Boost IT

Managed IT, Cybersecurity, Cloud - Atlanta, Dunwoody, Buckhead

Disaster Recovery

IT Recovery After a Major Flood

by

Natural disasters can be devastating. A major flood can destroy everything. When we look at the flooding from Hurricane Harvey, it can be difficult to imagine that it can happen to any of us. But it can. While a business can rebuild and purchase new IT infrastructure, what would happen to your business in the case of data loss?

According to the FEMA, “Protecting Your Business” article, almost 40 percent of small businesses never reopen their doors after a flood disaster. Another statistic from the National Archives and Records Administration indicates that approximately 60 percent of companies that lose data after a disaster shut down within six months. Preparation is critical to avoid this happening to your business.

In early August, Boost IT worked with a client in Atlanta where their office flooded. It wasn’t a historic flood like Hurricane Harvey, but it was severe enough to be destructive to their business. Electronics and water don’t mix, so as you can imagine their infrastructure was useless after the flood waters receded. Even desktop PCs that were elevated had to be replaced because once water got into the electrical system it sent power surges to any connected electronics or technology devices.

Luckily, our client was prepared for the unexpected. Boost IT helped them get back to work within 24 hours at another location while we procure new equipment and got it installed in their new space. Since we designed and managed their network that included on-premise storage for speed and cloud storage to use in a disaster recovery scenario, it significantly reduced their downtime and gave them peace of mind that their data was safe.

Start with Prevention

When preparing for the unexpected, the first step is understanding the two main ways floods happen.

o   Natural disasters like hurricanes and other storms that involve rain

o   Engineering issues like a weak dam or building structure damage; this can be a water leak from a burst pipe or broken plumbing structure

Prevention is always the best way to minimize a problem. Maintaining piping and structures is necessary to help prevent floods for plumbing, roofs, and structural damage. In a similar way, maintenance of your IT system can help prevent data loss from infrastructure that is damaged during a flood. That maintenance should include verifying your backup and recovery system is operating properly and testing it daily.

Have a plan

While IT infrastructure can be replaced, many companies can’t recover from a flood after the intellectual property is lost. The replacement of hard drives and other infrastructural creates downtime. Your staff can often redo some of the work that is lost, but if a server that connects to multiple workstations fails, your problems with downtime can multiply fast. Therefore, it’s important to have a solid disaster recovery plan in place before a flood occurs.

Recovering IT so you get Back to Business

When you have a backup recovery plan, you are prepared to restore data that was backed up to a device or cloud server. It’s important that your backup system is in a different location to protect it from flooding. In developing your backup recovery plan, consider what files are necessary to store in a server on the premises, which ones need to be on a server off the premises, and which require a backup.

More companies are recognizing the alternative of utilizing cloud storage so files are secure and not affected by a natural disaster, such as a flood. While cloud storage might not be right for storing all your files, it can help reduce the amount of data that needs to be restored, and provide instant access to minimize downtime so employees can work remotely for business continuity.

Boost IT assists with planning backup and disaster recovery services, and providing cloud and DRaaS. Understanding the differences in these services can have a huge effect on your business revenue in case of flooding. For more information, read our blog post about The Differences between Backup, Disaster Recovery, & Business Continuity or contact us at 404-865-1289.

Protect Yourself and Clients From Malware

by

Malware Alert!!!

“Attention! We’ve detected malicious activity on your computer. Download antivirus now.”

Spyware, Keyloggers, Scareware (described in example above), Ransomware and more. It seems like malware, or malicious software, lurks around every corner of the Internet, be it in a threatening email attachment or false online advertisement. There are now newer, subtler ways for you and your clients to have their personal data stolen, and few will be able to detect the warning signs of the various types of malware attacks before the damage is done and the data is lost. It is time to teach yourself and your clients how to prevent malware from causing unnecessary problems on your computers and servers.

As your customers’ MSP and trusted IT advisor, malware protection must be high on the priority list. In order to reduce the amount of infected client machines and mitigate the impact of attacks, however, continuous vigilance must be exercised by all. To prevent your business from cyber attacks, end users will have to learn secure browsing habits and Managed IT providers will have to install the highest grade anti-virus and anti-malware software, all while reading up on the latest malware news for security patches and critical malware updates. We explain further in this go-to guide for protection against the viruses, worms, Trojans, etc. that fall under the malware umbrella.

Part 1: How Clients Can Reduce the Risk of Malware Infection

As you know, malicious programs are engineered to compromise systems, steal and exploit personally identifiable information (PII) like financial data and credit card numbers, as well as hold this information captive to extort payment or intel from victims. The costs of downtime and data loss combined with the shattered reputation that results from a malware breach are far too great for small-to-medium-sized businesses to take their online safety for granted. Because of this, you must urge your employees and clients to be cautious in all their web-based dealings, and stress that they adhere to the following security measures, which we’ve compiled from sources, such as McAfee, Kaspersky Lab and PCWorld:

1. Be suspicious when prompted to download or install software

Even if you think you can trust the program because it’s well-established or appears legitimate, that is not always the case. Attackers have become cleverer and know how to cloak their schemes in well-crafted, credible language. The takeaway here is that clients must verify that the software is valid before taking action. Encourage them to open up another browser tab and research the program. Make sure they understand not to click into the original prompt for more information. If the intent is malicious, with any luck, your user will see search results of posts by others warning users not to download the software. To be safe, you may choose to have them run the mystery application by you first. You should be the main purveyor of their cyber health.

