Category

Tech Tips for Business Owners

Data with Lock

The Ransomware Plague in Hospitals and Healthcare

By | Backup News, Business Tips, HIPPA, Security, Small Business Computing, Tech Tips for Business Owners | No Comments
by Calyptix, June 1, 2016

The Ransomware Plague in Hospitals and HealthcareFrom pirates to mobsters to petty criminals, kidnapping for ransom is nothing new. We’re all familiar with the process – a person is abducted, the abductor demands a ransom, the ransom is paid, and then the person is released.

Now this age-old form of extortion has evolved into the technological world as ransomware.

Ransomware criminals employ the same principles as their predecessors but with a twist: the kidnappee is data.

The kidnapper in this scenario is crypto ransomware, a malware variant programmed to encrypt and lock data. After a company’s records are locked, the infected computer displays a note that demands ransom.

The perpetrator will only unlock the files once the ransom has been paid in full.

The Ransomware Plague in Hospitals and HealthcareRansomware in Healthcare

The healthcare industry in particular has been struck by a recent spate of ransomware attacks.

With few exceptions, the companies are reluctant to release specific details, leaving the investigating to the FBI.

UMASS Memorial Medical Center

An employee at UMass Memorial Medical Center in Worcester opened an email laced with ransomware last fall, resulting in dozens of locked hospital files on several different computers.

A ransom note was promptly displayed on the hospital monitors.

The hospital chose not to pay ransom, removing all of the encrypted files instead.

Security professionals later restored the system with backup files.

In response, Chief Information Security Officer Bruce Forman outlines his plan to install advanced, persistent threat software that will identify malware based on its behavior.

The Ransomware Plague in Hospitals and HealthcareHollywood Presbyterian Medical Center

On February 5, 2016, hackers locked patient files at Hollywood Presbyterian Medical Center and demanded ransom for access.

The hospital opted to shell out 40 bitcoins – approximately $17,000 – for the encryption key before calling the FBI.

The hospital was off-line over a week.

Emergency room systems, and computers used for CT scans, lab work and pharmacy needs were were all affected by the attack.

Some 911 patients were even sent to other hospitals.

The International Business Times later reported that a group of Turkish hackers had claimed responsibility for the attack via the text-sharing site Pastebin, threatening more attacks as long as the U.S. supports Kurdish rebels.

The claim is unverified however.

Prime Healthcare ManagementThe Ransomware Plague in Hospitals and Healthcare

The Los Angeles Times reported ransomware attacks on March 27, 2016 at two Prime Healthcare Management, Inc. hospitals: Chino Valley Medical Center in Chino, CA, and Desert Valley Hospital in Victorville.

Spokesperson Fred Ortega said the attacks were “immediately addressed and contained,” and no ransom was paid.

The FBI is still investigating.

A third Prime Healthcare facility, the 306-bed Alvarado Hospital in San Diego, was also infected by a crypto virus on March 31, 2016.

The Ransomware Plague in Hospitals and HealthcareMedStar Health

On March 28, 2016 Columbus, MD based provider MedStar Health shut down its database and email after a viral attack.

The provider operates 10 various hospitals, serves hundreds of thousands of patients, and has over 30,000 employees.

MedStar Health claims no information was stolen, and hasn’t labeled the culprit as ransomware, but The Washington Post reported they received a screen shot of a ransom demand for 45 bitcoins – or roughly $19,000 – from a MedStar employee.

The shutdown forced staff to go old-fashioned, relying on paper charts and records. Appointments and surgeries were also delayed.

Other healthcare organizations targeted by ransomware attacks since February, 2016 include the Los Angeles Health Department, Ottawa Hospital in Canada, Methodist Hospital in Henderson, Kentucky, and King’s Daughter’s Health in Madison, Indiana.

In each case, spokespeople reported the systems were shut down, but later restored with back-up files.

The Ransomware Plague in Hospitals and HealthcareWhy is healthcare a target?

In general, ransomware attacks are becoming more prominent because they are successful.

In 2012, a server of 5,700 computers was locked – all on the same day according to United States Computer Emergency Readiness Team.

Symantec analyzed the data and determined 2.9% of the users with locked computers had paid an average ransom of $200 per computer.

