image-double-dareSimilar to life, game shows allow you to risk something in order to reap a potential gain.  However, unlike life, in game shows, the contestant is not risking their business.  Businesses are always venturing for potential gains, and for most businesses, the goal is to gain the most with the least amount of risk.  How daring are you with your business?  I dare you to follow in the footsteps of some of our clients over of the years…

1st Scenario:  I double dare you to have a single backup of your critical company data.

Contestant #1:  Our client had two Unix servers and a Windows server.  Their dispatcher was responsible for their backup monitoring and management.  Each day, he would diligently swap backup media.  He chose to put the Unix backup media in a safe and the Windows backup media in a desk in his office.  Guess what happened next…they had a major fire and the office premise burnt almost to the ground.  The Unix backup media in the safe was intact; however, the fire marshal prohibited access to retrieve the media until 5 days after the fire.  Unfortunately, the Windows Server backup media was a total loss.  Their only option:  Send the Windows Server—its plastic case completely melted—out for data recovery.  In the end, the data recovery specialists were able to recover 96% of the data but only after 15 business days had passed and they incurred a $5,000+ recovery fee.  In both cases, an offsite backup solution would have minimized the downtime and eliminated the data recovery costs.  We’ve seen similar losses as the result of flooding, a leaking air conditioning unit, burst pipes, electrical damage and more.

Contestant #2:  Our client had both a local backup and a cloud-based backup.  What happened next…a disgruntled former employee entered the office space over the weekend and literally took the entire server and the onsite backup media.  Happily, in this case, the client had an offsite backup of their critical data and we were able to recover all their lost information.  What could this client have done better?  They could have immediately removed physical access to their office (in this case it would have required changing the locks) and considered a BDR device which would have allowed for almost immediate access to their data—no waiting for their data to download over the Internet which took several days.

These are just some of the reasons why all IT Radix Management and Support Plans include both an onsite and offsite backup to protect our clients against this type of business disaster.

2nd Scenario:  I double dare you not to have a Security Training and Support Plan in place.

Contestant #1:  Our client monitored their own backup.  What they didn’t realize is that the backup notices had stopped coming in.  Fast forward a few weeks…ransomware strikes and all their server data was encrypted and held for ransom.  The client was forced to roll back to the last good backup, losing weeks of work and data.

Contestant #2:  Our client’s controller received an email from the owner of the company approving a wire transfer.  This client regularly did wire transfers and as a result, this was not an unusual request and the controller complied.  Fortunately, the owner called him on another matter within minutes of transfer.  The controller mentioned that the wire transfer was under way, and of course, they both discovered the scam.  The controller was able to quickly contact the bank and stop the transfer but the company almost lost $50,000.

Most businesses think that it’ll never happen to them, but ransomware can get anyone!  Phishing emails, drive-by web infections and more have led to several of our clients being infected with ransomware.  The best defense is multi-layered:  employee security awareness training and testing, proactive monitoring of email and network activity, maintaining local and offsite backups, and consistent and regular security patching of all devices on the company’s network.

September is National Preparedness Month.  Your business can do nothing and take its chances, or alternatively, it can get prepared to keep working in the event of a weather-related disaster, inadvertent employee actions or other unexpected events.  IT Radix double dares you!

First published in our September 2016 IT Radix Resource newsletter

[code-snippet name=”hiding-blog-image”]