[Webinar Recap] Lessons Learned: Call Center Recovery Testing

The Need for Call Center Continuity slide
Gone are the days of the call center being treated as a cost center. Both customer demands and compliance obligations are bringing the call center to the forefront in business continuity plans for businesses in many industries.

In a recent webinar with the Association for Continuity Professionals (ACP), Brandon Tanner, senior manager for Rentsys, discussed some industry trends that show the role call centers play in addressing customers’ expectations for on-demand service and in meeting compliance requirements for availability.

Brandon was joined by Rentsys customer Steve Hamilton, who’s the business continuity manager for Fiserv, a provider of technology solutions to the financial world. Steve explained the lessons his organization learned during a recent call center recovery test. These takeaways included the importance of manager participation in tests and making adjustments to daily operations when working in an alternate environment.

If you missed the live webinar, you can watch the recording here. Be sure to stick around for the Q&A session at the end. Attendees had plenty of questions about testing logistics, whether work-from-home strategies work for call centers and more.

Cybersecurity: Spend Big Bucks, Outsource or Be Hacked

When it comes to cybersecurity, businesses now have three choices:

    Blue cybersecurity concept
  • Pay a premium for full-time security talent
  • Outsource
  • Be hacked

These choices may sound extreme, but they’re the logical responses to a perfect storm of rapidly evolving cyber threats and inadequate education programs. This combination of factors has resulted in a shortage of skilled security talent for nearly 80 percent of organizations.

A recent article by NewsFactor painted this picture of the cybersecurity landscape, citing research by Intel Security with the Center for Strategic and International Studies (CSIS).

While several top universities offer cybersecurity programs, the curriculum is unable to keep pace with the evolution of security threats. When students leave these programs and enter cybersecurity roles, they’re unprepared to deal with current cyber threats, according to the vast majority (76 percent) of lT professionals.

It’s not surprising, then, that knowledgeable cybersecurity professionals are in high demand and that these positions pay an average of $6,500 more than other IT professions.

If you can’t afford in-house resources, outsourcing can give you access to the cybersecurity skills you require for functions such as ongoing risk assessment and mitigation, network monitoring and access management, and repair of compromised systems. You’ll be in good company — nearly 60 percent of organizations say they’ve outsourced cybersecurity work.

So what will it be for your organization: spend the money for full-time security talent, outsource or be hacked?

Don't Wait. Communicate.

Family looking at digital tabletSeptember is National Preparedness Month, and the timing couldn’t be better. The Predictive Services National Interagency Fire Center predicted a fire season of above-normal risk [PDF], and Hurricane Hermine made landfall on the Southeast coast on Friday.

When disasters like these strike, every second counts. That’s why the Red Cross has chosen “Don’t Wait. Communicate.” as the theme of this year’s National Preparedness Month. After all, you might have a perfectly plotted preparedness plan for responding to disasters, but that plan is useless if the right people don’t know the details of those plans. It’s also important for people to be able to communicate with each other in the midst of a disaster.

For tips on creating a family game plan, visit redcross.org, and then check out thisblog post for tips on how to include communications in your business continuity and disaster recovery plan.

How to Mitigate Knowledge Loss Due to Employee Turnover

Employee turnover is inevitable. In fact, in the last five years, employee turnover has risen from 14.4 percent to 16.7 percent and doesn’t seem to be slowing down. With the steady increase in turnover, organizations ought to be more concerned about knowledge loss, particularly when it comes to business continuity and disaster recovery (BC/DR) procedures.
Man confused because nobody wrote down the BC/DR plan

Here are a couple things you can do to help mitigate the ever-present risk of knowledge loss.

Recruit the Expertise of a Vendor

You might think it’s more efficient and cost-effective to manage all of your BC/DR processes in-house with a dedicated director or team of employees. This is true to a certain extent. Having one employee or even a small team in charge of your BC/DR is beneficial in that these employees are familiar with your business’s culture and processes as well as BC/DR best practices, which allows them to create a highly targeted BC/DR program. But what happens if any of those employees are unavailable during a business interruption or disaster? Or if one of the employees leaves the business? One of the ways to combat this risk is to outsource your BC/DR to a third party.

If you work with a vendor for BC/DR consulting and solutions, you can help reduce the impact of knowledge loss when employees leave your company. Because your vendor is immersed in the BC/DR industry on a daily basis, you don’t have to rehire or retrain a dedicated BC/DR staff member. While the vendor won’t be as intimately familiar with your internal processes as employees are, this isn’t necessarily a bad thing. When it comes to BC/DR, an objective third-party perspective can help you identify interdependencies or inefficient processes you didn’t realize existed.

In addition to helping prevent knowledge loss, you don’t have to worry about a vendor’s support being interrupted by the same power outage, natural disaster or cyber threat that’s affecting your business.

Document All Plans and Processes

Regardless of whether you keep your BC/DR in-house or outsource to a third party, documentation is critical. For one, your employees need to know what to do in case of a business interruption. If they’re in the dark about their roles in the recovery process, that will directly impact your recovery times. Ensure that all key employees — not just those responsible for the BC/DR program — have reviewed the documents and know where to access them.

If you’re outsourcing any aspect of your recovery process, documenting the recovery process eliminates any confusion about which parties are responsible for executing key recovery steps. Don’t forget to update your documentation any time your business experiences changes in objectives, technology or strategies. It’s crucial to keep an updated plan available so you don’t encounter gaps in your BC/DR program.

Employee attrition might be rising, but just because an employee leaves your business doesn’t have to mean your BC/DR effectiveness leaves with them.