While this may be true of ransomware overall, many healthcare organizations claim they actually aren’t paying ransoms.

But some are.

Medical professionals rely on computer access for everything, from critical patient information like allergies and lab results to operating schedules.

The Ransomware Plague in Hospitals and HealthcareLocking access to records can literally be a life or death situation.

Healthcare organizations may be targets not because of their industry, but because of the types of applications they use according to Craig Williams of Talos Research in Arstechnica Report.

He suspects ransomware perpetrators scan the internet for vulnerable servers, finding many in the healthcare trade.

The increase in crypto virus attacks is also caused by the antiquated security systems employed by many companies according to Zach Forsyth at Comodo.

Healthcare organizations are relatively new to the digital game, and their security systems lack the maturity of those in the financial and technology industries.

Criminal attacks on healthcare organizations increased 100 percent between 2009 and 2013 according to the Ponemon Institute.

The trend of attacks against the vulnerable healthcare industry shows no signs of slowing. In fact, ransomware is emerging as a popular crime , states Ben Desjardin’s post on Radware.

The Ransomware Plague in Hospitals and HealthcareHow do ransomware attacks happen?

Some ransomware attacks gain access through phishing, or luring a user to click on a contaminated email or link. Vulnerable servers can also be targeted remotely.

A recent ransomware campaign against the healthcare industry in March, 2016 was under the scope of Cisco Talos Research.

Perpetrators used the open source tool JexBoss to gain traction in a server. Upon access, a ransomware variant named SamSam encrypyted multiple Window systems.

Another malware distribution method, Ransom as a Service (RaaS), emerged in 2015.

Criminals download the ransomware app builder and customize it according to the Microsoft Malware Protection Center.

Ransom MLIS/Samas also emerged early in 2016, with criminals using a penetration testing attack server that searches to exploit vulnerable networks, and uses a publicly available tool called reGeorg for tunneling.

The Ransomware Plague in Hospitals and HealthcareMSPs and VARs Beware!

It’s not just healthcare providers who should worry about their records being locked. Managed Service Providers and Value Added Re-sellers that service the healthcare industry are also at risk.

HIPAA Regulations for IT Compliance instruct that any business involved in the creation, maintenance or monitoring of electronic protected health information (ePHI) is subject to the Security Rules of HIPAA.

Compliance requires that the confidentiality and integrity of ePHIs remain intact.

Because ransomware locks files rather breaching their integrity, the jury is currently out on whether HIPAA-affected organizations have to report crypto virus attacks to the Department of Health and Human Services’ Office for Civil Rights.

It’s possible that attackers have determined ransomware victims might pay up if they can be assured the data has not been stolen, and therefore they may not have to report the breach.

The Ransomware Plague in Hospitals and HealthcareWhat can you do?

A simple solution is to back up your files. If you can access what a criminal has encrypted, you can continue to do business.

Train your employees to never click on suspicious emails or links. In addition, a strong password policy should be implemented throughout the company.

Third Tier produced a ransomware protection kit they’ll mail to you in return for a donation that supports females who want to work in the IT field.

Other remedies include installing a multi-tier defense architecture that checks software multiple times for vulnerabilities.

Web scanning can stop your system from accessing malicious sites as well.

Whitelisting is an effective tool that only allows specific, approved programs to run.

Employees can be granted a “least privilege user account,” which means they are not given administrative privileges to their computers.

Ransomware Prevention can also include blocking malicious TOR IP addresses, and testing restores.
Once your security system is set up, do not ignore it – maintain it. The Red Hat-supported JBoss server application was reported vulnerable in 2007 according to The HIPAA Journal.

A patch to correct the vulnerability has existed for almost ten years, and had it been applied, a number of ransomware attacks could have been prevented.

Data with Lock

Top 5 Sources of Security Incidents in Retail

By | Security, Tech Tips for Business Owners | No Comments
by Calyptix, April 13, 2016

computer-security-incident-oopsPeople tend to assume that hackers or other malicious actors are behind the security incidents and data breaches we hear about in the news.

While it’s true – thousands of criminals try to steal data every day – it’s also true that many security incidents are caused by employees.

