Is Your Business Disaster Proof?

The Pacific Northwest has boundless reasons for calling this area home. While living here is virtually free from tornadoes, tropical storms, or hurricanes, we do have our own threats from Mother Nature that need addressing. Earthquakes, volcanoes, floods, and other natural disasters can be catastrophic in every sense of the word.  For your small business, these events can be devastating and the loss of critical business data has the proven ability to put your company out of business. The good news is that there is a great deal you can do to prepare before a disaster strikes.

The cardinal rule for disaster recovery and business continuity is that if you fail to plan, you plan to fail. It is that simple – you need to have a viable plan prior to disaster striking. Here are a few tips to better protect your business.

Keep in mind that with proper insurance for your business, in the event of a disaster your property will be replaced. Laptops, desktops, servers, routers and such are commodities, while your data is irreplaceable.   It is nice to know that the carpeting, furniture, computers, and even the clock on the wall will be replaced if your building is leveled in a disaster. However, what about the data that reside on your computers?

1. Determine what keeps you in business.
Your first step in adequately preparing your business for a disaster is to identify what matters most and take steps to address that. Take a critical look at your operations and realistically look at how the loss of each computer or server affects your business. To one business, the loss of several computers may be a mere annoyance, while to other businesses each computer serves a vital function and the loss of any one would grind operations to a halt.

2. Identify what you need to protect.
Once you know how each computer supports your operations, you need to then identify where the data is located. Some users access data stored locally on that workstation, while others may access stored centrally on a server. You may know your business better than anyone else, but where the data is stored may be above your level of understanding. Guesswork is not an option and if you do not know, please call your IT provider for their assistance. Properly identifying and backing up data is far too important to approach haphazardly.

When you’ve identified the role that each computer plays and where the data is stored, it is much easier to come up with an appropriate approach to protecting the data. Most applications have their own “preferred” methods of backup, so it is always important to follow manufacturer guidelines:

- CRM software (e.g. Gorilla, Point, ACT!, Needles, Medisoft, etc.)
- Accounting (e.g. QuickBooks, PeachTree, etc.)
- E-mail (e.g. Exchange server, Outlook PST folders, etc.)
- Company Data (e.g. tax records, databases, photos, etc.)
- Client Data (e.g. project files, client records, etc.)

3. Develop a specific disaster plan.
Every business is unique, so a “cookie cutter” approach rarely works well. You need to map out precisely who will do what if some sort of disaster occurs. Who will be in charge of making certain that important documents and data are safely secured? Who will be responsible for removing/safeguarding critical equipment? Where will you setup temporary operations if you cannot get into your current office location? These are all parts of a disaster recovery plan (DRP) and business continuity plan (BCP).

4. Know how your data is backed up.
Do not assume anything!
- If you use tapes, find out where they are stored and how old they are (hint: tapes melt above 125 degrees Fahrenheit and should be replaced every 6 months). Tapes should follow a Grandfather-Father-Son (GFS) rotation schedule for daily, weekly & monthly backups.
- If you use CDs/DVDs/USB drives, be sure you store to protect the media from loss or damage. Keep in mind that if the building is damaged, your CDs/DVDs/USB drives might be lost as well. Since these devices are highly portable, they are also easily stolen and are most likely not encrypted. This is an area of liability that most businesses neglect to address and is simply dangerous.
- If you store your data off-site, be sure it is in a secure data center. Ideally, off-site storage should be in a data center in a separate geographic region, unaffected by your weather patterns. If a hurricane hits, it makes sense to have your data stored outside of a hurricane-prone region. Ideally, data should be stored on a different electrical grid and area of different weather patterns.

5. Test it to make sure it works.
This is common sense, but this step is generally the most overlooked part of a disaster recovery plan. Businesses assume they are protected and that gets them into trouble. The last thing you want to find out is that your backup tapes had errors or an entire database was missing from the backup sets. The only way to know for sure is to do a “dry run” where you recover data and make sure the data can actually be opened. Testing data recovery should be done at least quarterly.

These steps will help you not only with data loss from natural disasters, but everyday threats of data loss from human error to hackers to viruses. If you have a plan and you test it, data loss can be reduced from a catastrophic event to a mere annoyance.

Website upgrades

TeamLogic IT upgraded the Beaverton (www.teamlogicit.com/beaverton) and the Vancouver (www.teamlogicit.com/vancouver) websites. The upgrade showcases our managed services and other IT support services we provide to local businesses. You can also learn more about SystemWatch at www.pdxmsp.com to see how managed services can benefit your organization. It is well worth a few minutes - enjoy it with a cup of coffee!

The Top 5 questions you should ask your IT provider, but don’t know to ask.

Providing an industry insider perspective is always a pleasure, since I enjoy helping out other business owners and managers. It is understood that making assumptions is dangerous, so here is a list of questions you should be asking your current IT provider:

1. Is my network secure?
If you do not already know the answer, then the answer is no. If there is any doubt in your mind, then the answer is no. That might sound harsh, but it really is that simple. The sad reality is ignorance is not bliss and it takes a concerted effort by both management and IT providers to establish a secure network and to keep it that way. If you are not currently aware of the security status of your computers and network, then it is a safe bet there are significant vulnerabilities on your network.