Four BYOD Questions You Need to Be Able to Answer

Young people using smartphones
Check your schedule. Pay for your coffee. Read the news. Check the weather. Hail a cab. Jump on a video call. Email your mom. Ten years ago, most people used multiple mediums to accomplish these routine tasks: paper, computer, TV, phone, webcam, etc. Today, many people are using a single device to complete the many tasks that fill their days — and the lines between personal and work use are blurring.

Implementing a bring your own device (BYOD) policy at your company has its advantages — employees can be productive even when they’re on the go, for example — but it comes with risks too. From ransomware to data breaches, there’s a lot to be concerned about.

To even begin to mitigate those risks, you need to make sure you’re able to answer the questions below.  

Do You Know Who's Prying?

Imagine this scenario: One of your sales reps is on the road, but she needs to access and update a contract that lives on your local network.  She stops at a coffee shop and connects to its public WiFi. Little does she know that WiFi hot spot is also the target of a hacker who is swiping unencrypted data from everybody who’s connected to that router. The data sent and received by your sales rep can be easily poached by the hacker and released to the public on the internet, sold on the black market or held for ransom.

Public WiFi hotspots can be a scary place to connect, not because of the location but because you never know who is there to do more than check email. That’s why it’s important to have your employees use a virtual private network (VPN) to connect to the company network remotely. A VPN encrypts the data moving between the employee’s device and the company network, making it much more difficult for a hacker to access the data.

Do You Hear About It When Employees' Devices Go Missing?

Think you felt bad when you recently misplaced your iPhone? How do you think one Apple employee felt when he left an iPhone 4 prototype in a bar in 2010? Lost or stolen devices can give just about anybody instant access to company data if the devices aren’t properly secured. In fact, almost 70 percent of data breaches in the healthcare industry between 2010 and 2014 were caused by stolen devices. A $700 iPhone can feel pretty insignificant compared to millions of dollars in data recovery costs.

Personal and company-provided devices alike can easily go missing. A misplaced smartphone is practically inevitable. However, even minimal security practices can help keep devices from turning into goldmines for hackers. Locking functions such as the iPhone’s PIN code or the Android’s pattern lock can keep people out, while a remote memory wipe program can go a step further by deleting the device’s data from afar. Even if a hacker does gain access to the phone, there won’t be any data for them to corrupt or hold for ransom.

How Often Do Employees Update Their Phones?

Unlock your iPhone and open the App Store. How many updates are waiting for you? Are you using the latest version of your operating system (OS)? Some of us obsess over getting everything updated as soon as possible, but not everybody is in a hurry when a round of updates appears in the queue. Many people resist updating apps and OSes because of functionality problems caused by past updates.

However, not updating OSes and apps can leave devices vulnerable to attack. Most updates exist to fix known glitches or close security vulnerabilities rather than to add or remove features. Even traditional PCs require occasional updates to improve security — smartphones, tablets and apps are no different.

If an OS update is released, have your IT department test it to make sure it doesn’t affect the functionality of any business-critical apps your BYOD employees use. If there are no issues, inform your employees that they need to run updates as soon as possible to help keep company data secure. Also remind employees to routinely update their apps to close any known security holes.

Who's Downloading What?

Daniel was really interested in a particular smartphone app’s organizational features, so he didn’t pay much attention to the terms and conditions or the permissions he allowed when he downloaded it. Daniel unknowingly gave the app access to every bit of data on his phone — from web and search history to emails. What started as a quest to be more productive led to the risk of company emails with sensitive information landing in the wrong hands.

Apps that request broad permissions can be especially problematic if your employees access company email through their device’s built-in email app. These apps typically store email data locally on the device, meaning another app that’s been given access to that data can give hackers or malicious developers the ability to browse confidential corporate emails.

Your employees should always be careful about what they’re downloading to their personal devices, but you should have an acceptable use policy if they’re also accessing company emails or networks from the same devices. Require employees to double check the permissions and validity of every app they use. While it might be tedious and require the deletion of a much-enjoyed app, a security breach sourced from a remote personal device should be treated no differently than an on-site security breach.

Despite the risks, BYOD offers small- to medium-sized businesses an excellent way to avoid the costs associated with purchasing and servicing company-owned devices. However, without strict BYOD policies and procedures, you’re susceptible to data breaches that can turn into nightmares. 

How Should Your Business Prepare for the Internet of Things?

Smart city and wireless communication network, internet of things
The imminent rise of the Internet of Things (IoT) brings you the potential to give your customers the option to connect to online tools they use every day from a growing range of devices.

But before your business can take advantage of the benefits of IoT, like new product opportunities and real-time data that can bolster operational efficiency, you need to make sure your core IT infrastructure can handle the demands of IoT.

A Pew Research Center report predicts that IoT will be thriving by 2025, which may present a danger to businesses that try to advance their products at the same pace as technological advancements — before updating the systems that support them.

Here are a few suggestions on how to prepare your company infrastructure before it’s crippled by the demands of IoT technology.

Prevent System Downtime 

Technological advancements have created a customer base that expects constant accessibility to applications. If your business plans to introduce applications that run on IoT technology, you want to be able to keep customers happy by offering reliable application uptime.

Your business can minimize system downtime by having a clear business continuity plan (BCP). When business interruptions occur, an off-site cloud recovery platform can protect your IT infrastructure and keep you connected to your data and applications. Constant connection with business data is already imperative, but when it comes to IoT applications, connectivity is invaluable.

