What to Do When… You’re Out of Office for the Holidays

With the holidays right around the corner, many businesses will be taking time off next week. Use the checklist below to make sure your office stays safe during the holiday break.

  • Send a friendly reminder to clients and staff members. Whether or not your business is staying open during the holidays, it’s best not to leave your staff and clients guessing. Go over the holiday work schedule with your staff and inform your clients of any revised holiday dates and hours.
  • Set your Out of Office Assistant. Remember to provide recipients with alternative associates’ contact information in case of an emergency.
  • Update your voicemail recording. Let callers know you’re away from the office and provide them with information about who to contact in your absence.
  • Review your disaster recovery plan. Unless you’re in the retail industry, business demands tend to slow down during the holidays. Take this opportunity to assess, upgrade and modify your business continuity procedures.
  • Turn off office equipment and decorations. If you and your staff are going to be out of the office for an extended time, unplug printers and computers to save on electricity costs. Also, remember to disconnect any office decorations and throw out flammable trees that could potentially cause a fire if left unattended.

Have a safe and prosperous holiday break!

Discover Your Tornado Risk

The Southeast is on alert for rare winter tornadoes after storms touched down in Alabama, Lousiana and possibly Mississippi. Although winter tornadoes are rare, tornadoes can and do strike at any time off year, so it’s important that you make sure your business is prepared with a safe room and thorough business continuity plan.

To assess your tornado risk, check out the Insurance Institute for Business & Home Safety’s tornado frequency map.

Part 5 — $22 Million Worth of Reasons Why It Pays to Comply with Regulatory Organizations

So far in this series we’ve discussed four different organizations who have cumulatively racked up nearly $7.3 million in fines. Just to recap, we’ve seen:

  • A financial services firm penalized for failing to incorporate adequate business continuity measures
  • A cardiac care clinic called out for publicly posting patient appointments online
  • A financial giant caught overcharging its customers and failing to provide required notices
  • A healthcare practice chastised for refusing to provide its patients with copies of their medical records

This next organization tips the scale, so to speak, receiving the largest fine out of all the companies included in this series.

Morgan Stanley — $15 million

As you’ve already seen in Part 1, Morgan Stanley is no stranger to regulatory fines. In 2002 Morgan Stanley, along with four other firms, was fined $8.3 million for not complying with the Securities and Exchange Commission’s (SEC’s) email retention policies.

History repeated itself in 2006 when the firm failed to produce thousands of copies of emails in relation to an investigation into the firm’s Wall Street business practices. When Morgan Stanley was unable to come up with the emails, the SEC produced a $15 million fine for the firm.

The Takeaway

While each of these organizations mentioned in this series found itself in hot water with regulatory authorities for slightly different reasons, there is one important lesson companies can learn from each of these examples: When it comes to regulatory requirements, it pays to comply.

The next time your business is tempted to cut corners, take a look at the number of zeroes listed in these real-life scenarios. The fines totaled more than $22 million. Is that in your company’s budget?

Prevent Your Pipes from Bursting

As low temperatures return, so does the likelihood that frozen water pipes will burst. A crack as small as 1/8 inch can release up to 250 gallons of water per day, leaving your business vulnerable to flooding, serious structural damage and mold.

Take note of these tips from Nationwide to prevent pipes from freezing and bursting:

  • Turn on the tap to relieve water pressure.
  • Leave the heat on overnight.
  • Open cabinets under the sinks to keep warm air circulating to the pipes.
  • Seal cracks to keep cold air from leaking inside.
  • Wrap the pipes with insulation sleeves if they aren’t in areas that can receive warm air.
  • Drain the pipes by shutting off the main water valve and turning on both taps until they are empty.

Cold weather does not have to mean disaster for your business. Taking preventative measures to keep your pipes from freezing can help you keep your business above water.

What to Do When… You’re Putting up Lights for the Holidays

The holiday season brings not only warm feelings of cheer to your staff, but the potential for an electrical fire. Flickering lights, warm wall switches or outlets and lights that dim when other appliances are turned on are some warning signs of fire hazards.

So before hanging up your business’s holiday lights this season, we recommend observing the U.S. Fire Administration’s safety tips below.