Employees are the number-one cause of security incidents in the retail and consumer industries, according to the results of the Global State of Information Security Survey (GSISS) 2016 from PwC.

The survey, conducted from May to June 2015, is comprised of responses from more than 10,000 executives of security practices from 127 countries.

Before we dive in, it’s worth noting that the chart applies to security incidents and not data breaches. The terms are slightly different:

  • Security incident – An event that violates a security policy or otherwise puts an asset (such as customer data) at risk. This is a general term and can include network scans, malware infections, or a breach of customer data.
  • Data breach – A confirmed disclosure of sensitive data to an unauthorized party.

security-incident-sources-retail-chart

The top 5 sources of security incidents

Source #1. Employees

Current employees were reported as the greatest perpetrators of security incidents in the retail and consumer industries by those surveyed. The number was 30%, down 12% from 2014.

Employees pose both an intentional and accidental security risk.   They have an insider advantage if they choose to steal data.  But they often compromise their company’s cybersecurity unknowingly.

spear-phishing-security-incidentSpear phishing

Many retail and consumer industry cyber-attacks are initiated when an employee opens an email sent from a villainous source, who tries to trick the recipient into providing personal information, such as logins and passwords.  The act is called spear-phishing, and it arrives as an email that appears to be sent from someone an employee knows.

When the employee opens an attachment, or clicks on a link embedded in the email, associated malware instigates a cyber-attack.  When high-level employees are targeted by this technique it is sometimes called “whaling.”

Spear-phishing has been the point of entry for cyber-attacks on Anthem and Sony.  Stolen data included personal health information, employee social security numbers, and thousands of leaked internal documents.

A 2012 paper by Trend Micro Incorporated found that spear-phishing was involved in 91% of targeted attacks.

Careless or poorly trained?

In 2013 Deloitte reported that up to 90% of user passwords were easily hackable. Splashdata’s 2015 “Worst Password List,” comprised of the 25 most common passwords on the internet, are easily guessable, and therefore highly vulnerable.  They include “123456,” “baseball,” and “password.”

Employees of retail and consumer organizations often put their company’s data at risk by performing work tasks on their own personal devices, often accessed through unsecure WIFI.  They might send work documents to personal email accounts, bypassing security precautions initiated by their employers.

A perceived decrease in retail and consumer employee security incidents could be due to increased employee training.  In addition, more companies are paying vigilance to firewalls, and many businesses require employees to change their passwords on a regular basis.

former-employee-security-incidentSource #2. Former Employees

Former employees are ranked 2nd in the GSISS for security incidents in retail and consumer organizations. Down to 26% in 2015 from 30% in 2014, its share fell 13%.

If employment ends on unhappy terms, it’s easy to imagine an employee with inside information, a grudge to bear, and a lack of morality could be a danger to the company’s security.

A 2009 survey by the Poneman Institute found that 59% of ex-employees surveyed claimed to have taken company data with them when they left their position.

The phenomenon is not limited to retail organizations.

In January 2015 a former employee of the U.S. Nuclear Regulatory Commission and the Department of Energy (DOE) was charged with sending 80 spear-phishing emails to DOE employees seeking sensitive information in exchange for money from a foreign embassy.  He had been terminated by the NRC in 2010.

A former employee of the U.S. Embassy in London was charged in August 2015 with seven counts of computer hacking to extort, one count of wire fraud and nine counts of cyber-stalking.

Those surveyed could be responding to increased company diligence to eliminate logins and passwords of employees immediately upon their termination.  Companies are also improving their data encryption, and many have dedicated IT security personnel that help prevent former employees from taking information with them when they leave.

Source #3. Service Providers, Consultants, Contractors

The survey respondents reported a 21% increase, from 19% to 23%, in retail security incidents caused by current service providers, consultants, and contractors, also known as third parties.

Third party contractors include any outside organization hired by a company.  Third parties run the gamut from lawyers, to electricity providers, to security providers.

As reported by Krebs on Security, the 2013 Target heist that compromised the credit and debit accounts of millions of people was orchestrated through network credentials stolen from one of their Heating, Ventilation and Air Conditioning Contractors.