Adapt to Fluctuating Data Demands

As IoT technology grows, data demands will only continue to increase. Built on cloud computing and a network of sensors that constantly gather data, IoT could potentially overload any company infrastructure that isn’t prepared to store an increasing amount of data.

The 2016 IBM report “Growing Up Hybrid: Accelerating Digital Transformation” notes that forward-thinking organizations are using hybrid clouds, which utilize public and private clouds, to gain a competitive edge in the implementation of IoT and accommodate its high data demands. Adopting a hybrid cloud model for data vaulting can give your company the ability to get ahead of the impending mass of data that your IoT applications may gather.

Protect the Perimeter

IoT offers you the benefit of leveraging data gathered from users in order to improve products or connect with customers more effectively. However, the increased number of devices connecting to your business network offers more entry points for cyber criminals. Your business can guard against the increased risk of hackers by implementing a strong network security system.

An effective network security strategy should include intrusion detection and prevention, deep packet inspection, port scanning, protocol inspection, perimeter anti-virus and malware blocking. To safeguard your business, look for a network security solution that doesn’t require the purchase of additional modules or applications. Having multiple separate security modules or applications can create gaps in your cybersecurity, making your business more vulnerable to cyber threats like malware and hackers.

Cyber crime has steadily risen in the past few years, and IoT technology promises to contribute to this growing threat. Before offering an application that runs on an IoT device, fortify your company infrastructure so the increased cyber risk doesn’t take you by surprise.

To fully capitalize on IoT, make sure your business has a clear BCP, an adaptable method for data vaulting and a strong network security solution in place.

How does your business plan to implement IoT? Let us know in the comments! 

How Can Cybersecurity Help Grow Your Business?

Business Success GraphAs cybercrime increases, cybersecurity is necessary for safeguarding a business, but the budgets allocated to it reflect that it’s not a spending priority. According to the 2015 Global State of Information Security Survey, cybersecurity budgets only rose by 24 percent from 2014, despite a 38 percent increase in detected information security incidents.

Now what if we told you that cybersecurity wasn’t just a cautionary expense but an investment?

With the growth of data analytics and the digitalization of business functions, businesses are able to offer online services that allow them to easily reach new markets. This digital growth requires an expanding computer network, which means higher cyber risk.

To take advantage of technical innovations that make growth possible while minimizing risk, your business should implement a dependable and easily adaptable approach to cybersecurity. This approach involves two key elements.

Centralized Security Platform

Centralizing your network security simplifies network management and increases network efficiency by integrating security applications like anti-virus, intrusion detection and protection, and Internet traffic monitoring rather than contracting several security solutions. Integrating these functions minimizes security gaps that occur when several applications are running on the same network.

When your company streamlines security applications, system updates are efficiently deployed across all security functions rather than updated individually. With more cohesive system updates, an integrated network security solution allows you to prepare for or respond more quickly to cyber threats. Focusing management efforts on an efficient cybersecurity platform can enable your business to grow into new markets without sacrificing functionality or risking confidential data.

Employee Training

Your business exposes itself to threats like ransomware if your employees aren't properly educated in simple cybersecurity practices. In the Global State of Information Security Survey, employees remain the most cited source of compromise at 22 percent. Promote a culture of security within your business by educating employees on how to avoid cyber threats in their everyday work activities.

Cybersecurity education teaches employees security best practices like how to create more secure logins and recognize phishing emails. Your employees should also know to report immediately to IT when they think a device is affected by ransomware. Investing in an interactive training program can improve employee cooperation to help protect your business from cyber attacks, which could impede your business’s growth.

Streamlining security management efforts and promoting a culture of security within the company serve as investments in business growth by making it possible to enter new markets without unnecessary exposure to cyber attacks.

To learn about how to prevent a cyber attack, read our post “Five Ways to Thwart a Cybersecurity Nightmare”.

[Webinar Recap] Cyber Breach Exercises: Bringing IT and the Business Together

Is Technology Alone Enough? Slide
Cyber attacks are one of the most prevalent forms of business interruption in today’s tech-friendly world. Currently, many businesses are fighting back by spending more on new technology to boost their cybersecurity. However, developing a sufficient response strategy to combat cyber attacks can be difficult since IT, BC/DR and crisis management have individual processes.

In our most recent webinar, Brandon Tanner, Rentsys senior manager, and Philip Bigge, VP of consulting services for Ripcord Solutions, provided insight on how to design exercises that help your business create a business-wide, cohesive cyber breach response strategy. Some tips from the webinar include:

  • Unify attendees in one location.
  • Separate attendees into teams with members of the same departments on separate teams (so every team has members from each department).
  • Create a balance of leaders and employees within each team.
To hear more, listen to the webinar here.

Cyber Insurance Is No Substitute for Business Continuity Planning

These days, the likelihood of a business experiencing a data breach or cyber attack like ransomware is at an all-time high, and this growing concern has led organizations to seek out solutions like cyber insurance policies to protect themselves against the threat.
Stamp of approval of insurance coverage

Although cyber insurance policies can cover some of the damage caused by a business disruption, they don’t always address some of the key issues that arise during a data breach, like the cost of reputation damage and loss of customers. In order to fully protect your business, a cyber insurance policy should be coupled with a thorough business continuity plan (BCP). Here are a few things to keep in mind about cyber insurance policies.

Payout Requirements

Before coverage can apply, businesses experiencing a breach have to meet certain requirements. In order to ensure that the incident isn’t something that happens frequently, many cyber insurance policies require businesses to wait six to 12 hours before the incident can be deemed a legitimate business disruption. Larger companies typically have to wait even longer due to the assumption that they can afford more loss before needing any aid.

