Business Continuity vs. Disaster Recovery: What’s the Difference?

The risk of cyberattack is still growing globally, and no business is too small to hack or breach. It’s important to plan for business continuity and disaster recovery, and to do so in advance so you’re prepared for the worst. But first, you’ll need to understand the difference between the two.

Some use business continuity and disaster recovery interchangeably, yet there are differences between these two areas focused on safeguarding your business.

Business continuity planning ensures operations continue in the event of disruption. Whether it’s a natural or man-made disaster, national emergency, sabotage, theft, or utility failure, your business needs to prepare. Business continuity anticipates what you’ll do about physical premises, staffing, and IT.

A business continuity (BC) plan:

  • identifies business processes;
  • assesses risk;
  • weighs costs versus benefits;
  • establishes priorities;
  • earmarks resources;
  • designates responsibilities.

BC planning will outline the procedures to follow and who is in charge of which processes. Think of it like a checklist to continue operations as close to normal as possible despite a crisis.

How is BC different from Disaster Recovery?

Disaster recovery focuses on providing a backup when unforeseen interruptions hit: actions needed to restore IT assets, communications, and essential hardware systems.

Disaster recovery (DR) plans aim to reduce downtime and restore vital systems as soon as possible. After all, statistics around small businesses suffering IT disruptions are not encouraging. Depending on where you look:

  • 93% of companies suffering an IT disaster file for bankruptcy within one year.
  • 40% of businesses don’t bounce back from a disaster.
  • 60% of breached small businesses can expect to shut down within six months.

While there is no consensus, the takeaway remains the same: downtime = business disaster.

The best way to reduce risk is BC and DR planning.

Still, how is disaster recovery different from continuity efforts? Business continuity tackles all operations. Yet in many environments, disaster recovery is a subset of business continuity. That’s because disaster management hones IT infrastructure. DR gets IT back up and restores data access after a disaster.

Disaster planning establishes procedures for restoring critical applications. You establish where and how you’ll backup important data, you make decisions about what to repair and restore first, and you decide on your restore-point tolerance. This is the acceptable amount of time between your last backup and when the system went down. This will vary among businesses. A business conducting hundreds of online transactions daily has different needs than one with less data.

Planning ahead is essential for both

Although disaster recovery and business continuity have different timelines, both prepare in advance. Business continuity plans are set in motion as soon as operations are threatened. For instance, in the event of a hurricane, the BC plan would alert stakeholders, tell emergency procedures, and transition to alternate operations. Yet the DR team won’t do anything until the storm actually affects the business.

Your business may be able to ride out a short, planned downtime, but disruptions from weather events, power failure, or malevolent attack can be crushing. Take the time, when not in crisis, to plan your business continuity and disaster recovery.

A managed service provider can help you develop the best business continuity and disaster recovery strategies.

Lessons Learned from an Oil Pipeline Ransomware Attack

Your business may not be supplying oil to the United States, and you may not even be in the critical infrastructure business, but don’t think that means ransomware can’t happen to you, too. This article shares lessons learned from a headline-grabbing event, and they’re applicable to businesses of all sizes in all industries.

First, what happened? The May 2021 ransomware attack crippled a 5500-mile gasoline pipeline. The Colonial Pipeline serves up nearly half of the gasoline used by the East Coast of the United States. The attack, thought to be the largest ever on US oil infrastructure, encrypted almost 100 gigabytes of data. Russian hacker group DarkSide took the systems hostage, demanding an undisclosed ransom. The pipeline was offline for days, and the disruption plagued the country for weeks.

The lesson learned? Businesses cannot underestimate the importance of being proactive about preventing cybercriminal attacks. The Colonial Pipeline attack originated in Russia and attacked the US, but the motive was financial. The majority of cyberattacks come down to money. That means your business could be at risk, too.

Lesson #1: Educate employees

Avoid falling victim to a devastating ransomware attack by educating employees about cybersecurity. Train your employees to recognize phishing emails and other scams, teach them about the importance of strong passwords, help them understand potential dangers of using unsecured wireless networks or unencrypted devices, and prevent their downloading unsanctioned apps onto work computers.