  • Inspect decorative lights for:
    • Frayed wires
    • Bare spots
    • Gaps in insulation
    • Broken or cracked sockets
    • Excessive wear
  • Don’t overload electric circuits by plugging long strings of lights into one outlet.
  • Check your fuse box to see how many amps each circuit can handle.
  • Invest in a surge protector strip if you need multiple outlets to plug in lights.

To make sure that chestnuts are the only thing roasting over an open fire this season, visit here for more holiday safety tips.

Part 4 — $22 Million Worth of Reasons Why It Pays to Comply with Regulatory Organizations

In Part 3 of our regulatory fines series, Merrill Lynch demonstrated how important it is for businesses to stay within their regulatory parameters — especially when those regulations directly affect customers. Like Merrill Lynch, one healthcare organization learned this lesson the hard way.

Cignet Health — $4.3 million

Between September 2008 and October 2009, 41 patients filed complaints again Rockville, MD healthcare practice Cignet Health.

The practice had refused to provide patients with copies of their medical records, even when the U.S. Office for Civil Rights (OCR) issued a subpoena demanding that Cignet produce the records. The fine for this violation was $1.3 million. It was only after the U.S. District Court obtained a default judgment against Cignet on March 30, 2012, that the practice produced the records.

In addition, Cignet refused to cooperate with the OCR’s investigation from March 2009 to April 2010, which earned the firm an additional HIPAA fine of $3 million, bringing Cignet’s total fines to $4.3 million, and the running total for this series to $7,275,000.

Don't miss the final part of this series next month!

Manhattan Recovers from Hurricane Sandy

After Hurricane Sandy, we deployed numerous Mobile Recovery Centers along the East Coast to aid in customers’ disaster declarations. A recent declaration brought us to Manhattan, where we found streets crowded with debris, gutted buildings, generators parked along the curbs and relief providers working overtime to get companies up and running again.

Learning From Hurricane Sandy: Are You Prepared for a Disaster?

In the wake of Hurricane Sandy, businesses are reminded of how important it is to be prepared for a disaster. Knowing what steps to take after your business is affected by a natural disturbance like Sandy is crucial to helping your business recover. You can start by asking yourself the following questions, courtesy of speaker, consultant and author Barry Moltz.

Assess the Damage

  • Have any of your employees been affected by the disaster?
  • Can you find other staff members to remotely replace absent employees?
  • Has your building been damaged?
  • Are the utilities in your facility still connected?
  • What is the state of your computer infrastructure and data?
  • If customer, product or vendor data has been lost, how can it be restored?

Do a Serious Financial Evaluation

  • How much cash does your company have on hand to repair any damage?
  • Have you estimated enough money for a restart?
  • What damage will your insurance cover?
  • How soon will your insurance company pay the claim?
  • Will the insurance claim cover all the damage costs?

Restart in Sequence

  • Is your customer, product and vendor data accessible?
  • Can the data be run on a system compatible with your business’s network?
  • Do you have employees with the necessary skills to restart your business?
  • Have you contacted your vendors to see if they are able to deliver the office technology your business needs within your recovery time frame?

Look for Disaster Assistance

  • Have you sought federal, state, community or relief assistance?
  • Do you have a plan for recovering your business without assistance?

If you found these assessment questions helpful, view the full article from Barry Moltz here.

Hurricane Sandy

Hurricane Sandy has affected millions of residents and businesses along the East Coast, including many of our clients.

After the storm, some of our clients reported that the widespread power outage made it impossible for their employees to work from home. Others were unable to reach the upper floors of their offices, so they could not access their office technology. Lastly, we heard from a few of our clients whose facilities and Internet connections were still intact, but their voice circuits were down.

Thankfully, each of these clients had a flexible disaster recovery plan in place. We were able to help them restore their power, voice and data connectivity by delivering generators, Quickship technology equipment and mobile workspaces.

Our Mobile Recovery Centers are not only being used as temporary office space, but are also currently supporting Central Offices and serving as the staging areas to configure servers and network equipment for several major cities along the East Coast.

As we continue to restore our clients’ business operations in the affected areas, our thoughts are with all those who were caught in the path of Hurricane Sandy. If you would like to donate to the areas that need help during this time, please visit www.redcross.org, call 1-800-RED CROSS (1-800-733-2767) or text the word REDCROSS to 90999 to make a $10 donation.

