition isn’t available, or, more often, gets reassigned mid-project. What was once a well-planned project gets derailed and never seems to get finished.

 

Poor Project Management

You’ve set a realistic goal, and created a decent plan, and you have the people to get it done – so you’re all set, right? Wrong – someone must be in charge. A project of any complexity will have a number of moving parts, all on their own schedule.  If no one’s responsible for making sure everything is done, then everything won’t get done.  Minor issues and questions will bring the project to a Zombie halt.

 

Scope Creep

We have all had “that boss,” the one who comes in mid-project, and adds more to your list of tasks.  “As long as you’re doing ‘that,’ you might as well do ‘this,’ right?'” Nothing causes a project to enter the netherworld like allowing extra tasks to be tacked onto to the original plan. It’s not always possible to anticipate every twist and turn in a project, but anything that comes up that lies outside the original scope needs to be identified as such and managed separately.

Most companies don’t tackle IT projects often enough to gain the experience and insight needed to ensure a project is designed correctly, has the appropriate resources dedicated to it, managed properly and held within scope.

 

Resurrecting IT Projects

An IT Project should result in a positive transformation for your business, and pay for itself over a reasonable length of time.  A project that never gets done has the opposite effect – therefore, it’s wise to hire the expert services of a firm experienced in IT Project Management. It’ll save you time, and money in the long run!

 

Clare Computer Solutions has designed, launched, managed and completed hundreds of IT projects. We know how to bring even the most complex projects to a successful conclusion. We can help your company, too. It all starts with a conversation. Contact us to get started.

October is National Cyber Security Awareness Month

The Department of Homeland Security has designated October as National Cyber Security Awareness Month. This is an annual campaign to raise awareness about the importance of cybersecurity. The Internet touches almost all aspects of everyone’s daily life, whether we realize it or not.

National Cyber Security Awareness Month (NCSAM) is designed to engage and educate public and private sector partners through events and initiatives to raise awareness about the importance of cyber security, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident.

Clare Computer Solutions is very involved in helping clients ensure they have the tools and education to mitigate the risks from a variety of cyber threats. The NCSAM website has some tools, too – and they break them into separate toolkits for a variety of users. They call this the “StopThinkConnect Toolkit” – they have some very sensible advice.

Here’s the URL to access these tools: 
https://www.dhs.gov/stopthinkconnect-toolkit

Busy executives may find it difficult to take the time to go over these materials in detail, but Clare Computer Solutions can definitely help. We can have a conversation with you, learn about your business, help you pinpoint your major concerns around cyber security or any technology, and help you devise a road map to prepare your company to avoid problems with cyber attacks.

Threats include malware (viruses, worms, ransomware), and hacking. The consequences can be business disruption, destruction of data, and theft of data. These threats come in from a variety of places – from sophisticated hackers getting through a firewall, to unwitting employees clicking on an email attachment.

Your employees, your colleagues, and especially your customers, are counting on you to take the proper steps to protect your business. It all starts with a conversation – contact us to get started.

Cyber Security Awareness month

When Is it Time to Call an IT Consultant

When is it the right time to call an IT consultant? As information technology continues to change, the lines can be blurred as to when your business should bring in an IT Consultant. Any modern business with more than a handful of people has an IT infrastructure, and this has been the case for at least a decade. What has changed, is people are generally more familiar with technology, and the technology itself has become more user-friendly. Many aspects of maintaining that infrastructure have grown easier.

Another change is the depth to which technology has permeated business operations. It’s not just crunching numbers anymore, or word processing. Technology affects every aspect of a business, from marketing to operations, accounting, and communications. This should be seen as good thing, but managing the IT infrastructure has not become easier. With clouds, and SaaS, VDO, DNS, VMWare, it’s no wonder companies drift off course.

This is where an IT consultant can make a huge difference for your company. Even if you have an in-house IT staff to deal with parts of your network, there are some areas where a consultant can add tremendous value. Here are a few of them.

Strategic Planning

Despite IT being an integral part of most businesses, we don’t see many hiring IT staff with business skills.  An IT consultant can help you align your IT initiatives with your business goals – going beyond technical details and guiding IT decisions and plans with a business context.

Multi-Vendor Management

Most infrastructures contain equipment and services from a variety of vendors. This is fine – you should choose the products and services your business needs. But all these things have to work together, reliably, for your business to really realize the power of this technology. When things go awry in a complex environment, vendors often default to an “not our fault” mode, making sorting out of responsibilities and next steps, a real struggle. A consultant can aid in unraveling issues that span, several vendors’ products and services.

Hybrid Environments

The cloud is here to stay, but most businesses aren’t moving everything to the cloud, for a variety of reasons. For businesses that are considering moving workloads to the cloud, an IT consultant can help by evaluating a company’s existing IT environment and devising a cloud strategy to determine which workloads should be moved to the cloud, when to do it, and how to manage the resulting hybrid environment.

Clare Computer Solutions has helped hundreds of companies in the San Francisco Bay Area grapple with the complexities business encounter with regards to technology, and helped companies integrate IT into their business operations to provide the best advantages. We can help you, too – and it all starts with a business discussion. Contact us today to begin the process!

Hybrid Infrastructure Trends Towards “Everything-as-a-Service”

For years, Information Technology (IT) focused on physical platforms – the computers and the software that ran on them.

IT costs were capital expenditures that purchased these products initially, and as they reached the end of their lifespans, more capital expenditures were incurred to replace them.

This was the normal way to do business and this model was the standard for decades.

The rapid changes in physical platforms led to an undesirable result: companies found they had equipment that was considered obsolete more quickly, than ever before, and that drove costs up, to try and keep the infrastructure modernized.

Sometimes companies try and beat this trend, by over-buying computing capacity, in the hopes that a company could grow into it before the hardware became obsolete. As server virtualization became more common, and internet bandwidth came down in price, this opened up a new paradigm – buying IT capabilities as an ongoing service.

This had several appealing characteristics:

  • Increased agility – it’s fast and easy to build out computing capacity in the cloud, and it’s easy to adjust that computing capacity, so companies can buy only what they need when they need it. Some services can be allocated dynamically, too.
  • The shift of IT expenditures from capital expenditure to operational expenditure – this makes managing cash flow easier.
  • Decreased consumption of space and power for physical servers in the office.
  • Protection from hardware and software obsolescence – the cloud provider handles ensuring up-to-date versions of hardware and software are being used.

 

Does this mean companies should immediately put all their IT workloads in the cloud?

Of course not, for several reasons. First, your existing infrastructure could be a year or more away from obsolescence. Or your business may have specific applications that do not lend themselves well to cloud computing.

Many businesses opt for a hybrid infrastructure, with some services delivered by the “as-a-service” cloud subscription model, and others through on-premises infrastructure. Regardless, cloud services present a win-win scenario for businesses to utilize the best technologies to make their business run better and compete more effectively in their market. Clare Computer Solutions has been helping companies realize the power of technology for over 25 years – we can help your company, too. It all starts with a conversation – contact us to begin your transformation.