Technology is great—until it isn’t
Technology can help you run your business and be more efficient. It can help you do more with less, keep information more secure, keep people connected and generally keep the trains running on time. It’s a wonderful thing—until it isn’t.
I’ve spent the better part of four decades involved with technology in one way or another. I was always drawn to learn about technology and how things work—even when I was in grade school I wanted to try and solve problems by programming or automating something. I certainly understand the advantages and the desire to rely heavily on technology but as tempting as this can be I firmly believe that we are over reliant. Unfortunately most businesses are nowhere near prepared for doing business in the shadow of a disaster and I’ve seen first hand how devastating this can be. That disaster can be in the form of a flood, tornado, data breach, employee sabotage (this happens more than you’d think), a ransomware attack or a nationwide infrastructure outage.
Most of the statistics out there relate to a ransomware attack but that’s because they are so awful: Over 80% of ransomware attacks are on small to medium businesses, 20% have to completely cease operation until it is resolved, the damage will cost on average $200,000 and 60% of small businesses will fail within 6 months of a ransomware attack (source).
It doesn’t have to be a ransomeware attack to cause similar devastation: A medical clinic that can’t treat patients because they are cut off from their medical records, a transportation company that can’t route deliveries because their systems are down, a small business that can’t make any sales because their credit card or point of sale systems don’t work or any business that has been over reliant on the cloud without proper safeguards in place.
When I’m helping a business develop a plan I am operating under the assumption that something will happen and the appropriate strategy is recovery. Prevention is important and certainly part of the plan, but there are too many possible entry points for a bad actor to enter a network and cause havoc. Usually, all it takes is some good old fashioned social engineering to convince someone to reveal a password.
In spite on all this there is a lot you can do to keep things operational. The first thing that I like to concentrate on is a training strategy to teach employees how to spot a phishing attempt. A good phishing attempt is difficult to spot and can look very authentic—it may even come from the legitimate email of someone you know. Second, we need to have a good backup and recovery strategy. This is more than just backing up to an external hard drive and there are considerations that most business don’t account for: physical security of the backup, possible legal regulations, the speed at which the backup can be deployed, testing to make sure backed up data is actually viable and making sure to back up cloud accounts like OneDrive or Google Drive. Third, making sure that critical business systems have some form of redundancy and can be operational in a reasonable about of time. There are more things to consider and every business is different so it is always best to schedule a consultation to discuss your unique situation.
If you would like to have a no obligation discussion about how your business can be better prepared to remain operational during any type of disaster contact us online to give us a call at 937-556-4123.