Furthermore, cyber insurance policies don’t always provide reasonable coverage for ransomware attacks. Although this type of coverage — called “cyber extortion” coverage — varies, many times the policy deductible will cost more than the ransom amount. Others cover the cost of paying the ransom but require a business executive to agree to pay the ransom, which is strongly discouraged by the FBI.

Coverage Gaps

Every cyber insurance policy is different depending on the industry and size of the business, but the most common components of cyber coverage are errors and omission, media liability, network security and privacy. However, a few important areas that are not currently covered by cyber insurance are reputational harm, future revenue loss and the cost of IT system improvement.

Sometimes cyber insurance doesn’t even cover the full cost of a data breach. When the P.F. Chang’s restaurant chain was hacked in June 2014, the chain’s cyber policy only covered $1.7 million of the total cost. Due to some exclusions in the policy, the coverage did not apply to an additional $1.9 million that P.F. Chang’s reimbursed to Bank of America for charges made as a result of leaked credit card information.

Risk of Misinterpreting the Policy

If you have a cyber insurance policy in place, ensure that you understand what specifically is covered in the event of a data breach. Sometimes, even though a policy has cyber extortion coverage, it may not cover “first-party” costs like public relations expenses, profit loss during downtime and the cost of investigating the breach. Or in some cases, the policy will cover data breach costs only if the breach is committed by someone within the company’s walls or as a result of human error.

One example of a business misinterpreting its insurance policy occurred in April 2011, when Sony’s PlayStation network was hacked, causing Sony to lose $178 million in profits. Sony sought coverage from Zurich and Mitsui Sumitomo Insurance Company, which filed suit in New York state court, stating it was not obligated to cover the hack because Sony had misinterpreted a phrase in the insurance policy. The courts sided with Zurich, citing the fact that the policy requires the policyholder to commit the act, and Sony’s breach was committed by a hacker.

Cyber Insurance Works Best With a Business Continuity Plan

Although cyber insurance helps cover certain costs of a data breach, it’s not enough to completely support your organization in the event of a breach.

Business continuity planning requires you to identify weak points in your organization, such as out-of-date IT infrastructure, lack of an off-site data vaulting solution and employees who are uneducated about cyber security best practices. Proactively identifying these vulnerabilities ultimately helps reduce the chances of a cyber breach from occurring.

If your business is still affected by a breach despite your precautions, a business continuity plan helps mitigate the impact of areas cyber insurance doesn’t cover, like developing plans for managing the business’s public image after a breach, testing processes for getting systems back online and helping employees get back to work again.

What are you doing to improve cybersecurity in your business? Let us know in the comments.

Tips to Keep the Fourth of July Safe and Exciting

With July Fourth just around the corner, this week it seemed appropriate to focus on personal disaster preparedness. We've come up with a few ideas to help you and your family safely celebrate the holiday weekend.

Independence Day image Grill Responsibly

According to the National Fire Protection Association, there are approximately 8,900 fires caused by grills each year. In fact, just last month, a family in Oregon experienced a fire after leaving the grill unattended on their back deck. If you're grilling this weekend, be sure to supervise your grill to prevent any accidental fires.

Exercise Caution When Using Sparklers and Fireworks

When you consider that cakes bake at 350 degrees and glass melts at 900 degrees, a sparkler burning at a blistering 1,200 degrees is extremely dangerous. Although it's a fan favorite, take precaution with sparklers this weekend and make sure to keep a safe distance from others to prevent burns.

If you're shooting off fireworks (legally, of course), be sure to set them off a safe distance away from buildings and have a fire extinguisher nearby.

Be Aware of Burn Bans

Before firing up your grill or lighting any sparklers, find out if there are any burn bans in effect in your area. If there are, follow your state's guidelines when participating in Fourth of July festivities that involve fire.

Review these other firework safety tips to help keep your weekend injury-free.

SMEs Become Major Target for Cybersecurity Attacks

Cyber attacks have become an expensive and frequent danger to businesses of all sizes. The cybersecurity attacks that usually make headlines are ones affecting large businesses, but it turns out that 62 percent of all cyber attacks target small and midsized businesses.

Small and midsized enterprises (SMEs) are not lucrative individually, but automation has made it possible to attack them by the thousands. Because various SMEs are affiliated with larger organizations and may have access to the data of these partners, hackers may also see SMEs as a gateway to larger corporate networks.

SMEs tend to be easier targets than large companies, because their budgets are usually smaller and don’t prioritize cybersecurity. However, the cost for victims to recover from a cyber attack has steadily increased each year, regardless of the size of the business. Cyber attacks are expensive due to lost productivity and recovery expenses, which can cost a brand millions in public relations consulting fees, customer outreach efforts, advertising campaigns and liability suits.

The staggering cost of a potential cyber attack makes network security and a technical risk assessment essential for a business to prepare for and recover from a security breach. As the digital age continues, cybersecurity grows more important.

Take time to identify any weaknesses in your business’s cybersecurity and create a plan for correcting them. For more information on how to prevent cyber attacks, read our post “Five Ways to Thwart a Cybersecurity Nightmare.” 

Limit Downtime This Hurricane Season

Floods from hurricane destroy roads and office buildingsWith hurricane season now in effect, several large storms are already causing major flooding in Houston, TX. An estimated $1.3 billion in damages is slowing or temporarily halting business operations for many companies in the area.

