As a business owner, you are already aware that your company might be vulnerable to attacks by hackers. Your concern is justified because 65% of cyber-attacks are aimed at small businesses. There is a good chance a hacker is using sophisticated software to try and hack your network right now.

Even if hackers haven’t found a way into your system yet, you can be sure that they are trying to find a way to:

• send emails from your email servers that destroy your company’s reputation (spam, porn, confidential customer information, etc.)
• gain access to your accounting and banking systems
• or steal your data and hold it hostage (ransomware) until you pay them an exorbitant amount of money to get your data back.

Did you know that it takes an average of six months for businesses to realize that they have been, or are being, hacked?

After the hack is discovered, it can weeks 6 – 8 weeks disable and remove all the threads of the attack. The attack is removed, but the damage has been done. How long does it take to restore a damaged reputation, or to be trusted again by a vendor or customer who was affected by your hack?

So, why do hackers target small businesses? Some of the reasons are obvious, and some may surprise you.

Here are 4 reasons why small businesses get hacked:

1. Under the Radar

Not every hacker wants to be famous. Most don’t care about getting their conquests splashed all over the news.

Hackers attack small businesses because these companies are less likely to report security breaches and more likely to pay the ransom.

Reporting a breach is damaging to the company’s reputation. A company might prefer to deal with the damage or pay the ransom rather than go public. In fact, in one study, 53% of companies paid the ransom immediately. In addition, what many companies find out is that, even if they report the breach to the police, law enforcement agencies are not cybersecurity experts and can’t be of much help.

2. Complacency

Every business has to prioritize spending. Initiatives that grow the company’s revenue and profitability are the priority. IT upgrades and advanced cybersecurity services and tools aren’t an immediate need so they don’t make the top of the list.

Unfortunately, the reality is that your old security software is not “good enough” to stand up to today’s sophisticated cyber-attacks. “Good enough” makes you an easy target.

3. Employees inviting viruses and hackers

This one is shocking. Research from Stanford University found that 88% of ALL data breaches are caused by employees. Here are a few of the most common ways employees invite trouble:

• Weak/reused passwords – Weak and/or reused passwords are asking for trouble. Because of our bad habits, it’s best to require strong passwords that must be changed periodically
• Access control – When we start working with a new client, we frequently find that front line employees actually have access to company financial and payroll information even though they’ve never looked for it. Their access has not been restricted to only what they need.
• Failure to install updates – Installing updates is a pain and occasionally cause problems, so updates are put off indefinitely.
• Email attachments – An employee opens an email attachment that unleashes a virus on the entire network and they don’t even realize it.
• Unlocked doors – Your system may not require new files to be scanned for viruses/malware (i.e. files received in email or on flash drives). It’s like having a flashing neon WELCOME sign.

Small companies don’t have the advanced skills required and training happens rarely, if ever.

4. You’ve been hacked before

Hackers are like sharks: they can smell blood in the water from miles away. Once the word gets out that you’ve been hacked, and that you’ve paid the ransom, you’ll have hackers lined up around the block. Like a lot of criminals, hackers are looking for the path of least resistance. Once they hear you’re an easy target you’d better prepare yourself for all kinds of cyberattacks.

Take Action

It takes work to be ready in today’s cyber landscape. The steps include:

• a comprehensive cybersecurity strategy
• staying up to date on the latest hacking practices
• acquiring, maintaining and using the latest cybersecurity tools
• a scheduled data backup system that also verifies the backup up data is not corrupted
• training your employees on what to look out for and what to do

Almost every day there are news stories about companies getting hacked, big companies paying millions in ransom. Companies like Apple, Amazon, Target, and Facebook can afford the best security available, yet they still get hacked.

What you don’t hear about is the small businesses shutting down because they’ve been crippled by a cyber-security breach. A shocking 60% of small businesses that are crippled by a cyberattack will not recover.

Make cybersecurity a priority for your business and you’ll increase your chances of staying off a hacker’s watchlist.

Information technology is a tool. If we can help you navigate your way to a more productive, efficient and safe operations, accounting and/or IT system, then you can focus on growing your business.

If you’re serious about protecting your company from being crippled by a cyberattack, check out our website or contact us. Ask for Tim Adornetto to get your no-cost, no-obligation system analysis.

One of our clients (for the sake of privacy we’ll call them Acme Distribution) started with a “break-fix” IT strategy. Acme had computer equipment, a network and some knowledge about how to fix simple issues (resetting passwords, adding a user, etc.).

However, when more complex issues came up (e-mail not working, printers not printing, hardware failures, viruses and network issues), Acme paid service providers to fix those issues. Some months the cost was minimal. Some months the cost was tens of thousands of dollars.