Cloud security risks can also rise when a retailer uses a third party vendor, since the retailer rarely knows the veracity of the vendor’s employees and partners.

security-incident-source-hackersSource #4. Hackers

The GSISS attributes 21% of retail security incidents to hackers in 2015, up from 20% in 2014.

Hackers perpetrate direct attacks.  Their goals are as numerous as they are varied.  They can be nation-states, lone wolves, and hacktivists, who break into databases on what they see as benevolent missions.

Hackers break into databases to steal personal identities and financial information as an act of theft. Most hacking is done for profit, but some people hack for the personal challenge of breaking into systems that are thought to be secure.

The collective “Anonymous” hacks to fight perceived internet censorship. Hackers might have political motivations, and target electrical grids or other civic infrastructure.

In 2015, 21.5 million people had information stolen from the U.S. Office of Personnel Management by hackers.  The New York Times reported the suspect is China, but it is unknown whether the crime was committed by the government or individuals.

Hackers also target intellectual property, or business secrets.  As various segments of government and corporations have become more sophisticated in their ability to fend off cyber-attacks, hackers have sought to invade industries with less sophisticated cyber defenses.

In 2014 hackers compromised the point of sale system at Home Depot with custom built malware that breached the integrity of 56 million unique payment cards.  It’s estimated the cost to Home Depot will be approximately $62 million.

In addition to retail and consumer firms, U.S. law firms have suffered increased hacker attacks in the United States because they are in possession of potentially lucrative information, and lag other professions in cyber security.

In a recent survey reported by Legal Tech News, less than half the law firms surveyed had intrusion detection systems, email encryption on all their services, or logs of employees who accessed public health information.

Source #5. Organized Crime

Those surveyed identified a minor increase, from to 18% in 2015 from 17% in 2014, of retail and consumer organization security incidents by organized crime, the final group identified in the GSISS report.

According to the report, some in the financial industry believe that increasingly, cybercrime is a collaborative effort between foreign nation states and organized crime.

The FBI reports a sampling of the organized criminal threats to the U.S. include groups from Africa who perpetrate financial schemes, Russian mobsters who moved to the U.S. after the collapse of the USSR, and Asian groups including the Japanese Boryokudan.

A white paper written by The RAND Corporation notes that black markets where data is sold are growing in complexity and size, and that hackers are morphing from random individuals to sophisticated, financially driven groups, often associated with traditional crime groups such as mafias and drug cartels.

The dangers are real, and the smart money is on those who exercise continuous vigilance on the cyberfront.

Data with Lock

6 Password Tips to Protect Against Business and Identity Theft

By | Security, Tech Tips for Business Owners | No Comments

Ah, those pesky passwords. If you work in the corporate world or in an office, you have one for your PC/Network and, unless there is a password synchronization application that combines them, you probably have more than one for other applications. Add those to the ones that you have for your home Internet, your banking and other websites that require passwords, and before you know it you have a nightmare on your hands in trying to manage them. How easy a target are you for business and identity theft?

Part of the frustration has to do with the different requirements for password formatting. Some systems only require four characters, some require eight. Some need a combination of alpha and numeric characters and others do the same with the addition of a few capital letters thrown in for extra security. It can be positively maddening.

The worst thing you can do with your passwords is to place them in a text document which can be accessed on the hard drive of your computer. Your files are vulnerable to business and identity theft- even if you think they are not. If someone is intent on finding them, they can. Even if you place them into a password protected document, those can be cracked, too.

Writing them down has its own vulnerabilities, too, and there are varying opinions on this practice. If you do write them down on a piece of paper, put the document in a locked location whether it is in your home or at work.

Here are 6 tips on how to handle your passwords to protect against business and identity theft:

1. Make them complex. People who use easy to remember or short passwords are inviting disaster. Use a little imagination and pick a password that is very difficult to attach to your life. Stay away from birth dates, phone numbers, house numbers, or any other number that is associated with your life.

2. Keep passwords unique. When you change your passwords, make them unique from each other. Do not use the same password on all of your sites. If you do, then you are open to having every site that you have a password to being vulnerable to hackers to log on and steal your identity, money or destroy your reputation.