However, instead of suspending essential business activities, one company is making the most of the recent floods. Houston-based independent electricity provider AP Gas & Electric (APG&E) used the surge of downpours as an opportunity to test its preparedness for the more considerable storms that are likely to hit in the coming months. By sticking to its predetermined business continuity plan (BCP), APG&E is able to continue providing electricity to its customers, saving the company time and money that would have been lost had it closed down.

If your business is on the coast, follow APG&E’s lead and make sure you’re prepared to minimize downtime in the event of flooding, storm surges, extreme winds and even subsequent tornadoes this hurricane season. Here are a few suggestions to help you start your BCP.

Create a Plan That Addresses the Entire Business

There’s a common misconception that business continuity planning only affects the IT department. In fact, whether you create a business continuity plan (BCP) internally or choose to outsource it, your BCP should involve plans for getting critical processes and departments up and running again.

If you already have a BCP in place, third-party consultants can provide an objective view of your business and make suggestions for your BCP so that your plan is effective when interruptions occur.

Prepare Alternate Workspaces

Whether there’s physical destruction to your building, or employees and customers are unable to travel, damages from disasters can hinder your ability to maintain normal business activities in your primary office space. If you need to relocate business operations, make sure you have access to an alternate workspace as soon as possible.

Fully equipped alternate workspaces like Mobile Recovery Centers (MRCs) can be made available within as little as 24-48 hours of a disaster declaration, while fixed-site Business Recovery Centers (BRCs) can be made available within as little as four hours of a declaration. Once the alternate location is set up, your company can begin to successfully restore business operations.

Back up and Recover Your Data

Having access to your data and applications is imperative when disaster strikes. A fully managed and monitored cloud data recovery service will protect your IT infrastructure. With secure data vaulting and recovery, your data will be recoverable on- or off-site within your recovery time objectives.

Hurricane season is upon us, so make sure you take the necessary steps to prepare your business before it’s too late. To see how another business remained operational during hurricane season, check out this post.

[INFOGRAPHIC] Why Employees Are the Leading Cause of Data Breaches

Employee data breaches have become a major concern in today’s corporations. An astounding 60 percent of companies believe their employees are not knowledgeable about potential security risks. 

Learn more about the leading cause of data breaches by checking out this infographic by Experian.

Infographic depicting the causes of data breaches

Data breaches are here to stay. To learn more about the harm they cause, read this post.

Three Unexpected Opportunities for Business Continuity ROI

ROI concept
“What’s the ROI on that?” is one of the most popular questions management asks when evaluating business programs and projects. When it comes to business continuity programs, the answer is often “Well, there’s not really any ROI unless you experience a disaster. It’s like insurance.”

Because of this perceived lack of immediate value, budgets often get diverted away from business continuity to other projects that produce more tangible results. In fact, 49 percent of businesses don’t even have a comprehensive business continuity and disaster recovery (BC/DR) plan, leaving their entire company at risk because of the lack of an obvious ROI.

But what you may not realize is that business continuity programs do produce ROI — and you don’t even have to experience a disaster to reap the benefits.

Identifying new opportunities begins with the business impact analysis (BIA), when you assess and prioritize critical business processes, employee roles and technology. As you take a closer look at the inner workings of your business, you’re likely to discover new opportunities for cost savings or even revenue generation. If you work with a consultant who can provide an objective BC/DR assessment, we can almost guarantee you’ll find areas for improvement within your company.

Here are just a few ways you could realize ROI from your business continuity program.

Phase out Outdated Processes

Do you have manual processes that can be automated? In an IDC Technology Spotlight, 33 percent of respondents said their workflows involve manually extracting content from paper documents. By automating outdated processes like these, you can have employees spend that time focusing on other activities that advance the business.

Shorten Approval and Revenue Cycles

Are there too many unnecessary people involved in approval processes, thus slowing down project and revenue cycles? During the BIA process, you’re forced to identify critical processes, as well as the people and resources that perform those processes. What many businesses realize during the BIA is that certain processes have unnecessary touchpoints. Simplifying these processes will make business continuity more efficient and cost-effective. On a day-to-day basis, you also have the potential to identify ways to shorten your approval times and revenue cycles.

Decrease Vendor Investments

How many vendors do you work with? In an Institute of Internal Auditors Research Foundation (IIARF) survey, 42 percent of respondents said they rely extensively on third-party providers. Of those who use third parties, 90 percent said they used technology vendors. In some cases, you can consolidate the products and services you receive and cut down on the number of vendors you work with. By bundling products, you can reduce the money spent and increase the value provided from those services. You would also decrease organizational risk, as the more vendors you work with, the more you open yourself up to security issues such as third-party data breaches.

As you can see, having a BC/DR plan in place isn’t just about being prepared for a disaster. An effective plan can help you make your processes more efficient, improve data security and save you money.

[Webinar Recap] How to Get the C-Suite to Prioritize Cybersecurity

Webinar slideOne of the most important pieces of a successful breach response is senior executive involvement. Yet research by Ponemon Institute shows that only 45 percent of executives believe they’re accountable for the incident reporting process. In fact, they view breaches as part of the cost of doing business.

Convincing the C-suite to prioritize cybersecurity can sometimes feel like an uphill battle, which is why we spoke on that topic during our recent webinar with the Disaster Recovery Journal. During the session, Rentsys Senior Manager Brandon Tanner and Director of Network Services Scott Frieszell offered their top three tips for getting the C-suite on board with cybersecurity initiatives:

  • Don’t start at the top. 
  • Emphasize the benefits to stakeholders in each department.
  • Provide a picture of the total impact.
     To hear more, check out the webinar recording here

    Four Ways to Keep Your ePHI From Becoming a Statistic

    Doctor using a computer
    Medical Provider Struck by Hackers!