Turning on Your Heater in the Winter

During this time of year, a few things are inevitable: leaves changing color, shorter days and colder temperatures. As the mercury drops on the thermometer, people are switching off the air conditioner and cranking up the heater. Here are a few things your business should keep in mind when turning on its heater this season:

  • Do not wait until it is freezing out to rev up your heater. Many companies discover that their heater is out of commission after the cold weather has already arrived.
  • Check your filter before starting your heater. Clean filters help your heater operate at its peak efficiency.
  • Once turned on, does your heater:
    • Emit a burning smell?
    • Sound like it is struggling?
    • Vibrate at the ducts and walls?
    • Show a carbon monoxide reading above 30?
    All of these are signs of a potentially hazardous condition. Turn the system off immediately and have it checked by a North American Technician Excellence (NATE) certified heating technician.
  • If your heater is 15 years or older, consider replacing it. An old system, even in good condition, may use only 60 percent of its available heat to warm the building.
  • Have your system professionally inspected and tuned up annually. A properly maintained heater works more efficiently and reduces your energy usage.
Prevent expensive repairs and downtime by taking care of your heating system, so your business is not left out in the cold.

How a Disaster Recovery Plan Can Help Your Small Business Survive

On the afternoon of May 22, 2011, a tornado ripped through Joplin, MO, leaving a mile-wide path of destruction behind. The office building of SNC Squared was completely demolished.

“After the tornado, I could do a 360 degree turn and there was nothing left standing,” said CEO John Motazedi in a recent article by smallbusinesscomputing.com.

Within five hours of the tornado leveling his office, all 10 SNC Squared employees were accounted for and the IT services company was back up and running. After 72 hours of coming back online, the company had all of its clients in a position to conduct business. According to Motazedi, SNC Squared was saved by the company’s 10-page disaster recovery plan and its off-site data backups.

While many business owners do not implement disaster recovery plans because they think the chance of a disaster affecting their business is small, it’s important that every business plan for the unexpected. Unfortunately, more than 25 percent of small businesses that close after a disaster do not reopen, says Barbara Goldberg, owner of Back on Track Solutions.

Motazedi and Goldberg agree that it is the small-scale disasters, rather than regional natural disasters, that will most likely affect your business. But an electrical fire, power outage, flooded office or failed hard drive with no backup can force you to send employees home and hang up your closed sign.

“The one thing I’ve always said is that if you’re not prepared you’re going to be surprised. And I’d much rather be prepared than surprised,” said Motazedi.

For some best-practice tips to help small businesses get started in creating a disaster recovery plan, visit smallbusinesscomputing.com.

We’re Ready for Hurricane Sandy — Are You?

Hurricane Sandy, a strong Category 2 hurricane, is currently headed for the East Coast, where inhabitants will soon experience rainfall up to 5 inches and winds blasting over 50 mph.

By Tuesday morning, the storm is predicted to breach the shores of New Jersey and, according to forecasters, broaden its reach to the coastal areas from Florida to Maine.

Our clients have put disaster recovery plans in place in preparation for natural disasters such as Hurricane Sandy so that they can truly feel calm before the storm. We would like to remind our clients within these regions to have our declaration number and an up-to-date schedule of your contracted resources readily available and to review your list of authorized declaration representatives.

If your business is affected by Hurricane Sandy, or you expect it to be, have your authorized representative contact us as soon as possible. We’re ready to help your business survive.

What to Do When... Your Business is Burglarized

It’s a business owner’s worst nightmare: someone breaking into your business, leaving you and your team with no computers or office equipment. What should you do to prepare for such a scenario?

Create a Burglary Response Strategy

First, recognize that burglary response strategies require planning and coordination. Think about how you might react in a burglary situation and create a plan of action. Incorporate this strategy into your business continuity plan and make sure your coworkers and employees are apprised of the action steps they’ll need to take in the event that your business is burglarized (e.g., calling the police, taking inventory, etc.).

Have Important Equipment and Resources on Standby

To prepare for such a serious disruption, determine what equipment and resources are crucial to continuing your business’s operations, and then contact your disaster recovery services provider to make sure they have duplicate equipment and resources at your disposal.

If any of your equipment is stolen, you can use the equipment provided by your disaster recovery service while you are attempting to recover your stolen equipment or negotiating with your insurance company for funds to replace the equipment.