Lesson #2: Use firewalls and email filtering

Configure firewalls to protect your network and block access from malicious IP addresses. Geo-fencing can reduce traffic from foreign actors in known cybercrime hubs.

Additionally, set up advanced spam filters. These help identify and stop phishing emails before they even get to your employees.

Lesson #3: Limit access

You’re thinking you’re doing that already with firewalls and filtering, but this refers to limiting access for the people who work for you. Configure credentials so that employees can access only what’s needed to do their job. Limiting administrative access makes it more difficult for bad actors to do damage.

Also, limit permissions to reduce access. One employee may need to read certain files but have no need to edit them. Configure the file and directory access accordingly.

Lesson #4: Monitor and patch

Even if you’re not online at all hours of the day, you should be monitoring IT 24/7. Set up alerts to identify any suspicious activity. You want to know as soon as possible if there is a vulnerability so your business can limit its exposure.

Also, patch: don’t ignore update notifications from your software providers or operating system manufacturers. Every piece of technology in your office could be an entry point for a bad actor. Cybercriminals are always finding new modes of attack and vulnerabilities. You have to be vigilant and keep your systems updated to cut your risk.

Lesson #5: Have a backup plan

If cybercriminals take your system hostage, you don’t want to have to pay a ransom. It’s costly, and you can’t guarantee you’ll get a functional system back. You will still suffer downtime and damaged reputation from the attack.

Having several system backups, tested regularly for accuracy, helps protect you from catastrophe. We recommend a 3-2-1 approach. That’s three separate copies of the backup on two different storage types, and at least one of them should be off-site.

Customize your backup plan around the specific needs of your business. One company might be fine backing up daily, whereas another may suffer if it loses even a few hours of data.

Cybersecurity doesn’t have to be complicated

Ransomware attacks are expensive and time consuming. Partner with a managed service provider to keep an eye on your systems. Our IT experts can configure protection, track activity, and provide backup solutions. Take preventative action to protect your business against ransomware and other cyberattacks. Work with professionals to install a layered IT security strategy today.

Doing Business in Microsoft 365? Backup Your Data

Many business tools are moving to the cloud. One popular option is Microsoft 365, formerly known as Office 365. This unified platform consolidates Excel, Word, and PowerPoint with collaboration and communication tools. Added apps and services help streamline operations, too. Simplifying your IT infrastructure can also cut costs and reduce duplication of effort. Still, when you’re leveraging the convenience of Microsoft 365, data backup is your job.

When all software was on-site on business servers and machines, you had complete control. The IT team kept the systems up to date, virus-free, and running smoothly. They built in redundancy to ensure data recovery. They planned for natural disaster, human error, malicious attack, ransomware, or hardware misconfiguration.

Now, though, IT doesn’t have the same control. With the transition to Microsoft 365, the job has changed. Microsoft makes sure its users can continue to access SharePoint or Teams in the event of a disaster, but this doesn’t mean they are responsible for backing up your data – that’s your responsibility.

As do many cloud-based vendors, the company says you own and control your data. They ensure service availability, but you need to set up your own data backup in case of a hack, employee error, or failing to install a security patch.

What does Microsoft 365 Backup?

Reducing downtime is a big reason to backup data. Resilience in the wake of a data breach helps establish credibility with customers, investors, and employees. You may also need backups for compliance with legal guidelines and industry standards.

Yes, you can restore some data within Microsoft 365, but only in the short term. For instance, you can recover information from your deleted-items folder. When something is deleted from that folder, an administrator can often recover it from a system-wide recycling bin.

The thing is, Microsoft 365 doesn’t hold data for that long. It can range from two weeks to a month, depending on your configuration. Plus, you’re not in control of when data is purged, from which there is no recovery.

Microsoft’s datacenter redundancy and data replication efforts support service uptime. It won’t matter if your data is breached, encrypted, or irretrievable due to a hardware failure, flood, or fire.

You need your own data backup. We recommend that you have “snapshots” of your data in three places: one is on-site on a local, protected computer or device; another would be on a remote device; and the third would be in the cloud with a reputable third-party backup provider.