    Insurance Giant Suffers Massive Data Breach!

    Millions of Patients Have Data Stolen!

    It seems like there are new headlines about data breaches in the healthcare industry every month — if not more frequently. In the last few years, electronic protected health information (ePHI) has become the primary target for hackers, and it's easy to see why.

    According to a recent report by Reuters, ePHI fetches 10 to 20 times more than credit card data on the black market. That's why organizations that handle healthcare data are prime targets for data breaches and theft. In fact, 28.5 percent of the entire U.S. population was affected by just two — Anthem and Premera — healthcare data breaches that were discovered in 2015.

    Starting to feel a little overwhelmed? Don't worry. Here are four things you can do to keep your ePHI safe from prying eyes.

    Encrypt Everything

    In 2013, two laptops were stolen from a secure office at a hospital in California. The laptops contained ePHI such as financial information, health conditions and demographic information. Unfortunately, the data wasn't encrypted, so the hospital had to notify 729,000 individuals that their ePHI had been compromised. The hospital implemented policies and procedures to reduce risks to the patients' ePHI, but the damage was already done. Had the laptops been encrypted, the hospital could have protected the information.

    A recent article by Health Data Management points out that it's easy to encrypt everything, since encryption tools are embedded in current operating systems and come with nearly every device. (If a device doesn't have built-in encryption functionality, that's a sign that it's outdated and shouldn't be used to handle ePHI in the first place. We talk about that more below.) Yes, encrypting all your data costs time and money, but it's a drop in the bucket when you compare it to the cost of recovering from a breach.

    Know Who You're Working With

    While keeping ePHI out of the hands of outside thieves is hard enough, you also need to be able to trust your employees and your vendor's employees with the sensitive information. The U.S. Department of Health and Human Services' Office for Civil Rights (OCR) maintains a "wall of shame" website listing major healthcare data breaches. Of the 1,472 breaches on the website, 309 (21 percent) involved a business associate. These associates were responsible for exposing 32.8 million records.

    You should thoroughly vet your employees and vendors who have access to your ePHI to make sure they're not susceptible to using the information for personal gain. Routine audits can catch employees who are putting their noses where they don't belong.

    Stop Using Outdated Devices

    Encrypting ePHI and auditing employees' system usage can go a long way toward better controlling patient data, but the ability to do those things can be hampered by outdated technology. The healthcare industry is traditionally slow to adopt new technologies, and old communications methods and technology (such as pagers) are costing hospitals $8.3 billion per year.

    Obsolete, poorly secured technology leads to vulnerabilities in your network. In fact, even one outdated system connected to the network could provide hackers with a back door. To monitor for threats, use a firewall service that includes intrusion detection and prevention, port scanning and protocol inspection, and perimeter anti-virus/malware blocking.

    Don't Count on Obscurity

    When healthcare giants like Anthem and Premera make headlines with massive data breaches, you might think you can get away with less-than-cutting-edge ePHI security by being a smaller provider. After all, hackers are only interested in big scores, right? Wrong. ePHI from a small physician's practice is just as valuable as ePHI from an insurance giant. According to a recent Health Data Management article, smaller providers represent a tantalizing target for hackers for one key reason: They're easy targets.

    A lack of awareness about what the hackers are capable of and concerns about cost have kept many small healthcare providers from being properly equipped to handle sophisticated cyber attacks. Regardless of the size of your practice or company, you should always be aware of the threat of cyber attacks and keep your company prepared to fend off hackers. The cost of keeping your patients' ePHI secure pales in comparison to the consequences both you and your patients could face after a data breach.

    To find out more about how to keep your data safe, read our post "Five Ways to Thwart a Cybersecurity Nightmare."

    Q&A: Brandon Tanner on the Hybrid Cloud

    Brandon Tanner
    We recently sponsored a Disaster Recovery Journal (DRJ) webinar, during which Brandon Tanner, our senior manager, discussed the evolution of hybrid cloud disaster recovery as a service (DRaaS) and the challenges addressed during its development. (If you weren’t able to attend the webinar, you can listen to it here.) During the Q&A session at the end of the webinar, attendees wanted to know more about how hybrid cloud DRaaS fits into their work environment. We've highlighted a few of their questions below.

    Q: How does a managed service in the cloud differ from one our IT team manages, and who is responsible for what?
    A: It varies depending on who the managed service provider (MSP) is, but if the MSP offers a hybrid solution, they typically handle both environments. So, for example, instead of your IT team handling a particular on-site infrastructure and solution, the MSP handles both the on-site and off-site component, whether it's a public or private space.

    That service provider is tied to service level agreements that give you remediation both for local and off-site solutions, so it's a seamless end-to-end solution. With an in-house solution, you're on the hook for managing it yourself.

    Q: What specific workloads are best suited for the hybrid cloud?
    A: It varies depending on your business. For example, data analytics and seasonal demands are some of the workloads the public cloud does a good job of.

    Dedicated workloads specific to the organization may have certain sets of data, parameters, types of software or uses associated with them. These workloads might need to be managed locally to ensure connectivity, minimize bandwidth requirements and keep costs down. It depends on how an application is built and how users access systems and data. So you have to understand what apps people are accessing and what speed those apps require. You also need to know whether or not they need to run independently if, for instance, the outside network is unavailable.