With proper planning and preparation, your business doesn't have to suffer extended downtime in the event that it is burglarized.

Part 3 — $22 Million Worth of Reasons Why It Pays to Comply with Regulatory Organizations

In Part 2 of this five-part series dealing with regulatory fines, Phoenix Cardiac Surgery received a $100,000 fine for an HIPAA violation after the practice posted its patients’ appointments online. While Phoenix Cardiac found itself in hot water as a result of releasing too much information, this next company made the mistake of withholding important data.

Merrill Lynch — $2.8 million

In June 2012 the Financial Industry Regulatory Authority (FINRA) fined Merrill Lynch $2.8 million for overcharging 95,000 customer accounts more than $32 million dollars in fees and for failing to provide required trade notices due to programming errors. On top of these hefty offenses, during the investigation, FINRA also found that Merrill Lynch failed to provide business continuity plans.

Keep checking back for Part 4!

It’s Not Just the Leaves That Are Falling

Late fall and winter are the seasons for some of nature’s most severe weather. One of the dangers businesses face during storms is falling trees and limbs. For instance, if a branch crashes through a company’s roof or windows during a natural disaster, rain can pour in and ruin computers, printers, fax machines and other office equipment.

To determine if trees are at risk of falling during a storm or strong wind, watch for these signs:

  • Tree branches with V-shaped forks, which can split more easily than branches with U-shaped forks.
  • Indications of structural weakness, such as peeling bark or gaping wounds in the trunk, that can make the tree more likely to fall.
  • Trees that are in contact with power lines, putting your business at risk of power outages, fires and other damage should the tree fall.

If any of the trees around your business pose a danger to your business or employees, take the proper steps to remedy the situation:

  • Have branches or trees that are broken or in danger of falling removed.
  • Have trees pruned to control size and growth direction to protect your employees, customers and property. Be aware, however, that over-pruning can weaken trees.

Taking care of the trees around your business can prevent unnecessary and expensive downtime. Make sure that leaves are the only things falling around your business.

What to Do When… There’s a Flash Flood

Floods are the most common natural disaster in the United States, but not all floods occur in the same way. Some accumulate slowly after a long period of rainfall, while others develop in a matter of minutes. These unexpected, quickly forming waters are known as flash floods.

Besides bringing with them a dangerous wall of roaring water, flash floods also carry many hazardous materials, such as rocks and debris. With the potential dangers of a flash flood, it is important to be prepared.

First and foremost, stay informed on the situation. Keep up to date and know the difference between a flash flood watch and a flash flood warning.

Secondly, you will want to secure your home or business by moving important items to higher ground and making sure your business has a thorough business continuity and disaster recovery plan.

If you are evacuating, try to avoid flooded areas as much as possible. Six inches of water can knock a person off their feet and will reach the bottom of most vehicles. One foot will float many vehicles and two can carry them away.

When in doubt, play it safe. Flash floods present many dangers to our health, safety and
well-being. They pose threats not only to personal lives but to businesses as well. By staying informed and prepared, businesses can minimize the after-effects of the impending disaster.

For more detailed information on how to be ready for a flash flood visit www.ready.gov/floodawareness and www.readypa.org/potentialemergencies/floods/.

Part 2 — $22 Million Worth of Reasons Why It Pays to Comply with Regulatory Organizations

Last month, we introduced Part 1 of our five-part series dealing with regulatory fines. If Capital Market Services’ $75,000 fine from the National Futures Association didn’t send you into cardiac arrest, keep on reading.

Phoenix Cardiac Surgery — $100,000

In February 2009 the U.S. Office for Civil Rights (OCR) began a Health Insurance Portability and Accountability Act (HIPAA) investigation of Phoenix Cardiac Surgery, a small Arizona-based physician group, after receiving a notice that the group was publicly posting doctors’ appointments on its website. What had most likely started out as a matter of convenience for the practice soon became a hassle, as the investigation lasted three years.

The OCR found that the group had failed to perform a risk assessment, appoint a security official, create a plan for protecting patient information and inform employees of that plan. Phoenix Cardiac ultimately received a $100,000 monetary sanction.

Don't miss Part 3 next month!

A Disaster Recovery Nightmare from ‘Toy Story 2’

“I can’t look. Could somebody please cover my eyes?” says Rex, the toy dinosaur in Pixar’s “Toy Story 2.”