3. Be obscure. Use a combination of letters, numbers, capital letters and special characters if possible. The more you do this, the more secure your passwords will become. Create an alphanumeric version of a term you can remember. Using this technique the word “Spaceship” becomes “Sp@ce5h!p”.

4. Change regularly. This is the singular tip that can save you if you do not heed any of the other tips. How often should you change your password? How secure do you want to be? The frequency with which you change your password will determine how secure you are from becoming a victim. The more often you change it, the better you are. The longer you leave it the same, the more vulnerable you become. Three months is a good cycle for a password, but certainly if you fear for the security of your identity, then a monthly change is not out of the question.

5. Password-protect your PC. Be sure to give your PC a password on power-up. This will help protect your files unrestricted access to your PC.

6. Password-protect your wireless home network. If you have a wireless home network, be sure to password protect it as well. Use the same principles above in order to secure your wireless network. This will prevent others from accessing your connection and using it maliciously to hack the personal or business PCs and laptops you and your family use at home.

Finally, there are password programs that can help with this important task, but the best advice is to start with the tips above right away. Password software can be useful as an organizational tool, but it is no match for using sound methods to manage and make your passwords difficult to crack.

 

Creating a Business Continuity Plan For Your Small Business

By | Backup News, Tech Tips for Business Owners | No Comments

Is your business prepared for any type of disaster? Even though small businesses may not have as many employees or as much equipment, they are still as vulnerable to disaster as a large corporation. If your business office were to be destroyed by a tornado, you could lose valuable business if you don’t plan ahead. Many businesses don’t want to take the time and the expense to prepare a business continuity plan, but can you really afford not to make one?

Make a List of All Possible Disasters

The best place to start is to list different types of disasters and try to determine what could be lost in each case, and what you can do to prevent that loss. A flood will require different strategies from a power outage or a fire. Next, try to estimate how long it would take, and how much it would cost, for you to get your business up and running again.

Communication

The middle of a crisis is not the time to frantically search for phone numbers. Even small businesses need emergency contact numbers. Have all emergency contact numbers posted or programmed into every phone. Do you have an alternate mode of communication should your main phone lines shut down? Could your clients seamlessly contact you without ever knowing that your office was in the middle of disaster recovery? The same principal applies to email and fax. Making arrangements regarding communication are critical to keeping your business running smoothly. Communicating with staff and clients can mean the difference between complete shutdown, or minimal a business interruption.

Preserving Your Data

In the event of a disaster, it is important to know that everything you need to function as a business is available. Identify all vital systems, documents, and data. While it is important for every business to backup their data on a regular basis, what if a fire destroyed your office? For this reason, offsite storage is critical to preserving your business’ valuable information. Offsite data storage allows to access to all of your stored data from any computer and from anywhere in the world.

A Temporary Worksite

It is also important to plan for a temporary worksite. Depending on the goods or services your business offers, can you continue smooth operation if your office is shut down? Storing products in a second location can allow you to maintain your regular business schedule.

Test Your Plan

One of the keys to successful disaster recovery is testing your business continuity plan on a regular basis. It is important that you and your staff know exactly what to do, where to go, and how to access the necessary items you need to keep your business running smoothly to the outside world, even if you are standing in the middle of a disaster. Schedule regular plan tests to ensure that everyone in your office is on the same page and ready should disaster strike. Hopefully, you will never have to use your business continuity plan, but it is smart business to be prepared for any emergency should one arise.

Wireless Router

Network Connectivity Troubleshooting

By | Tech Tips for Business Owners | No Comments

To most computer support persons, having problems connecting to the Internet via a router and a high-speed connection is not a major issue. However, for those who do not understand some basic technology concepts, solving connectivity problems will be a struggle. The following will give you some tips of where to look for network connectivity problems and how to perform some basic network connectivity troubleshooting tasks.

Most of the initial steps of this process are common-sense and incredibly basic, but you would be surprised at the number of calls to help desks that are solved simply by having someone turn on a power switch or plug in a cable to a device!