    Q: What are your strategies for providing DRaaS to customers who have a mixed environment of VMs and physical servers?
    A: The solution needs to address how you handle both physical and virtual environments and how they fit into your data management strategy, whether it's data replication or recovery. You may have hardware that's replicated to other hardware, and you may have your virtual environment that's replicated to a virtual environment. Or you may have an on-site solution that's backing up both physical data and virtual environments locally. Your recovery strategy then becomes a matter of asking yourself, "Do I need to dropship equipment in, do I need to keep spares on-site, or do I want to replicate that data off-site, where there's spare hardware that can be used?"

    In our experience, from a recovery standpoint, we take physical infrastructure and recover it into a virtual environment, and oftentimes, once we've done that, the client stays in the virtual environment. The only exception is when the client uses equipment with a specific use. We've also seen a lot of testing that has moved the physical world into a virtual world. But you can't virtualize everything, so you have to account for that hardware component as part of your solution, both in a private infrastructure and in a public cloud infrastructure.  

    Q: What are some of the gotchas to be aware of with hybrid cloud and DRaaS offerings?
    A: Number one is connectivity and communications, both WAN and LAN. You could say it costs you a penny a gig to store things up in the cloud. But you still have to be able to access it. Connectivity could be a major gotcha, depending on the architecture of your solution. If you put everything up in a public cloud, and you're running the users in the private cloud, all the data has to move back from that cloud environment. You're moving a lot of data back and forth, so architecture related to your applications and systems is critical.

    The other thing is cost containment. With these hybrid models, it's easy for a private cloud provider to give you a fixed cost or a model with some variability. If you have a hybrid model with stuff in the public cloud and you need to recover something or need help with an issue, a lot of those costs are a la carte. They're advertised as storage costs, cost of server instances, those kinds of things. That all comes with the hybrid cloud solution, so you need to make sure that either you or your provider has the knowledge to account for some of those additional variable costs.

    For more cloud Q&As, check out this post

    [INFOGRAPHIC] The Sick State of Healthcare Data Breaches

    Data breaches in the healthcare sector have become an epidemic. In the next five years, the industry could lose as much as $305 billion in lifetime patient revenue due to cyber attacks.

    To learn more about the sick state of healthcare data breaches, check out this infographic by LightCyber.

    The Sick State of Health Care Data Breaches

    Want to learn how to prepare for a cybersecurity breach? Read our post "Five Ways to Thwart a Cybersecurity Nightmare."

    How Do You Maintain Business Continuity When Your Business Is Part of a Crime Scene?

    Police crime scene tape close up
    In April 2015, Baltimore, MD erupted in chaos as protesters stormed the streets following the death of 25-year-old Freddie Gray. Rioters showed no scruples about damaging physical property, and a Small Business Administration survey later estimated the damages at $9 million.

    But while many businesses weren’t equipped to handle the disruption, one local service provider was prepared. Rather than shutting its doors while waiting for the rioting to subside, the business simply relocated its operations to a building it owned outside of the hot zone. The building was already equipped with tables and chairs, and the business worked with a third-party business continuity and disaster recovery (BC/DR) vendor to have office equipment shipped in within 24 hours.

    What would you do if your business experienced an interruption due to a civil unrest, a terrorist event, workplace violence or other kind of event that might make your own organization or city a crime scene? Follow the lead of the Baltimore service provider and take these precautions:

    • Have physical space ready. It could be a building you own, a previously contracted third-party building or a mobile workspace.
    • Make sure you have access to backup equipment, whether it’s your own inventory stored off-site or equipment that you’ve precontracted from a BC/DR provider.
    • Make a plan of action and test it. Creating a plan of action and testing it helps your employees know what to do in the heat of the moment and helps you fine-tune the plan.

    Unfortunately, you won’t receive prior notice when a crime occurs on your doorstep. But with some advance planning, you can relocate your operations and protect your business. 

    To learn more about integrating workspace recovery and IT disaster recovery to maintain business continuity, read this post.

    DRaaS Can Unlock Revenue Potential for Resellers

    Restaurant cloche with cloud computing symbolIf you’re a reseller and haven’t added disaster recovery as a service (DRaaS) to your portfolio, you could be missing out on vast revenue potential. Here are two reasons why.

    Fewer Businesses With DR Plans Means More Opportunities for You

    Surprisingly, 49 percent of businesses have yet to implement a comprehensive business continuity and disaster recovery (BC/DR) plan. While this doesn’t bode well for those organizations, it means resellers have a wide-open door for successfully selling DRaaS services.

    For companies that are just getting started with DR — and even for those who already have a DR plan in place — DRaaS solutions are an easy in. The solutions offer easy implementation, access to vendor expertise, fully managed IT infrastructure and the ability to meet recovery time objectives of as little as less than two hours. Gone are the days of having to build out a redundant environment in-house. More companies are realizing this fact, and the market is expected to grow 739 percent during the span of 2015 to 2020. Take advantage of this momentum early on.   

    Businesses Are Prioritizing Strategic Objectives in IT Spending

    According to research by IDG Research Services, most organizations aren’t pouring money into maintaining or improving the value of legacy systems anymore. Instead, they’re investing in technology that can help the business meet key objectives. These objectives include improving the customer experience, managing costs, increasing operational efficiency and mitigating risk.

    When it comes to mitigating risk, security and BC/DR projects are two of the top technology initiatives currently underway. As an IT reseller, you’ll experience the most success when your solution portfolio aligns with these business drivers. Because DRaaS has the ability to reduce downtime, enable more efficient DR testing, adhere to compliance requirements and more, organizations will find that it’s a good fit for their strategic objectives.