Oren Jacob, who was then an associate technical director for “Toy Story 2,” was probably thinking the same thing as Rex when he watched a moviemaker’s worst nightmare unfold before his eyes.

After two months and hundreds of hours of work, someone executed an incorrect command on the servers where all the movie’s files were stored. Jacob and his colleagues were forced to watch most of the movie vanish before their eyes as the files were deleted.

The team turned to Pixar’s backup tapes to restore the files. All seemed well until the filmmakers realized a week later that there was a problem: They weren’t working on the most recent version of the movie. At the time, the backups were not continuously tested, and the team realized too late that the tape backups had been failing for the past month.

But by a stroke of luck, Supervising Technical Director Galyn Susman, who had been working from home, had a copy of the entire movie stored on a computer at her house. If it hadn’t been for her, the company wouldn’t have had a backup at all.

After this disaster recovery debacle, the systems administrators re-evaluated their data backup strategy.

Pixar learned some important lessons the hard way:

  • Test your backups.
  • Store copies of your files in multiple locations.
  • Test your backups again.

Click here for the full story.

National Preparedness Month: Pledge to Prepare

September is National Preparedness Month. This year's theme of “Pledge to Prepare” urges individuals and businesses to stay informed about emergency preparedness and prepare their homes and organizations for disasters — not just this month, but throughout the year.

Take a moment to join thousands of participants across the United States in making the Pledge to Prepare. If you are a Rentsys Recovery customer, be sure to thoroughly review your business continuity plan and, if you haven’t already, schedule a test to ready your business for the unexpected.

Stay informed and be prepared!

Hurricane Isaac Flood Safety Tips

When Hurricane Isaac made landfall on the Gulf Coast this week, it brought heavy rain and flooding, leaving many neighborhoods underwater. As the floodwaters recede and evacuees prepare to return home, it’s important to be aware of some tips for staying safe in the flood’s aftermath.

Avoid Driving Through Flooded Areas

As little as six inches of moving water can cause you to lose control of your vehicle.

Be Aware of Sanitation Hazards

Floodwaters may contain overflow from sewage systems and runoff from industrial waste products. Use caution when handling items exposed to floodwaters.

Have Supplies Ready

FEMA recommends keeping a supply of nonperishable food that will last for three to 14 days. Also have a gallon of water per person per day available.

Read more FEMA flood safety tips here.

Promote Workplace Safety This Labor Day

More than 100 years ago, in June 1894, Labor Day was approved as an official holiday to celebrate the American trade and labor organizations who have contributed to the strength, prosperity and well-being of our country. As a result of the efforts of those involved in the labor movement, we have safe workplaces, work fair hours and receive adequate wages.

Whether you’re laboring or relaxing this Labor Day, take a moment to reflect on what this celebration means for American workers. Be sure to do your part to protect your employees’ work environment by following these important tips:

  • Make sure your facility meets The Occupational Safety and Health Administration’s most frequently cited standards.
  • Establish a business continuity plan that’s tailored to the specific needs of your industry and educate your employees on what to do during a disaster.
  • Review your safety guidelines each year to evaluate if any modifications need to be made.

Have a safe Labor Day!

What to Do When… There’s a Wildfire

This year, there have been approximately 40,000 wildfires that burned 4 million acres of land, threatening precious wildlife, homes, businesses and lives. In July 2012 alone, there were 9,869 wildfires. They often begin unnoticed and spread rapidly, igniting anything in their path.

Here are a few tips for reducing the risk of your home or business being destroyed by a wildfire:

  • Assemble an emergency kit and create a family communication or business continuity plan.
  • When building your home or business, design it with fire safety in mind.
  • Ensure that your business data is backed up and that you can restore the data.
  • Close all indoor and outdoor openings, connect water hoses and fill anything you can with water.
  • Gather all important documents and belongings and put them in the car for quick departure.
  • Move flammable items and furniture to the center of your home or business facility and turn on all the lights. 

Wildfires, unfortunately, are going to happen, and as with any disaster, the key to surviving them is to be prepared with a plan, both for your home and your business.

For more information on wildfires please visit www.ready.gov/wildfires, www.firewise.org/ and www.ncdc.noaa.gov/sotc/fire/.