One month a relatively new computer virus cost the company $28,000 because all but a few computers were infected, including their server. Their systems were down for 3 days and only partially working for 3 more days. The costs of system downtime, lost productivity and customer dissatisfaction was in addition to the $28,000 in fees paid to fix the problem. Acme estimated their total cost for this incident was more than $70,000.

There is a Better Way– But Beware!

Acme wanted to find a way for their IT expenses to be stable and predictable. They looked into managed services contracts. They interviewed three companies and entered into an agreement with a provider at what they thought was a reasonable price.

Unfortunately, what they found out was that managed services providers provide two levels of service. In the fine print of their agreement, they discovered they had entered into a network “monitoring” agreement.

Acme’s provider “monitored” their network and provided support up to five hours per month. In the third month of their agreement, after a problem that involved both hardware and a network problem, Acme received an invoice for $18,134 for support above and beyond their “fixed price” agreement.

Beware of the low-priced managed services “monitoring” agreement.

In the following few months, Acme considered hiring two IT employees because they believed it might be less expensive than paying an outside provider. However, they soon realized that their internal solution would be expensive and limited to the knowledge of their two IT employees.

Acme’s CFO attended a webinar about managed services agreements that were truly flat fee, no-surprises agreements. He asked for a proposal and experienced sticker shock when reviewing the proposal. The agreement included everything including hardware replacement for a flat monthly fee – guaranteed.

As he read the proposal, he was shocked to discover that the network assessment done on their IT systems by the professional level managed services provider showed:

• Out of date virus software
• a Trojan horse virus that had given hackers remote access to their accounting system.
• 4 viruses (not yet active) that got into the network by employees copying files from flash drives
• Three network hard drives that were sending alerts about their imminent failure (all at least five years old)
• a cloud-backup solution that had stopped working

If there was any good news, Acme was lucky their system had not (yet) been attacked by ransomware. Ransomware locks and encrypts the company’s data and then demands payment to unlock and decrypt the data.

In the end, after adding up all the costs, lost productivity, risks and likely future issues/costs, Acme found that an all-inclusive, flat fee professional level managed services agreement was far less expensive than any other solution. In addition, it’s a much better solution than relying on the current knowledge of two IT employees with limited knowledge.
Consider your options:

• With “break-fix” agreements, you get low cost, but you take all the risks
• With a “monitoring” agreement, it’s no different than the CHECK ENGINE light on your car’s dashboard
• When you consider:
o the risks, potential downtime, data loss and lost productivity
o along with the assurance that you IT system is always protected and up to date
o AND the peace of mind you’ll have instead of wondering what will go wrong next
a fixed price, no surprises managed services agreement is probably the most cost effective route to go.

If you’re interested in exploring your options, contact us. We would be happy to help.

You might be aware that disasters of varying types can have devastating consequences on businesses. The key to mitigating such occurrences is to have a data recovery strategy plan in place. This means that you have a structured and documented approach detailing how your organization can resume work quickly after an unforeseen disaster. This is an essential tool for your company’s continuity plan and applies to all parts of the organization that is dependent on your IT infrastructure. This data recovery plan will help you resolve any data loss and will allow the recovery of your system’s functionality. This means that you can continue operating your business with minimal disruption.

Types of Disasters to consider

Potential disasters are plentiful. We’re not just talking about hacking and data breaches, but natural disasters too. Being able to handle disasters efficiently means there will be minimal impact financially. Having a data recovery strategy plan will allow you to ensure that all requirements for compliance are met. The plan will also provide a clear recovery roadmap. Here are some of the potential disasters that might affect your businesses:

• Building disaster (Fire, power outage, etc.)

• Communication failure (Due to data breach, hacking or natural disaster)

• Application failure (Outdated hardware, viruses, etc.)

• Datacenter disaster (Hacking, data breach, natural disaster)

• City disaster (Earthquake, tornado, flood, etc.)

• Regional disaster (Power grid outage, wildfires, etc.)

• National disaster (Epidemic)

• Multinational disaster (Pandemic, computer viruses, ransomware)

You can see that this list covers lots of different types of disasters. It’s worth noting, however, that it’s not exhaustive. When making data recovery strategy plans, businesses need to consider their potential individual circumstances. If you’re based in the Midwest, for example, it’s very unlikely that your business will be affected by a volcanic eruption. But there are other natural disasters like floods or tornados that are more likely to happen. With that said, the 2010 Iceland volcanic eruption had repercussions worldwide, so you never know!

Considerations for your Data Recovery Plan

A data recovery strategy plan should begin at the business level. You need to determine what infrastructure is most important to your organization. The plan should implement an RTO (a recovery time objective), which describes how much time each application could be down for as a target.

