(661) 281-4000

Are you protecting the right data?

You’re ready to purchase a BDR. You’ve done all of the research, found a company you’re confident in and are excited to finally have peace of mind. But now you start thinking about exactly what you need to back up. Is all of your data necessary or should you salvage a little server room? All businesses want to back up everything, you never know when you’ll need it. It’s not always necessary to back up everything daily, but there are some you will want to consider.  

 

Depending on what kind of BDR you purchased you will first need to delegate what data is stored, is not stored, and how often. Notice that there are three different kinds of backup in today’s tech world. Those are; straight to cloud services, software-based products, and a hybrid approach that combines on-site hardware and software. By segmenting the market, you can quickly assess which approach will work best. Ideally, you will want to spend money on a company that specialized in a backup. However, keep in mind that the faster the solution is and the more automated, the more expensive it will be.

 

Don’t feel bad if you went a little cheap in order to save money. You can still backup without automation or any third party, you will just need to remain diligent about it. If you are making sure to do a daily backup there are several business items you want to account for each day. First is credit card transactions or receipts. Your accounting software should keep an eye on this and automatically back this data up, but you can never be too sure. This also includes things like invoicing, receivables, payroll and just about anything that is financially related. All financials are incredibly important, even one lost invoice could really hurt your business.  

 

Next, you will want to backup any client files. Anything with hackable data or items that could be compromised need to be backed up daily as well. Not only is it invaluable to keep this information safe, but it would certainly affect your client confidence if anything was lost or stolen. Finally, we must backup any project management software. Anything that your business uses to keep track of daily activities and work being done needs backup. Just like financial software, usually, project management software will also back up and recover items if lost. But once again, that’s a chance you don’t really want to take. Then, of course, it affects communications, so you don’t want to want to maintain a log of communication or “paper trail” as people day. 

 

You want to keep all of these things intact. Not only your precious memories but also the really important stuff that your clients and customers trust from you. Keep these items in mind and you should never have to deal with business killing disaster. 

By now all businesses should have a BDR or disaster plan in place. This has become more of a standard practice rather than a last-minute product purchase – as it should be. Business owners of any kind vaguely understand this need, but what about a disaster in general. Do you know what you’re preparing for? Sure, a natural disaster could happen, but your receptionist could fat finger something causing a disaster too. Kudos on being ready, now understand what you’re ready for.

It may seem a bit redundant, but before you deploy a BDR, make sure you have gone through a thorough plan. This has to do with researching the extent of your own data as well as a potential BDR provider. You want to ensure your provider uses a program that allows for preventative maintenance, monitoring, and staff training. Having these things in place will help avoid downtime if the worst happens.

With that said, preventative maintenance is so important! Consistently ensuring everything is running as it should and testing these items will allow you some peace of mind as well as simple groundwork for successful backup. This goes beyond backup software or testing cloud storage. This is ensuring your provider’s backups work.  Important items like generators, UPSs, cooling systems, fire detection, and suppression systems. You can’t necessarily head to your provider’s office to see for yourself, but you can read the fine print on your contracts as well as have meaningful conversations with potential providers.

Along with that, make sure your provider does periodic testing of all systems. Not just one or two- then the rest should be fine. Test everything from generators to security to software. That way if the worst does happen, no one can say “Ha! I told you so!” Then, of course, ask about their security. Does your plan come with 24/7 monitoring? Is the data center fully staffed during these hours? Who would mitigate the disaster plan if you aren’t readily available? This comes down to physical and cybersecurity as well. Is your data truly protected on their servers? Could anything be stolen or compromised from their end? There are tons of questions to ask and don’t be afraid to do so. A good BDR business will put you at ease and keep your data safe.

An important item that often gets overlooked while researching a BDR provider is location. Think about it, if the backup server for your company is sitting in a location that sees seasonal hurricanes or located on top of an active earthquake fault, you may want to negotiate additional server space elsewhere or cloud storage that doesn’t back up to that on-premise server. It would really be unfortunate if your backup plan is foiled by a disaster that takes place halfway across the country. Local businesses aren’t affected, but lucky you! This is not to say avoid these locations altogether. Realistically a slew of disasters could happen all over the world, so it’s more about backing up your backup. Or at least ensure your provider also has a backup plan.

Then finally, compile a team as part of your plan. That team of people will be the ones that need to deal with anything disaster-related. Make sure they are trained well and update that training to reflect new threats, products, or anything else that could help them help you. You don’t necessarily want Mary your office manager heading up this team. She did great with the backups when they were on tape, but for this kind of “A-team”, you need your go-to pros. Get your best techs and the ones well versed in data center operations. This team is just another step toward peace of mind and simple preparedness. Don’t lose your business over something that could’ve been avoided. Take the time and steps now before something happens. Mother nature is unpredictable… but so is business.

