Don't Get Caught w/Your Pants Down
The most important question you can ask your IT person today is "are we protected from a Cyber Attack?" There is a lot of BS going around about this topic and companies are making a fortune marketing various ways to protect your technology systems. Granted, a Cyber-attack is no fun and can be very expensive. And with the growing network of cloud base processes, the attacks are going to be more frequent and severe. Especially in the summer when the kids are out of school! That's right "kids".
So what can you do? Below are several tips that help abate the probability of an attack from cyber criminals.
Backup, Backup, Backup - The best defense if you get attacked by a cyber-criminal is to be able to replace your system and restore your backup. Even though this sound simple, most companies today if they were to ask their IT person to "prove" their backup/restore of their servers would find errors and issues with getting back on line. My understanding was that the Colonial Pipeline hack took a week after the ransom was paid to get their systems back up to speed due to incomplete backups. Lots of the data had to be re-entered!
So how do you prepare you ask? Cal your IT person today and tell them you want your complete system restored from yesterday's backup, on another server! If this fails, fire your IT guys. You don't want someone managing your technology who mismanages your backup. Measure the restore by how long it takes and quality of the restore. Can it put you back on line without any extra effort.
Also, look at a redundant solution if you have a large network. Mirror your servers off site so that you will be able to transfer over and pickup from the last mirror event. This might be a bit pricey, but, ransom demands on small business can be very expensive.
Protect your network - Make sure your network managers take every precaution when building the intra/extra network. Routers and software today have many tools to monitor and alert you to attacks made by the crooks. Make sure your employees are trained on the proper use of technology to minimize the exposure. Focus resources on the defensive posture of your company, much like you do with your security system. Matter fact, it should be part of the security policy of your company.
If you are using cloud solutions and do not host your own network, then make sure you evaluate your hosting company for their security policies. If your hosting company does not have a ransom mitigation strategy, or a detailed security policy that they can provide you, or will not sign a security certification with you, DON'T use them. The last thing you want is to have a cloud application that you depend on daily to get hacked. Generally, you don't backup those solutions so you are at the mercy if your hosting company!
Develop a plan - the most important thing you can do is to start talking about your security policies in management meetings. Don't take for granted that your protection is being managed, because it probably isn't. I use to say to folks "If someone wanted to get your information, it would be easier to break in and steal your server"….this is no longer the case. Ransom demands and other forms of cyber-crime rewards now make even the smallest business a target.
Make sure you research, document, and implement a security plan that includes cyber protection. Also, include a "fire drill" at least once or twice a year to make sure you are ready for a breach in your network.
To conclude with a story. Many years back, I developed a backup plan for a client that included a tape machine that could backup his total hard drive (data and programs). I told him in the event of a disaster I could reload the operating system on a new server, then restore the backup and within 1 day have him back up and running…at least single user. Unfortunately, he did not follow the most critical piece of the strategy…to swap tapes and store them off-site.
Well the day came and someone broke into his office and stole his server. Since the only backup tape was in the machine, he did not have a backup. Thank goodness the police were able to apprehend the thief and return the server the next day…with the backup tape still in the server.
Hope this information was helpful! Visit Jorco.Biz for more blog post and if you would like a free consultation to discuss how Jorco Consultants can help you plan your business technology for the future…give us a call.