Back again with the second post of the month!
Users of the Sidekick and Bing have come to learn the importance of Disaster Recovery. Bing users were definitely inconvenienced by the power outage at the sole location of Bing service resources. Sidekick users had it a bit worse; losing all contacts and other information from their devices.
FBI Director Robert Mueller was nearly duped by a phishing scheme when he received a bank email faked by a scammer.
Downeast Energy wasn't so lucky, and lost about $150,000.00 when an employee fell for a phishing scam email.
This year seems to have a nasty trend of some of the biggest and most powerful technology companies in the world failing to do the most simple of proactive steps. Backup. Redundant power, network and storage systems. Training users to identify phishing attacks.
You evaluate each system you use in your business for effectiveness to your profitability against it's cost. It's important that everything you use brings the best of both worlds.
Unfortunately, we have to cut corners during these hard times and we have to risk those costs by not doing complete backups every day, choosing not to have redundant power systems or mirroring data between live servers far removed from your business.
There are lower-cost ways to address these issues and get a better return on your Disaster Recovery dollar. The trouble is that DR is a booming business right now and there aren't too many options out there which are gentle to your bottom line. Another approach is needed when we can't use technology to hand-hold us through a problem.
Technology alone won't solve Management & Training problems.
In the 90's we had a great time solving all our problems with money. If you had a problem and a piece of technology would solve it, we would buy it right up. No assessments needed; and if it didn't do what it said it would, someone's product would.
I don't know a single part of our economy today which can afford such practices today. Despite that, there is still that prevailing attitude. One needs to take a step back and really analyze the problem, and critically review every part of it.
You are running out of space on the file server? What's being stored there? Who is storing it? How many copies of each file do you have? Is there data which is only read and not changed or added to?
Maybe you just need to have your users stop putting MP3's on the server. Perhaps you have 3 project team members saving all the same email to the same folder but never knew they were all copied on the messages. Maybe there's data there which you only want to review for historical purposes and it could be placed onto a low-cost NAS instead of your live file server. You might just eliminate enough redundant data to prolong your storage solution until the next FY!
How much did that cost? Probably nothing but the time for you IT person (and/or a qualified and vendor-independent consultant) to sit down with you and have a quick look at your infrastructure.
Much cheaper than a $10,000 data deduplication server and some additional management software on a yearly subscription!
Get back to basics.
Do a scan of your disks. Run defrag. Clean up temp files. Test your backups monthly. Schedule some downtime to clean the dust out. Maintenance is pretty cheap when you think about it, and it really reduces your risk. If you aren't taking the time to be proactive your risk factor goes up tremendously.
Training, training and more training!
If you have been working with computers for more than 5 years you know that everything about technology becomes obsolete about the same time as you finally feel you have been able to master it. The next version of office productivity software, graphics application or gadget comes out and you are back to square one.
Changing even faster is the IT security industry. It changes and conforms to how hackers, spammers and scammers attack IT infrastructure. Unless you are spending as much time keeping up with security as you are productivity & gadgets, you can now be dangerously behind the curve.
While security suites which monitor your activity can be effective, many times the methods they use can actually reduce your productivity by throwing up roadblocks and 'yes I'm sure' dialog boxes. You can go a long way to protect your business by training your employees to properly identify and protect themselves about these kinds of threats. Even just making them aware that there's a new phishing email out there from Acme Bank could probably save you and your employees a lot of grief.
You can even encourage your users to subscribe to security newsletters like Ouch! which are written with the common user's skillset in mind; without a lot of technical mumbo-jumbo.
You really are on your own.
Microsoft, Adobe, Google, and other large companies might claim to have a vested interest in keeping your data safe and secure, but consider it a value-added service which is vulnerable to budget cuts like everything else.
Spend the time researching the products you come to rely on before you are in a situation where you could be more than disappointed. Preparation for disaster is a not a one-time job. It requires constant update and review in order to make sure that anything you add, change or remove from your environment is properly addressed.
In closing, it's really not as bleak as it might seem. Sure, we don't like thinking about disasters; we've had a fair share of them over the last few years. The investment of time and effort is worth it. There is a lot of comfort knowing that you are prepared, and you might at least be able to read this article again without sweating.
Labels: advocacy, disaster recovery, security, small business, training