Backup Disaster Recovery is one of those things that all businesses need to have. A BDR backs up any data during the course of a disaster. Whether it’s a natural disaster such as a tornado, a hardware failure, or even an attack from a hacker. Anyone of these could permanently disable your business if you aren’t prepared or have a proper backup plan. For those of you still backing up data manually on tapes or *cringe* not at all, here are some reasons you need a BDR solution and should stop tuning out potential disasters.

 

First of all, a data disaster is more common than you might think and currently, 58% of SMB’s are not prepared for data loss. Even worse, 60% of SMB’s that lose their data will shut down within six months. Something that could have been prevented could potentially wreck your business. Scary to think about when 29% of hard drive failures are caused by accident. It would be silly to have a human error or a simple mishap put your company out of business.

 

You may have security protocols in place and your employees are well versed on avoiding things like malware. Well done. However, you’re still not protected. Human error is a large culprit in data loss. It could be unintentionally deleting items or accidentally overwriting data, but these “oops” can hit hard. Human error can result in other kinds of hardware damage like spills or even accidental reformatting. All of these things are possible and have happened to many SMB’s before you. Sometimes recovery is possible from the software platform you were using, maybe your computer has your back and caught these things. It’s still a time consuming and money wasting error to fix, even if you are so lucky to recover some of what you lost.

 

Viruses and malware can be a significant cause to software or hardware damage depending on what kind of bug found its way in. Usually, this can be avoided with proper employee training as well as an awesome firewall that will help filter malicious attacks. Yet another prey in the night is social engineering. This is the art of sort of conning people. Hackers have been known to get into server rooms and other data-centric areas of the business. Employees may not even notice their mistake until it’s too late. I guess the “HVAC guy” turned out being a hacker in disguise.

 

Sometimes software corruption can come from unknown viruses lurking around your computer. However, most of the time it is due to improper usage. Things like not shutting down the computer properly or leaving unsaved documents open. Sometimes even a power outage can trigger corruption. Once the software processes are interrupted and damaged, it’s virtually impossible to recover data stored in the software.

 

Did you know that 140,000 hard drives crash every week? With that kind of number, it’s just a matter of time until it happens to you. That is not a comfortable position to be in if you know you don’t have backup. Unfortunately, hard drive corruption is usually due to mechanical issues. Things like age and dust build up can (and will) cause technology to fail. We’ve all used the old laptop we still have, that’s been on its deathbed for months, freezing frequently, taking for-ev-er to load a webpage, and of course, acts as a heater for your lap or desk. All of these things are signs leading to a crash. You may not care if it’s an old hand-me-down laptop from the ’90s. But you will care when it’s your pricey equipment with all of your product data and client information being stored on it.

 

Finally, good old-fashioned acts of God. You can’t necessarily prepare for a natural disaster. Even if you hear the tornado siren, backing up your servers to tape will take longer than it does for the tornado to hit your business. Then what? That tape is left amongst the rubble, destroyed. This may seem like an exaggeration, but it has really happened to businesses. And even if only hypothetical, it makes for a great metaphor for any other crash within your business. This is also proof that on-site BDR’s may not always be the final protective cover to your business. You may want to consider off-site or cloud data storage to ensure protection, so your data is safe even if your equipment is destroyed.

 

Protect your business and keep it running smoothly and successfully. Backup Disaster Recovery options are available for all kinds of SMB’s and their needs. Don’t wait to be taught a lesson by the “big one” (as most California residents say). Protect your important data and enjoy the peace of mind that comes along with it. You’ve worked too hard to get your business where it is, protect your hard work.

Cybercriminals use social engineering every day to attempt to hack into people’s personal information. Chances are, you have seen all three of these attempts sometime during your lifetime. Social engineering is slightly different though because it preys on the human condition. Attempting to gain trust and manipulate people. This way it’s even easier to have someone almost willingly give out personal information. In general, there are three major ways that cybercriminals use social engineering to steal your info.


The first is via email.
This is one of the most prominent ways that information is stolen. This side of social engineering has been around nearly as long as emails have and its guaranteed that anyone with an email account has seen at least one of the many phishing scams that come from cybercriminals. Perhaps a Nigerian Prince would like to wire you a ton of money because his inheritance is wrapped up in the bank for some reason. All you need to do is pay a few fees to receive the money and you get to keep a portion of his millions. Totally legitimate right? Or maybe the bank needs you to confirm your account number and social security number because of an “account breach”. Why not right? The bank is a legitimate business, it must be real, even the email looks real. Better yet, wouldn’t you love to be a secret shopper? Receive a check for $1000, cash it, and perform a job. Innocent enough right? Not after you wire initial costs and attempt to cash a bad check. These are just some of the ways social engineers prey on unsuspecting and trusting people. If sending money or willingly giving up information isn’t involved, then there is usually malware within the email. The links that can be clicked on will deploy malware to infect your computer files and obtain information about you. It’s amazing how prevalent these scams are. But if you’re educated on them, you won’t become a victim.