    Realizing these benefits, we recently added a DRaaS solution to our reseller program. To learn more, read this press release and visit our Partners page.

    Five Ways to Thwart a Cybersecurity Nightmare

    Malware virusEmployees of Hollywood Presbyterian Medical Center received a nasty surprise on February 5 when they discovered that a hacker had infiltrated the network and taken the computer systems hostage using ransomware. In exchange for the decryption key, the hacker demanded 40 bitcoins, which is approximately $17,000. In the interest of restoring the network quickly, the CEO decided to pay the ransom.

    The hospital reported that patient care wasn’t compromised, but the incident is yet another example of the sobering prevalence and potential impact of cybersecurity threats.

    While some organizations are greater targets for security breaches because of the type of data they handle and its value on the black market (healthcare and financial organizations are prime targets), no business is impervious to cybersecurity threats.

    Here are five of the most important things you can do to prevent or minimize the impact of a cybersecurity breach on your company.

    Protect the Perimeter

    The most effective way to prevent the spread of malware is to thwart it before it penetrates the network. This might seem obvious, but even big firms lack adequate security protection. Make sure your business uses a perimeter anti-virus that can filter out viruses at the network edge in a complementary manner to PC-based anti-virus services.

    Sometimes, though, even if a business is using anti-virus software, malware breaches the perimeter and resides in the network unnoticed. That’s what happened in the infamous Anthem breach — the hack is estimated to have started as early as April 2014, but it wasn’t discovered until January 2015. To prevent an ongoing breach, implement intrusion prevention services that inspect, quarantine and log any suspicious activity.

    Beware of Outdated Software

    In a recent survey, Cisco technicians analyzed 115,000 of its devices installed in customer environments, viewing them as they would be seen from the Internet. They discovered that 92 percent of the devices examined were running software with 26 vulnerabilities on average. They also found that some customers in the financial, healthcare and retail sectors were running outdated software.

    Because software updates usually include patches for newly discovered vulnerabilities, running earlier versions of the software could leave your network susceptible to a security breach. Be sure to install updates as soon as they’re available.

    Protect Data

    As one senior managing consultant for an e-discovery firm points out, just because a hacker is successful at breaching your network perimeter doesn’t necessarily mean your critical or sensitive data has been compromised.

    Computer crime conceptTo protect your sensitive data, however, it needs to be encrypted. You should also maintain full backups of your IT environment. Backups are crucial if your network is taken hostage by ransomware, as Hollywood Presbyterian Center’s was. In this scenario, you can avoid paying the ransom by restoring your network from a backup. As a caveat, this strategy won’t work if your backups have also been infected by malware — another reason having intrusion detection services is important.

    Educate Staff

    Human error accounts for about 52 percent of the root cause of security breaches. When it comes to cybersecurity specifically, phishing is a major culprit. Most computer-literate people are aware that they shouldn’t click links in suspicious emails or enter information on web pages that appear untrustworthy, but hackers are becoming more sophisticated in their methods, and it’s becoming harder for people to spot phishing attempts.

    Whaling is especially notorious for scamming employees. In this phishing method, highly customized emails containing the target’s name, job title or other information are sent to a high-profile recipient (usually a C-level executive) from a source that mimics a person or entity the recipient is familiar with.

    To help your employees avoid making a critical error or being duped by hackers, make sure you educate employees on handling sensitive data with care and on how to identify phishing emails. Also give them a clearly outlined process for reporting any suspicious emails.

    Give Employees a Secure Way to Work Remotely

    It’s rare nowadays for a company not to have some employees that work remotely at least part of the time. However, if those employees connect to public Wi-Fi networks to do their jobs, they’re putting your company data at risk if they don’t take the proper precautions.

    Ideally, your employees should have the ability to access your network through a company virtual private network (VPN), which encrypts traffic between the employee’s device and the business’s network.

    These recommendations are only scratching the surface of a thorough, effective cybersecurity plan. For more tips, review the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool, which the FFIEC released in 2015 as an appendix to its IT Examination Handbook.

    [Webinar Recap] The Hybrid Cloud and DRaaS

    "What Is the Hybrid Cloud?" PowerPoint slideToday the hybrid cloud is the backbone of several disaster recovery as a service (DRaaS) solutions on the market. These solutions are helping DR planners and IT personnel better manage diverse workloads, achieve more aggressive recovery time objectives, meet compliance requirements for data handling and more. But the hybrid cloud wasn’t always welcome in the IT DR world.

    In a recent webinar with the Disaster Recovery Journal, Rentsys Senior Manager Brandon Tanner discusses the history and challenges of the hybrid cloud and explains why businesses are now adopting it in droves.

    Check out the recording here.

    [INFOGRAPHIC] World’s Biggest Data Breaches

    Anthem Health Insurance, Home Depot, JP Morgan Chase and Ebay might be in completely different industries and have different target markets, but they have one thing in common: Since 2004, they have each experienced a security breach totaling millions of records.

    In this interactive infographic by Information Is Beautiful, data about these incidents and dozens of others totaling 30,000 records or more have been compiled to create a visual representation of the magnitude of the world’s biggest data breaches. The causes of the incidents range from accidentally published information to hackings to inside jobs.

     Click the image below to explore the infographic.

    [INFOGRAPHIC] World’s Biggest Data Breaches

    To read more about three security breaches that shined the spotlight on cybersecurity (including the Anthem and Home Depot incidents), check out this post.

    Popular Posts