This week’s guest blog was written by Brent Whitfield, CEO of DCG Technical Solutions Inc.
There was a time, not too long ago, when one of a business owner’s main concerns was losing his or her assets through fire, storm damage or flood. While insurers catered to these fears by providing comprehensive business insurance policies, loss due to internet service interruption or a terrorist cyber-attack were deemed intangible and pretty much uninsurable.
Times are changing! According to Allianz’s 2017 Risk Barometer, no less than 88 per cent of business losses in 2016, by dollar amount, were attributable to human error and technology problems. This alone should be enough to spur businesses into focusing on sourcing adequate insurance and improving their training and IT provisioning. However, the report went on to highlight the increasing threat from ‘non-damage’ events: those factors that, unlike fire or flood, do no damage to a business’s assets but nevertheless severely disrupt business. Business disruption was cited as the number one cause for concern to businesses in the USA and there was also a growing fear of cyber incidents (e.g. online fraud and hacktivism), especially in countries such as Germany, South Africa and the UK.
IT disruption covers a wide range of potential business threats, from internet speed fluctuations to database corruption, and this article looks at some of the most common.
Internet Speed and Connectivity Issues
Internet reliability is at the heart of efficient business in the 21st Century and most companies, particularly those in large urban areas, are well-served in this respect. The three most likely causes of internet disruption are congestion, speed fluctuation and a failed link to the ISP. In most cases, the first two issues are simple to diagnose and correct (usually by means of bandwidth control or increasing the size of the business’s bandwidth link). Companies who contract their IT provision to a managed services provider (MSP) should ensure that a minimum IT service requirement is stipulated in the service level agreement (SLA).
Failed links, though rare, can be more difficult to resolve, particularly if they are caused by circumstances beyond your ISP’s control. The number one protection against this kind of total service loss is to have a backup ISP. If this scenario has never crossed your mind then it would be wise to draw up or overhaul your disaster recovery plan.
Software Design and Hardware Breakdown
Many employees blame poor software and interface design for obstructing their workflow. Digging deeper often highlights an issue with training provision with employees expected to adapt to new programs and interfaces with minimal tuition. On the other end of the scale are businesses which persist with software that is no longer up to the job. A good IT manager will listen to employees’ concerns and be creatively involved in sourcing solutions. The cloud offers many ways to streamline business processes through SaaS and PaaS applications, often slashing costs at the same time.
Even a decade ago, hardware failure was a common cause of IT disruption but this is no longer the case and you are more likely to lose services due to the failure of the network itself (storms bringing down cables, etc.) than due to router malfunction or other client-side hardware failure. One reason for this is that the hardware itself is becoming more reliable. Alongside this, there is the gradual shift towards cloud services meaning there is literally less hardware on site to go wrong. The most significant threats to hardware operation are lock-up, for example when too many processes are channeled through a router (simplify your configuration or upgrade your router!) and power surges (UPS protection is a must).
Many sources of IT disruption can be ultimately traced back to human error and this shouldn’t be surprising due to the complexity of many programs and networks and the pace of change. There are countless ways in which humans can mess up. They might miss out a critical step on some operational software, lock a device out of the local network by duplicating an IP address or unplug a router to make space for another piece of equipment. Most of these problems can be ironed out through effective training and correcting procedural areas. One huge issue is a lack of awareness of or compliance with security protocols. That deserves a section in itself!
In 2014, Sony became the most high profile victim of a staggering 4,000 per cent increase in ransomware exploits. Since then, barely a month goes by before we hear about another big company being hacked and either losing sensitive customer data or suffering severe disruption.
Cyber-criminals have realized that the easiest way into a company’s high-security network is through its low-security employees. Watering hole attacks, for example, target the vulnerabilities in everyday websites that a specific company employee is known to visit, attempting to direct them to a source of infection. There are many other types of attacks but the vast majority can be avoided by following a robust security policy. This should include prompt installation of software updates and patches; the creation and regular changing of strong passwords and company-wide awareness training focusing on avoiding phishing attacks and other common vectors of infection. The creation of regular off-network backups will minimize the risk of irreversible data loss or corruption.
A Note on BYOD
A growing number of businesses are realizing the efficiency savings available through implementing a ‘Bring your own Device’ (BYOD) policy. For all of its advantages this opens up a whole new set of risks including deliberate and accidental third-party access to sensitive data. A BYOD policy needs to be watertight and cover areas such as encryption during data storage and transfer, monitoring of customer device use, measures to keep business and personal data separate and processes for data recovery and deletion following device loss or employee resignation.
Backup Processes and Data Corruption
The nature of magnetic storage means that database corruption is inevitable. Fortunately, operating systems contain inbuilt check and repair processes that resolve most errors but there is always the chance of serious corruption (e.g. of the boot page).
Businesses can protect themselves from this scenario by backing up regularly, securely and, ideally, in multiple locations. By thinking more in terms of disaster recovery over traditional backup, companies can weigh up all the factors involved – from timely recovery of date and resumption of service to secure storage. There are various public cloud, private cloud and hybrid backup solutions on the market and outsourcing backup monitoring to an MSP can be a good idea to free up resources.
About the Contributor
Brent Whitfield is CEO of DCG Technical Solutions Inc. DCG provide a range of Los Angeles IT Services from disaster recovery and exchange mail support to full MSP and CIO services. Brent has been featured in Fast Company, CNBC, Network Computing, Reuters, and Yahoo Business. https://www.dcgla.com was recognized among the Top 10 Fastest Growing MSPs in North America by MSP mentor. Twitter @DCGCloud