Next is posing as someone you know.

This can take several different forms, however the most obvious is copycat Facebook profiles. This is another prominent scam that cybercriminals use to trick people into thinking they are receiving a friend request from someone they know. The profile will often contain a few photos from the original person’s profile so it looks a tad more real. As unsuspecting friends add this profile, it begins to look more legitimate because of similar friends and associates. This profile can ask for money or send links containing malware to infect your computer, or even corrupt your Facebook profile gaining access to personal information. Another way cybercriminals can gain access to your information is by posing as someone within your company. They can send an email that looks like it’s from your boss when really its fake. Usually, something about the email address will be a bit off, if you’re paying attention. Letters are swapped around or a .net becomes a .com at the end of the email. As soon as you open it or click on a link, there goes malware infecting your computer. This scam is usually highly effective because it gets sent to everyone in the company, and people often take it as real from the boss.

 

Finally, a newer way for cybercriminals to target people is through advertisements.
Considering ads are pretty much everywhere online now, creating ransomware ads is incredibly easy and a bit difficult to spot among the hundreds of people see every day. For this type of social engineering, cybercriminals literally deploy ad campaigns showcasing a product or a service. When you click on the ad, it downloads malware or ransomware onto your computer. Most of the time these ads are for anti-virus software or a pop-up will come on your computer saying your computer has been infected and to click the link to clean the virus. Tricky, tricky cybercriminals.

The key to these three general social engineering styles is to become educated on them and keep an eye out for anything that seems off. It certainly pays nowadays to be diligent during your time on the internet and pay attention to everything. If something seems strange or wrong, avoid it until you are certain it is safe. Try not to click on any links inside of emails unless you are sure, and trust the sender. If you get a friend request from someone, look over their profile and ensure its real. Check out their friends, photos, and posts to ensure they aren’t fake. Then finally don’t trust any anti-virus pop-ups or ads. Make sure that you make educated decisions while surfing the internet, stay safe out there!

Most people are aware of the many scams that exist on the internet now. It’s tough to simply look at your emails without noticing several phishing emails still in your inbox and those are the obvious ones! Not including the stealthy, “We need you to update your account info, just click the link below”, emails. It can even go deeper with hackers physically talking with you or conning you into giving them the information you shouldn’t. But the largest influx of social engineering has come from social media.  As of right now, worldwide social media users total 2.34 billion according to Statista. That is a lot of people to target and you know they will target as many as possible. 

 

Facebook has seen a lot of scrutiny lately revolving around Russian meddling in the 2016 election. Not only did they find literally millions of fake Facebook accounts, but they also found that there were FB ads created to sway American voters. This is a perfect example of the new age of social engineering. All of this comes from profiles that look legitimate on the outside but once you do a little digging you can quickly tell the difference. Same goes for the advertisements, they look as though they are from a real company or person, the ad does say sponsored like regular FB ad content. But when you click on it, you can either infect your computer with malware or unknowingly give away your login info.  

 

Another example of social engineering via Facebook ads was back in 2011 after Steve Jobs passed away. A fake FB ad claimed that Apple was giving away iPads in honor of his passing. Well, that ad went viral and thousands of people clicked on the link, which in turn infected their computers and devices.  

 

Social engineering has gotten more complicated with (MIP) minimally invested profiles and (FIP) fully invested profiles, found mostly on Facebook and LinkedIn. MIPs are created in bulk, usually have very little original content on them, and usually a sexy or provocative photo as the main profile picture. Then they usually go around making friend requests in hopes that certain users won’t look into the profile and simply add them. The reason for this is to be able to eventually send you malware via FB messenger as well as post on someone’s FB “wall”. 

 

The FIPs that get created take a little more time and effort, however, they are more efficient because they really look the part. To an untrained eye, a profile like this could pass as an acquaintance. The best way to crack this mystery profile is by looking at their friends and content on their wall. If both of these raise even one red flag, it’s likely it’s a fake FIP profile. These are intended to target a specific person or vertical in an industry. This can usually be seen once you look into mutual friends or even do a reverse image search.  

 

These are just a few of the main ways that social engineers are using social media to target people. While snooping on your co-workers, checking to see what crazy Uncle Larry just posted, or simply browsing through memes, always be diligent and aware of your internet surroundings. If that’s tough, make sure you’re firewall and antivirus are up to par! Don’t let a social engineer manipulate you into surrendering your information.