  1. Check the power. Make sure that the power is turned on to your router and that you can see some visible signs of that power on the front of the unit. Usually green or yellow lights flash or stay on constantly when the unit has power. If you do not have any of those, check the electrical outlet for power. Plug in a radio, clock, lamp or other device to see if the outlet is ‘live.’ If so, continue on to the next step. If not, check your electrical box to make sure that your circuit breakers have not tripped because of an overload or other electrical issue.
  2. Check the router. If you still get no lights on the front of your router, then unplug it from the electrical outlet and wait for a while (15 minutes to half an hour) and plug it back into that same outlet. Most of these have what we call ‘wall-wart’ type power supplies that have the square-ish black block on the end which plugs into the wall outlet (or power surge suppressor). Sometimes these can go bad. If you cannot get any of the lights to come on at all on your router, even if you test it in a known “good” wall receptacle, it might mean that the power supply or router itself is defective.
  3. Check the cables. Now, if you have confirmed that the electrical outlet is working properly and you are getting lights on the front of your router, then you need to check the network cable between your PC and your router. If you have a wireless router and are having trouble connecting by that method, then you need to troubleshoot first by trying to connect with a hard-wired connection, as it is easier to troubleshoot a hard-wired connection than a wireless one (once you have successfully established connectivity through a wired connection, you can resume troubleshooting wireless connectivity). Normally, your router should include at least one network cable for connecting devices directly to it. Use this cable to connect your PC to your router.. On the front of the router are a series of lights (these differ in color by manufacturer) which indicate the presence of a network connection over the network cable (or Ethernet cable) between your PC and router. Locate the network cable which runs from your router to your PC and unplug it from the back of the router. Does one of the lights go out? If so, that is a good sign. If not, then go to the PC end of the network cable and locate where it connects to your PC. Right around this connection there are usually a set of led lights indicating a network connection. By removing your network cable from the PC, you should see the lights go out. And, with your PC powered on, removing this cable will also usually cause a message to come up on your Windows-based PC indicating that your network connection has been lost. If this happens, then it appears that at least your router and PC are ‘talking’ to each other. This is usually noted by the ‘flashing’ activity of these lights.
  4. Reboot both your router and your PC. Sometimes a simple reboot will clear up any anomalies between network connections, and this will always be a step any help desk, ISP or router manufacturer’s support personnel will ask you to try.

Confirming the connectivity with the Internet was the focus of the first three steps in our process. We now continue with the remaining steps to help you discover what the problem with your Internet connection might be.

  1. Check functionality. Once the network cable has been confirmed to be working correctly, we need to see if the router is working correctly. Since you have already unplugged and re-plugged the router in and rebooted both it and your PC, that should have taken care of any automatic configuration issues that might have become hung up. High speed Internet providers can change the network address (also called the IP address) of your router at any time. This usually requires a re-boot of your router (and sometimes of your PC) in order to pick up that new address and begin communicating. Also, there are other network addresses that are used to get outside to the Internet that are automatically configured as well, but we will deal with those in a later step.
  2. Test functionality. If after you have rebooted the router and PC and performed all of the steps above, but it appears that you are still having problems, make sure that you try other ways to get outside to the Internet by launching your email program (if you use one). If it works, but your Internet browser still does not, then something is preventing your Internet browser from resolving website addresses on the Internet.
  3. Check virus software. When was the last time your PC performed an automatic update or a scan for viruses? Can you try to force an update now? Is it successful? If it has been a week since the last check for viruses, run a full system scan. If this does not work and no viruses are detected, move on to the next steps.
  4. Try another system. Do you have another PC or laptop that you can plug in to your router to try and get out to the Internet, or do you know anyone else with a laptop PC who would be willing to bring it over to see if they can plug into your router and get out to the Internet? If so, that will confirm if you have a good working router and cabling. If you or they are able to get out to the Internet, then the problem lies with the original PC you were troubleshooting.
  5. Contact your Broadband Service Provider. If you cannot get out to the Internet with another PC or Laptop, work with their support staff to troubleshoot the connectivity issue.
  6. Final options. If all else fails, take your PC to another location like a friend’s house or a relative who has high speed Internet access. Plug into their system and see if the PC will access the Internet. Another option is to take your PC to a local shop to have it examined for any virus or spyware software that is not being detected but is preventing you from accessing the Internet. Usually, these local PC repair companies have the software tools to help detect and eradicate these problems.