We’re Preparing for Hurricane Isaac

Hurricane Isaac is brewing in the Gulf, and its path is frighteningly similar to Hurricane Katrina’s path seven years ago. As the storm approaches, we’re positioning our resources to be ready to come to the aid of our customers on the Gulf Coast. We’re preparing for the worst and hoping for the best.

We want to make sure our customers are prepared as well. Keep our declaration number handy, review your list of authorized declaration representatives and make sure you have an up-to-date copy of the schedule of resources your company has access to.

If your business is affected by Isaac or you suspect that it will be, have your company’s authorized representative give us a call as soon as possible. Our support staff is standing by, and we’re ready to help you get up and running again.

Five Disaster Recovery Lessons from Hurricane Andrew

Today marks the 20th anniversary of Hurricane Andrew, a category 5 storm that swept a
25-mile-wide path of destruction across Florida’s Miami-Dade county. Andrew left behind $26.5 billion worth of damage. In all, 82,000 businesses were affected.

While some businesses were forced to close, Frank Gromling had the foresight to create an emergency management plan and was able to keep his business afloat in Hurricane Andrew’s wake. Gromling shares the story of his business’s recovery in a recent article on FlaglerLive.com.

From it, we’ve gleaned five important disaster recovery lessons to bear in mind for your
own business.

Designate a command center

“I wanted a meeting to implement our recovery plans, but had no place to hold it.”

Like Gromling’s business, your company may have a recovery plan in place, but it’s important that your business’s management designate a command center where, after a disaster, they can start implementing next actions specific to the disaster scenario.

Locate an alternate facility ahead of time.

“I knew we had to re-establish a Dade County office and realized that hundreds of other businesses struck by the storm also would be seeking space.”

During a large-scale disaster, any available office space will be immediately snatched up by businesses looking for a facility in which they can resume their business operations. To bypass resource shortages, contract a hot site facility or mobile office space in advance with a reliable business continuity provider.

Have a plan for giving your employees access to cash.

“About half of my people said they could not come back to work until they settled their personal situations. I knew this would be weeks or months. They needed housing, food, water, clothing, gasoline, and medicines. I realized that, most of all, they needed cash. With the electrical grid destroyed, banks and credit cards were useless in our half of Dade County.”

Access to cash is vital after a disaster, especially if there is an extended power outage, rendering electronic payments useless. Obtaining cash can be a difficult process if banks and credit unions are unavailable. Keeping a supply of cash on-hand to help employees stabilize their own recovery will increase the likelihood that they will return to work more quickly, ready to aid in the restoration of your business.

If you manage a bank branch or credit union, it is essential that your business continuity plan incorporate an alternate facility (see above) in the event that your primary facility is damaged by a disaster. The sooner your branch is able to reopen, the less likely your customers are to take their business to another branch. Depending on the level of damage to the area, some mobile recovery solutions may even allow your branch to reopen on your premises.

Obtain access to hardware for data restorations.

“Fortunately, our company had a policy of recording two copies of our computer files each day, with both disks going home, one with the office manager and one with me. From my international security experience with businesses and governments in high risk countries, I knew the value of having important records off-site. The only problem we had now was there were no computers onto which we could re-store the data. Ours were strewn about the office, rained on, and had ceiling mush blown into them.”

We can’t reiterate enough the importance of backing up data and storing it off-site. However, if you have no equipment to restore the data on, your backups are effectively useless to you.

Determine the type (computers, servers, hard drives, etc.) and quantity of hardware you would require in a disaster scenario. Either purchase the equipment or locate a provider that can deliver the equipment to you within your recovery time objective in the event of a disaster. Often, it’s more cost-effective to simply contract equipment from a disaster recovery provider for use upon a disaster declaration.

Have a plan.

“We had survived and, together, we were not just rebuilding our company but actually building a new company that would be better in every way for ourselves and for our customers. That is the major lesson we learned from Hurricane Andrew. That, and the importance of having a plan.”

The quote above says it all. Have a plan. Period.

Twenty years after Hurricane Andrew’s devastating landfall, Gromling has presented a timely reminder that business continuity planning can mean the survival of a business. To read the full article, click here.