Test Your Backup

Having a backup of Microsoft 365 data offers reassurance that your business can bounce back. Still, don’t get complacent just yet. Along with having a process in place to back up your data, also plan on testing backups.

Testing helps you learn how effectively you can recover following data loss. Plus, testing backups saves you from finding out in a crisis that something has been wrong all along.

Protect your business from data loss and lengthy downtime with your own data backup. We can offer you backup services and help get your company up and running again if the worst does happen.

To Cloud or Not to Cloud?

Should you take your business into the cloud?

So Michael, what is cloud computing anyway? First, cloud computing is not new. It has been around since the beginning of the internet. Cloud computing is basically any service that you use on the internet that you do not directly maintain. Your home email is cloud based. You don’t personally maintain any of the physical servers that run your email. You don’t pay for the actual servers themselves. Heck, you don’t even know how they actually work. You just pay for or use the email service that someone else provides. That service has been around since the internet got going.

So, why is it such a big deal then?  Because now technology has allowed many other services to take advantage of the same economies of scale. Namely due to virtualization.  With the advances in virtualization and processing power of CPUs, we can now run more virtual environments on one server than ever before.  Also, security has been refined to allow remote services securely.  With virtual networking structures, called VLANs, we can make certain that your network traffic on the shared server does not interact with someone elses network traffic.  This follows all the way to virtual firewalls.  Also, with encryption technology for all operating systems, you can store your data remotely without having to worry about someone else seeing it.  Perfect for compliance reasons such as PCI, HIPAA, etc.  Now, it actually is a cost benefit for us to use the cloud for other services besides email because you are sharing a server thus only paying for a portion of it not the entire thing.

Ok, why should I use the cloud for my business?  The reasons everyone on the internet will tell you are: Business Agility, Reduced Capital Expense, Scalability, Anywhere Access.  And those are great reasons.  The reasons Computer Specialists LTD will tell you are: Less Hassles and Less Expense.

Alright, so it has less hassles and less expense. How can we really use the cloud?

The answer to that is pretty much anything you do now on premise you can do in the cloud.

We can host your entire environment in the cloud and use less powerful, cheaper devices in your office to access them.

We can run desktop environments to give remote users access without compromising security

We can run your file server in the cloud to take advantage of automatic backups for disaster recovery.

We can run your specialty, line of business software in the cloud to take advantage of up-time.

We have a file sync service (like DropBox) that gives you control of your data instead of your employees.

Your phone system is perfect to run in the cloud.

Backups are excellent for the cloud as it gets your data offsite in case of disaster.

If you have any remote users at all, the cloud makes absolute sense.

There are a few things however, that don’t make sense to do in the cloud. Video or audio editing are not good in the cloud.  Can be done as long as you choose the correct platform and have a really fast internet connection (50M+). But I personally wouldn’t recommend it if it’s your livelihood.  3D rendering falls in here too.  Can be done if the environment is right but I wouldn’t recommend it for a business yet.

When Should we be moving our services to the cloud?

If you have servers in-house running Windows Server 2003 and need to upgrade, which you should absolutely do this year (by July 14, 2015), then now is the perfect time to explore how the cloud can help your business.

If you have workers working remotely or travelling a lot, now is a good time to see what can be done about keeping control of your valuable company data instead of letting your employees control it on their own.

If your business is just starting out, now is a great time to get started in the cloud as it is a month to month service to keep your start up costs low.

If you are a seasonal type business that uses more resources, more employees at certain parts of the year than the norm, then cloud computing may be a good fit so you don’t have to pay for those extra resources all year long.  You can scale up for a few months then scale back down.

Who is using the cloud today?  Lots of businesses are using the cloud.  You probably are right now (your email). If you are using any file sharing services then you are.  I know I certainly use the cloud for about as much as I can:  Email, file sharing, office suite, backups, VoIP, collaboration.  I can get what I need, wherever I am on any device I choose.  That is the biggest reason I got into the cloud.  The cost was just a bonus for my business model.  At Computer Specialists we don’t have an office, we all work from our homes.  The cloud is the only way we have been able to run this way since 2009.

Where can I get more information for running my business in the cloud?  Of course, from Computer Specialists LTD or use your favorite internet search engine.