Troubleshooting a connection for your PC can be a frustrating thing to do because there are so many variables to address. Be patient, and follow the above steps and hopefully you will find the source of your problem sooner rather than later.

Click here to learn how Kubicek Information Technologies can help with your network connectivity troubleshooting problems with our Reactive Response and PC Repair Services for your business in Cumming, Suwanee, Alpharetta, Johns Creek and surrounding Metro Atlanta.

How to Create a Basic Businesses Disaster Recovery Plan in 4 Steps

By | Tech Tips for Business Owners, Uncategorized | No Comments

Loss of data is a common problem for businesses. Fortunately, it’s a problem that can easily be avoided with the correct preparation. While devastating amounts of data can be lost during catastrophes like hurricanes, terrorist attacks, fires and floods – it doesn’t take such large events to cause a business to lose important data. It can be as simple as dropping a laptop to the floor, or a power surge that results in burning out a storage device. If you don’t have your crucial data backed up, even a small situation can turn into a disaster. That’s when having a business disaster recovery plan can help.

If you still think natural disasters are the leading causes of data loss – and that the chances of it happening to you are pretty slim, take a look at the results from a study by Strategic Research Corporation of the leading causes of business continuity and disaster recovery incidents:

  • Hardware Failures (servers, switches, disk drives, etc) – 44%.
  • Human Error (mistakes in configurations, wrong commands issued, etc) 32%
  • Software Errors (operating systems, driver incompatibility, etc)14%
  • Viruses and Security Breach (unprotected systems are always at risk) 7%
  • Natural Disasters 3%

Establishing a disaster recovery plan can be done in the following four steps:

1) Take a potential risk inventory. Make a list of every potential cause of data loss and the solutions to each. Your list should include losses that won’t affect the business very much, and those that would shut the business down temporarily or permanently. Information Technology experts can assist you with creating the potential risk inventory – as they will have the knowledge and experience to identify possibilities that you are not likely to think of but need to plan for all the same. These IT experts will also be able discuss preventative solutions to guard against each type of potential data loss.

2) Rate each of your potential data loss situations. How likely is it for each of the items on your risk inventory to occur? Rating them in order of importance and likeliness to occur will help you determine where to focus your disaster recovery plan efforts.

3) Develop your disaster recovery plan. Go through each of your potential risks and their solutions, and determine how long it would take you to recover from the loss of data for each risk. Could your business be offline for 24 hours? A week? Depending on the nature of your business, being offline for even just 24 hours could result in your losing customers to your competition. Look at ways to reduce the length of time it would take you to recover from each type of data loss risk.

4) Put your disaster recovery plan to the test. Once you’ve created your plan of action for recovering lost data, you should test your solutions. A disaster recovery plan is just a plan until it can be tested and proven.

Click here to learn how Kubicek Information Technologies can create a business disaster recovery plan for you with our Disaster Recovery and Business Continuity Services for your business in Cumming, Suwanee, Alpharetta, Johns Creek and surrounding Metro Atlanta.

Benefits of Outsourcing for Technology Services

By | Business Tips, Tech Tips for Business Owners | No Comments

Most business entrepreneurs have great talent and the means to run a very successful business. The snag they most often run into is the belief that they can do it all. This mindset can be detrimental to the overall success of their business. Trying to do it all can lead to hindered growth, lower profit margins and in some cases failure. Outsourcing for things like technology services creates an opportunity for both the business entrepreneur to focus on what they do best.

In order to create a business that is structurally sound, expandable and profitable, business owners should focus the majority of their time and energy on their personal talents and skills that are most important to the growth of their business and those skills that will most help in the generation of income. Instead of trying to do it all they can most benefit by delegating certain tasks – and outsourcing for technology services is one of them.

Outsourcing has become very popular and with technology today like the Internet, outsourcing is easy and accessible. Companies can find extremely qualified candidates from around the world right at their fingertips. Many highly trained individuals have left the corporate world and are available for hire as contractors. Expertise in just about any area a business may need is available. Examples include virtual assistants, graphic designers, IT specialists, accountants, marketers, Public Relation specialist, writers and so much more.