Part 1 — $22 Million Worth of Reasons Why It Pays to Comply with Regulatory Organizations

Due to budget pressures, many executives break into a cold sweat at the mention of regulatory compliance. For many organizations, cutting corners takes precedence over meeting the requirements imposed by regulatory authorities such as the U.S. Office for Civil Rights’ HIPAA Privacy and Security rules and the Securities and Exchange
Commission (SEC).

But if you think following regulations can be costly, try breaking them. As Bloomberg Businessweek reported, a recent blunder by financial giant Morgan Stanley earned the firm a $5 million fine in June 2012 from the Commodity Futures Trading Commission and a $1.75 million fine from the CME and the Chicago Board of Trade to resolve claims over
record-keeping violations. It seems you can’t afford not to comply with regulations.

To protect your business from hefty financial penalties and damage to its reputation, you must ensure that your business complies with every aspect of regulatory requirements, whether it be protecting financial or health records, implementing a business continuity plan or providing clients adequate access to their personal information.

Not convinced? In this five-part series, we’ll be sharing more than $22 million worth of real-life examples where companies made the mistake of attempting to fly under the radar and met with regulatory run-ins that resulted in costly fines.

Capital Market Services — $75,000

New York-based Capital Market Services, a futures commission merchant, was slammed with a $75,000 fine from the National Futures Association (NFA) in May 2011.

The reason? After a series of 11 system outages in less than a year, Capital Market had failed to notify either its customers or the NFA of the power failures. As a result, customers were either kicked out of the online system or were unable to log in at all, leaving them unable to create or manage orders.

Under the NFA, Capital Market had been required to have a business continuity and disaster recovery plan in place that allowed for the possibility of a system outage due to activity that exceeded normal peak volume. Had Capital Market employed redundant systems, it could have resolved the issue of the system outages.

As it turned out, Capital Market had at one time employed both a primary and backup facility. However, Capital Market dropped the ball in November 2009, when it severed ties with its primary facility and began using its backup facility as its primary facility. To cut costs, Capital Market did not secure another backup location.

Stay tuned for Part 2!

Year of Misfortune: Top 12 Billion-Dollar U.S. Disasters

On March 2 and 3, citizens of nine states in the Midwest and Southeast faced what could only be described as a swarm of tornadoes. Over two days 131 tornadoes were reported. They caused $1.5 billion in damages and were the first of what may be yet another year of billion-dollar disasters.

Many will recall that during 2011 billion-dollar disasters seemed to come a dime a dozen. Twelve different disasters amassed a toll of over $1 billion apiece, with a grand total of over $50 billion. The number of billion-dollar disasters in 2011 broke the previous record from 2008 by four disasters. According to a United Nations report, the frequency of mass weather calamities is “virtually certain” to continue.

Check out Bloomberg’s recap of 2011 disaster misfortune here.

What steps have you taken to prepare your business for disaster?

When was the last time you tested the RESTORE part of your data backup and restore process?

Making a disaster recovery plan may be a headache for IT techs, but it becomes a nightmare when data that was assumed to be secure failed to back up in the first place.

Backup failures take place far too often but can be avoided by testing the data restoration process before disaster strikes. When deciding how often to test the restoration process, the determining factor is the volume of data.

For individual files, a weekly restoration test is wise. On a monthly basis, it is prudent to test large sections of data. Finally, a full system restoration test should be conducted twice a year. By testing at multiple stages, you can uncover and solve any unforeseen issues before they threaten to destroy your business.

To learn more about our data backup and recovery solutions, visit www.rentsysrecovery.com.

Disaster Recovery Testing: Network Outages Are Like Radio Silence On The Far Side Of The Moon

Do you have a resilient and tested network recovery communication solution in place? Imagine the tense moments during the Apollo 11 mission when, for 48 minutes out of each orbit, there was complete radio silence while the spacecraft transited the far side of the moon. Imagine the engineers, computers and logistics that came to an absolute standstill while awaiting communication from the spacecraft after it emerged from the other side of the moon.

The radio silence experienced during the Apollo 11 mission is similar to what many businesses encounter when attempting to communicate with their branch offices during a disaster. Without network communication, all engineers, computers and logistics slow down because the status of other facilities is unknown: Was there any damage to the facilities? Do employees need help getting desktops and servers running again? What works and what doesn’t? You must test your communications and, as with any test, the more the test reflects real-world conditions, the better.