What about for cases where the software itself is legitimate, but the version offered isn’t? Unfortunately, attackers have been successful at impersonating common, harmless applications or services, such as Microsoft support. Train your clients to be wary of any – website pop-up ad, email, social media message, etc. – attempt to have them download something. If they’d like to download well-known software like Microsoft, instruct them to visit that company’s website to do it – insist that they don’t click any email links or ads, as these could be phishing schemes and malvertisements in disguise. Furthermore, teach them to look for websites with secure sockets layer (SSL) security. As we describe in How to Keep Clients Safe from Phishing Attacks and Online Scams this Holiday Season, that just means the URL for the page begins with “https://” and not “http://.

Along the same lines…

2. Avoid websites whose legitimacy and security can’t be guaranteed 

This is fairly self-explanatory, but still necessary to reiterate. As you learned in December’s Malware Roundup, Internet users are 28 times more likely to be infected by malware if they use content theft sites. Piracy websites aren’t the only ones with low security, but it just goes to show that destinations like these are hotbeds for cybercriminal activity. Look into software that detects the safety of websites before your clients accidentally click on risky search results. Additionally, encourage your customers to never click any link without knowing its destination. Have them hover over the anchor text to see the link URL as an additional security precaution. It’s simple steps like these that can easily bolster up your clients’ protection from malware and reduce headaches down the road.

3.  Stress that malware can be installed without user intent to download anything

It’s very easy for people to downplay malware concern and dismiss these tips by saying “Fine, I just won’t download anything then.” But your users aren’t in as much control as they’d like to think they are. Drive-by downloads can infect a user’s machine if he or she merely visits a site with malicious code, but doesn’t take any action. Attackers are savvy enough to recognize that their victims may not be easily fooled and that they may have to target other behavior. Take a pop-up malvertisement – yes, they can still get past browser ad block plugins – that offers a software download. Upon reading the first tip above, your user is aware of this scam and knows not to fall for it. What do you think they do? Click the X to close out of the window. No, they didn’t click the link, but they still engaged with the malvertisement ad and could therefore be compromised. Instead, teach them to close out with:

  • Windows Task Manager, if using a PC or
  • Activity Monitor, if using a Mac

4. Take caution when sharing files or opening attachments

Whether they intend to open or share files across email, instant messaging applications or popular file-sharing programs, clients must be certain of the source’s legitimacy. Through intelligent social engineering tactics, attackers often impersonate a trusted authority, such as a coworker, to manipulate and compromise a company’s system. For extra guidance in detecting fraudulent files, McAfee warns not to download files with the extensions .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.

Read Part 2 of “Protect Yourself and Clients From Malware”

The Difference between Backup, Disaster Recovery, and Business Continuity

by

The Difference between Backup, Disaster Recovery, and Business Continuity

If you think “data backup” is synonymous with “disaster recovery” and aren’t sure what “business continuity” means, you’re not alone. Most of the business owners we talk to make the mistake of not knowing the difference and end up paying the price when data is lost, a network goes down or a disaster prevents them from accessing their physical office and the server inside.

First, data backup simply means a copy of your data is replicated to another device or location. Tape drives, offsite backup, online backup and even USB devices provide data backup. Data backup is obviously important but only the beginning.  How fast you can access that data after a disaster is where disaster recovery becomes relevant.

Disaster recovery is the ability for you to recover all your files, software and functionality quickly, easily and without corruption. For example, if your server died, you wouldn’t be able to quickly get back to work if you only had data backup. In order for you to start working again, your server would need to be replaced, all software re-installed, data downloaded and copied, and then the whole system would need to be configured with your settings and preferences. This process could take days or weeks – and that’s if you have all your software licenses and a clean copy of your data.

Then there’s business continuity. This is the ability for your business to continue to operate even after a major disaster. For example, if you ran an accounting firm and your building burned to the ground, you’d be out of business if all your files were on the server only. However, if you had your a backup of all your PCs and servers in the cloud your employees could continue to work from home or some other location, giving your business continuity.

Knowing the difference between backup, disaster recovery, and business continuity is critical if you value your data. You need all three at some level, but at a minimum you need to make sure you have the right cloud backup and disaster recovery system for your tolerance for downtime.  The 6 Most Costly IT Mistakes for SMBs tells you how to calculate your actual cost of downtime. Also, know your recovery time objective (RTO) to within an hour or less. If a documented disaster recovery or business continuity plan is needed, a business impact assessment can be done delineating each step to continuing business operations based on events like power and Internet outages, user error, hardware failure, software failure, flood, fire, lightning, theft, etc.  You should review your system and plan annually.