What does that mean? In a simplistic overview, a “secure” network covers protection against both manmade and natural threats. Since threats are constantly evolving, so must the steps to protect a company’s resources. Interestingly enough, this does not have to be an expensive proposition. The most cost effective preventative measures are user education and keeping systems up to date with software patches.

2. Have you tested my data backups to see if they work?
This is the most important question you should be asking. It may not seem like common sense, but the actual act of performing backups is only part of the battle. People generally do not bother to check and see if the backups actually work. It is surprising how many people thought their backups were being done, but when the time came to recover they find out the backups either were failing or were simply not running. If you cannot recover from your backup media, then all your expense in performing the backups (hardware, software and man-hours) is for naught.

Try this on for size - the average failure rate for recovering from tapes is 30%. This means you only have a 7 in 10 chance of successfully recovering data from tape backups, even when the backups are being performed properly. From the simple business terms of data loss, a 70% chance of recovering critical data is quite abysmal in terms of potential financial ramifications from the loss of critical data.  Additionally, did you know you should replace the tapes at least every 6 months? There are better solutions out there, so ask your IT provider for guidance.

What other solutions are there? The most reliable method for backups is currently off-site storage, where data is remotely backed up via the Internet to a secure data center. These not only verify the data, but they eliminate both the human error of remembering to do the backups and the physical problems associated with magnetic tapes.

3. Am I protected from viruses & spyware?
Yet again, this is another loaded question. I am constantly amazed how many businesses have outdated antivirus software and therefore have some level of compromise. According to a recent study by the FBI, while 98% of businesses have antivirus software 68% of businesses reported virus outbreaks. How can this be?

Unless you are tracking the status of each system on your network, there is a very good chance some of your computers are running with either no antivirus or an expired license. An expired license does not allow users to download new virus definitions, which protects the computer from new threats – it is equivalent to having no antivirus software at all. There are dozens of new viruses, spyware and other malicious programs released “into the wild” each week by hackers. Since hacking is now big business, international crime syndicates (organized crime) are behind most new viruses. They write viruses to take control of your computers to do many things, including identity theft, using your computer to send out spam, or use your Internet connection as a means to attack other computers. It is frightening stuff.

4. Where is my network documentation? (contingency plan)
Do you have a simple reference for your network configurations, passwords, account numbers, and other pertinent information to keep your network operational? If not, do you feel as though you are being held hostage by your IT provider? It is quite common to feel afraid wondering what would happen if you switched IT providers based on not knowing anything about your network. It is actually very easy to document a network so that you can be confident that you own your network and can change providers with ease. You should store a hardcopy printout of your network documentation and keep it in a safe place.

5. What am I getting for my money? (Preventative maintenance)
Unless you sit down with your IT provider and have a Computer Lifecycle Plan (CLP) worked out, there is a good bet that your IT provider is merely service you for reactive maintenance. Reactive maintenance is basically keeping you running. With a focus on preventative maintenance, your IT provider should be helping you plan out the lifecycles of your computers and helping match your technology needs with the proper tools to support your operations. That really is the difference between having a contractor and a partner. A contractor is going to come when you call, but a partner is going to look out for your best interests and help serve as a guide where they are professionally skilled.

The main thing to remember is that is it okay to ask questions. As a professional, your IT provider should welcome your interest and concern. Remember that we are there to serve you.

What are managed services?

A recent study by the Gartner Group revealed the Total Cost of Ownership (TCO) for an unmanaged computer over a three-year lifespan is $5,309, while the cost of a managed computer over the same timeframe is $3,335. This equates to a cost savings of $1,974 by having managed computers. Managed services has been in place within corporate America for years and is now accessible to the Small and Medium Businesses (SMBs) that need help maintaining their network infrastructure.

Simply put, managed services is the practice of clients transferring day-to-day related network management responsibility to an outsourced provider as a strategic method for improved effective and efficient operations.

• Network management refers to the activities, methods, procedures, and tools that pertain to the operations, administration, and maintenance of networked systems.
• Operations deals with keeping the network (and the services that the network provides) up and running smoothly. It includes monitoring the network to spot problems as soon as possible, ideally before users are affected.
• Administration deals with keeping track of resources in the network and how they are assigned. It includes all the "housekeeping" that is necessary to keep the network under control. This can be as simple as adding or removing users or as complex as managing permissions and audits.

Maintenance is concerned with performing repairs and upgrades. Examples of maintenance include when equipment must be replaced, when a router needs a firmware upgrade, or when a new switch is added to a network. Maintenance also involves corrective and preventive measures to make the managed network run "better", such as adjusting device configuration parameters.

If you would like to learn more about managed services, take a few minutes to visit http://www.pdxmsp.com

Launch of PDXMSP.com

TeamLogic IT is pleased to announce the launch of PDXMSP.com (Portland Managed Service Provider) to highlight SystemWatch, TeamLogic IT's flagship suite of managed service tools for Small and Medium Businesses (SMBs).