Some companies request that satellite phones be accessible during network outages, but often don’t realize that satellite phones don’t work inside of a building or car. Then there’s the hurdle of finding a power source to recharge the phone. Problems such as these can occur during the most critical time of recovery if you don’t have a tested communication solution in place.

I have also seen some companies avoid rerouting voice and data circuits for fear of causing problems when swinging them back to production mode. While this is a valid concern, I would suggest that this is exactly why you test.

The more comfortable you are with learning the problems of rerouting circuits, the more agile you become and the more experienced your network technicians become. When a disaster hits, you do not want to be making guesses about what will work and what will not.

Network testing should also include running applications across other types of communication circuits such as MPLS, Metro Ethernet, wireless point-to-point and satellite. Testing these circuits allows you to have multiple options available should a disaster happen. Things may not go exactly as planned, so you need to have various solutions available for various scenarios.

For example, you might find that within the first 72 hours of a disaster, you must communicate over satellite because the communications infrastructure is down, and then in the following week, different data or voice circuits may come back up, allowing you to transition to less costly communication options.

Without testing, your network technicians will step into each disaster response meeting like deer in headlights and not be able to provide confident answers on what solutions will or will not work.

What if NASA had not run the Apollo communications exercises before liftoff? What would have happened each time the engineers lost communications with the spacecraft? I think there probably would have been a flurry of button pushing on both ends as engineers frantically tried to restore communications, followed by a long, tense period of time trying to get things back to normal.

Test your network recovery, give your technicians some experience to build their confidence, and learn from it! You will be amazed at the lessons you will learn from testing that can be applied to your day-to-day activities.

By: Steve O'Neal

Disaster Recovery Testing: Whose house are you going to meet at when your facility experiences a disaster?

If a disaster hit while you were reading this, where would you go? A better question is, where would all of your employees go? A common suggestion is to employ a work-from-home strategy where employees continue their daily work activities from home. Another solution is to utilize a backup recovery site. These can both be a good approach, but they need to be tested.

Many companies think they have tested the first solution because employees work from home all the time. The problem is that in a disaster scenario, everyone must work from home or the recovery site if the company’s facility is damaged.

While some employees may work from home day to day, having the entire company log in to the company network will put heavy stress on the Internet bandwidth, VPN concentrators, Terminal Server sessions, Citrix sessions, etc. The IT resource requirements being pushed to the limit by all employees at once will cause the system to slow down or stop working altogether.

Work-from-home or backup location strategies can work, but many problems will not reveal themselves until you simulate the extra workload. Finding ways to load balance the traffic across multiple sites (if you have that luxury) can be used to solve these issues. Unfortunately, many companies stop short of true testing, and someone from IT simply verifies that one or two sessions are working and then reports to management that the solution “works great.”

You should also consider the equipment and resources required at each employee’s home or at the recovery site. Do employees each have a computer that can run necessary applications? Is there enough Internet bandwidth to run the applications? What about employees who live in a rural area with only dial-up modem access? Some companies suggest that employees use their company-supplied laptops, but this won’t work if employees routinely leave the laptops at work.

Maybe you already have the data connectivity issue figured out, but what about voice communications? Customers will need to be redirected from the company’s phone system to an employee working from home or at a recovery site.

If you have a backup location, it is important to think through logistics such as parking, bathroom availability, coffee supplies, etc. One company showed up at its backup location only to find that the facility had no power. Further investigation revealed that vandals had stolen the copper wire from the utility poles as well as the air conditioning system.

The first step to identifying some of the problems explained above is testing. Once you have identified any problems, you can then address them in a timely fashion rather than under the gun in the midst of a disaster.

The process of testing also provides a learning opportunity to help your organization become smarter, leaner and more efficient. Finding ways to solve problems uncovered during testing can help identify better ways to carry out day-to-day business. These solutions can then be employed, and you will not only have a resilient disaster plan, but will be able to find ways to help the company save money. Testing identifies the issue and ingenuity solves it.

Finally, your company has probably spent plenty of money figuring out how to replicate data off-site. Has any money been spent to figure out how the employees will get to that data? If users can’t get to the data, why replicate it? 

Have you had any experience (good or bad) relocating employees when recovering from a disaster? What problems did you discover while testing a solution or responding to an actual disaster? Please share your stories!

By: Steve O'Neal

Popular Posts