Some of the best tasks to outsource include those that are highly skilled tasks or those have that require trained expertise. For example if you have no knowledge of your IT needs or how to build and maintain a company website, hiring a specialist will be much more cost effective that you spending hours trying to teach yourself. Initially, your cost for this type of work might be a bit high, while the contractor helps to access your needs and builds your site. Down the road however, you most likely will be able to outsource our IT needs on a maintenance basis.

Highly repetitive tasks are also good ones to outsource. Data entry or accounts payable and receivable are jobs that you most likely can do, but they will only slow down your own productivity. Many times you can hire a virtual assistant to help you in these areas for just a few hours a week. This will not be overly costly and will inevitably free you up to work on other areas of the business that would most benefit from your attention.

Executive expertise is another area to consider outsourcing, especially if the business owner does not have great knowledge in this area. Someone that can take a hard look at your business plan, profitability margin and any ideas you have for expansion can be of great insight. Many times businesses will hire someone to come in and look over these items just once a month, quarterly or yearly. Their consultations can lead to new innovative ideas that could lead your business to new expansions, higher productivity and higher profit margins.

Most often, the cost advantage far outweighs what you will actually pay out to contractors. Most companies that rely on outsourcing do much better than their competitors.

Click here to learn how Kubicek Information Technologies can help you focus on running your business with our Staff Augmentation and Onsite Placement Services for your business in Cumming, Suwanee, Alpharetta, Johns Creek and surrounding Metro Atlanta.
iPad

Is the iPad Useful as a Mobile Computing Device for Businesses?

By | Tech Tips for Business Owners | No Comments

Some businesses have jumped on the iPad wagon and are finding creative ways to use the iPad as a mobile computing device. For example, the Global Mundo Tapas restaurant in Sydney, Australia uses the iPad as an interactive menu. There’s a budget airline, Jetstar Airways, using the iPad for in-flight entertainment, rented for $10 a flight. A luxury sedan by Hyundai comes with an iPad instead of a user manual. Other than these extreme cases, how can an iPad be used to increase productivity or convenience by the average business owner?

Conventions and Workshops

Do you travel to conventions and workshops for your business? Many people bring their laptop to these events. While laptops are of course very convenient compared to a desktop pc for traveling, the iPad weighs less and could be even more convenient if you’re traveling from room to room at a convention or workshop. These events are also often designed for networking – so you’re not just sitting at the table all day, glued to your laptop. The smaller, 2 pound iPad could be slipped into your purse or a small bag while you walk around the room, or even carried in your hand for easy access as needed, but without being cumbersome.

Flights and Traveling

It’s true a laptop can go on a flight with you, but even the smaller netbooks and laptops add to the weight of your carry on bags and can be frustrating when in the small seats of the plane. If you’re sitting in coach, you know every time the person next to you has to get up to use the bathroom you’re trying to balance the laptop and whatever else you happened to have out in your hands with turbulence knocking you around the aisle. The iPad could be slid into the pocket of the seat in front of you if you have to get out of the way for the passenger next to you – it’s about the size of a magazine.

The same holds true on trains, in taxi cabs, or as a passenger in someone else’s car. Just don’t try to use your iPad while driving, yourself.

Presentations & Sales

Do you travel to client offices to give presentations? How sleek would it be to whip out your iPad and give a sales presentation or demonstration? Apple reports that iPads can connect to the majority of projectors, so you could even broadcast that presentation over a large screen for a larger audience if necessary.

Replace Your Briefcase

Sure, the iPad has a word processor and spreadsheet. Those are always useful for business people. It would be much more convenient to read and edit documents on an iPad over your iPhone while on the road.

But what about the stack of magazines and newspapers you lug around with you in your briefcase? You could have all of your reading materials ready for you on the iPad and skip the briefcase. Use it as an ebook reader, newspaper subscription, and file storage and you’ve literally got everything at your fingertips. With the use of third party Apps, there’s little you can’t do with the iPad for as a mobile computing device for your business.

Click here to learn how Kubicek Information Technologies can help you get the most out of your iPads, Smartphones and other mobile devices with our Mobile Computing Services for your business in Cumming, Suwanee, Alpharetta, Johns Creek and surrounding Metro Atlanta.