A data recovery strategy defines your business’s plan for incident response. To determine your optimal data recovery strategy, you must consider the following issues:

• Resources (both facilities and personnel)

• Finances

• Insurance

• Data

• Technology

• Risks

• Compliance requirements

• The supply chain

How to write a Data Recovery Strategy Plan

A business can start its plan by prioritizing a list of contacts and vital software programs so that the most important information is easily and quickly accessible.

The data recovery plan should define each team member’s role and responsibilities in the recovery process. This is so there is no panic or time wasted should an unexpected disaster occur.

There are many important points to write into a data recovery plan. These include:

• A policy statement or statement of intent.

• Specific tasks assigned to staff.

• Goals of the plan.

• Passwords and other authentication tools essential to data recovery.

• Geographical factors and risks appropriate to the local, regional or national area.

• Advice on dealing with the media.

• Legal and financial information with points of action.

A history of the plan – and any amendments that have been made to it.

As you can see, being prepared for these events is not difficult, but it will take some time. It is, however, very important that you take the time to complete it. You should also run through the plan in a mock rehearsal. That way you’ll find out if you’ve missed any steps or if there are gaps in your plan.

The bottom line is, you want to be as prepared as possible for any disaster that causes data loss. After all, keeping your doors open when other’s can’t sure makes you the popular choice over your competitors.

If you need advice or want help to build your data recovery strategy plan, don’t hesitate to contact us. You can book a consultation at any time.

What does disaster data recovery mean? This term describes the method businesses use to regain access to stored information after a disruptive event. Any event, like a cyberattack, ransomware, a natural disaster, or even something new like the Covid-19 pandemic. When data is lost, businesses can employ a variety of methods for their disaster data recovery plan.

How does disaster data recovery work? 

Disaster data recovery relies on the data being replicated in an off-site location that has not been affected by the outage. When a server goes down due to a cyberattack, equipment failure, or a natural disaster, businesses can recover their lost data from a backup location. When the data is backed up on the Cloud, businesses can access their data remotely so they can continue to operate.

What are some key elements of effective disaster data recovery plans? 

We need a plan! A data recovery team will assign specialists to create, implement and manage the data recovery plan. Should a disaster occur, the data recovery team will facilitate communication with employees, customers, and vendors.

Risk evaluations. An effective data recovery plan needs to assess all potential hazards. Depending on the type of disaster, the risk assessment will dictate what needs to happen for the business to resume operations. For example, if there were a cyberattack, what measures will the data recovery team use in response? A natural disaster will require a different response.

Identification of critical assets. For a disaster data recovery plan to be effective, it needs to include a list of all assets. Vital resources, systems, and applications that are critical to the business are at the top of the list. Next, it’s important to have the steps that need to be implemented to recover the data.

Backing up your data. An effective data recovery plan needs strategies and procedures for backups. You should know who will perform the backups and how often they will be done. Those responsible for data backups must also work out the business’s recovery time. Calculate the amount of time the organization can be ‘down’ after a disaster and work from there.

Optimization and testing. The data recovery strategy should be tested and updated continually to protect the business from new threats. In this way, the business will be able to navigate challenges successfully. Planning a response to a cyberattack ahead of time will make sure your team will know what to do.

Types of disaster data recovery 

There are a variety of options when it comes to data recovery. Perhaps the simplest method is backup. Your data is stored on or off-premises, or both for extra safety. However, relying solely on data backup gives minimal protection for businesses. If there is no backup of the IT infrastructure as well, there could be even bigger issues. For example, are your critical programs backed up as well?

 Using DRaaS – Disaster Recovery as a Service

DRaaS is another way in which businesses can protect their data and infrastructure in the event of a disaster. Your business’s computer processing happens on the DRaaS cloud infrastructure. This means that the business can continue to operate seamlessly, even if its servers are down. A DRaaS plan can be either a pay-per-use or a subscription model. A similar solution is Back UP as a Service. But this only backs up data and not infrastructure.

 Why is IT disaster recovery important? 

There exists no business that can ignore disaster data recovery. Having a plan in place for this means that businesses can protect themselves from closure. Most businesses can’t even afford to close for one extra day. With a strategy in place for disaster data recovery, businesses will be able to get back to normal operations much more quickly. They might even be able to continue operating as normal. Why would anyone risk their business without a Backup Disaster Recovery plan?

As your Managed Service Provider, we can assist you with your Backup Disaster Recovery (BDR) plan. You know how valuable your data is. Don’t run the risk of losing it! Contact us today and we can go over our data recovery solutions.