Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 30, Issue 4

Full Contents Now Available!

DRJ Blogs

DRJ | The premiere resource for business continuity and disaster recovery

The Impact of Cyber Activity on Traditional Resiliency Programs

Traditional resiliency designs are most often predicated upon the ability to restore an IT environment to a point whereby the business can resume operations. Reducing the amount of down time, along with being able to minimize data loss (measured using Recovery Time and Recovery Point Objectives) are the keys to a successful resilience program.

These objectives have held up over time in defining the actual techniques required to resume the IT function in support of overarching business objectives. When applied to a full recovery at an enterprise level, this approach has proven sound and is acknowledged across the industry as the optimal way to design and implement a resiliency strategy and overall program.

Recent changes in the dynamics of a potential outage, primarily being driven by a growing set of threats in the form of cyber activity, have demanded a rethinking of how a response should be handled. More specifically, evolving threats are now focused on potentially smaller targets with greater levels of impact that can prevent a company from conducting business that look to damage or worse yet hold for ransom critical information within the firm. This increased level of compromise requires not only that an expedited response be in place but likewise necessitates that more complete, accurate, and protected systems and information be always available to immediately resume business processing.

...
Continue reading
2443 Hits
0 Comments

BCP Headaches You Can Avoid by Using Shield: Part 2

BCP Headaches You Can Avoid by Using Shield: Part 2

We hope you enjoyed last week’s blog post on how KingsBridge Shield can solve some of your Business Continuity Planning (BCP) information security headaches.  This week, part two of our series focuses on how Shield can cure the headaches of the BCP newbie.  Has management assigned you the responsibility of heading up the company’s BCP program but you don’t know where to begin?   At KingsBridge, our motto is Keep It Simple and Straightforward.  Our Shield software has everything the newcomer needs to resolve their BCP headaches.  Here are a few examples:

I’m brand new to this.  Starting BCP on the right foot.

Starting BCP can seem like a daunting task, knowing where to begin can be the hardest part.  Often senior management assigns business continuity plan development to an employee with no experience or resources to complete the job.

At KingsBridge, our Shield software takes that first step for you.  Out of the box, Shield comes with hundreds of pages of template content for every type of recovery team you can imagine.  We also have specialized templates for credit unions or for those who want to follow the FEMA format.  But that’s not all, the Shield content also includes recommendations for exercising and getting you started on your Business Continuity Management Program.  Shield doesn’t just house your plan, it writes a lot of it for you.

...
Continue reading
364 Hits
0 Comments

Trends Dominating Disaster Recovery Industry In 2017

Trends Dominating Disaster Recovery Industry In 2017

More than any other time in the past, today, digital information occupies a very central part in any business, and has become one of the 21st century business’ most valuable assets. For this reason, businesses can no longer stay on the sidelines and watch as their data wiped out when a disaster strikes.

Every effort must be made to ensure digital information is secure regardless of the magnitude of the disaster that hits the business organization. Businesses across various industries have invested quite heavily in Big Data solutions that ensure their digital information is accurate, uncorrupted and up to date.

Preference given to DRaaS vendors

The emergence of Disaster Recovery as a Service has made it possible for businesses to use redundancy protocols to replicate their physical and virtual servers via the cloud as a way of mitigating possible data losses. Given how complex, expensive and time-consuming it is to develop a disaster recovery strategy from scratch, many companies, especially small and mid-sized businesses choose available solutions in the DRaaS niche.

...
Continue reading
526 Hits
0 Comments

5 Top ransomware exploits that you should know

We used to call the Internet the “information super-highway” back in the day, when connections were slow, bulletin boards and gopher were about as techie as it got. Those days are long gone, but something of the ‘highway’ has remained, like a bad smell, one that has come back to haunt us in 2017… The highway robber!

The person who went about their villainy on the trade routes and highways of the world, extorting money and valuables from unsuspecting travellers with a simple threat –– ”your money or your life” –– reinforced of course with the trademark flintlock pistol and sabre.

Today’s highway robber is a lot more sophisticated and savvy. They take far less risk and turn to the latest technology to extort you out of your money by threatening your valuables. In this case your data, your technology and most probably your computing ability.

...
Continue reading
434 Hits
0 Comments

BCP Headaches you can avoid by using KingsBridge Shield

BCP Headaches you can avoid by using KingsBridge Shield

Welcome to the first in our three-part series on business continuity planning headaches and how you can use the KingsBridge Shield solution to resolve them.  Today "BCP plan access" is the focus.  Making sure those that need it have it, while also ensuring that access to sensitive information remains restricted.

BCP Headache - #1 Keeping current copies of the plan in the hands of those that need it. 

Access to a business continuity plan is critical when disaster strikes.  To ensure this, many companies periodically print and distribute their plans to their recovery team members.  A wide plan distribution is great to make sure everyone has the information they need.  There is risk however, when old copies of the plans remain in circulation.

Shield’s web-based solution eliminates the risk of those old, stale copies floating around while ensuring that users have access to the latest and greatest plan information.  All plan changes are immediately reflected in the plan for all users with access to view them.  No need to print and distribute.

...
Continue reading
372 Hits
0 Comments

This Underutilized Group Could Save Your Business in a Crisis

Originally posted on Rentsys Recovery Services' blog.

 

...
Continue reading
410 Hits
0 Comments

Secure Documents with Shield

Secure Documents with Shield

As covered in our last post, Records Management for BCP, one of the most challenging and yet critical elements of your business continuity plan (BCP) is records management. In this follow-up post, we’ll look at how KingsBridge Shield helps you to secure documents that are most critical to your business’ recovery.

Safe and Secure Documents Storage

When it comes to business continuity, documents needed to help recover the business have to be safely and securely stored.  Many of our clients initially put a lot of faith in their IT department’s backups.  They know the data is backed up and therefore feel that having a copy stored elsewhere is unnecessary.  However, backup does not mean instant access.  Recovery of electronic document storage takes time.  Once documents are recovered, user access may be limited due to connectivity with the recovery location.

Shield provides a secure, web-based solution that supports the storage of critical documents independent of your company’s servers.  The Shield mobile application syncs with the web application placing an additional off-line copy of these documents on your phone.  No internet?  No problem.  Your phone will have all the documents you need.

...
Continue reading
472 Hits
0 Comments

OWASP Top 10 - Combating Data Security Breach in Web Applications

Most of the organizations are now developing and using web applications to do their business online. This shift in the style has undoubtedly eased the way to do the business, but at the same time has exposed critical business and customer data to security threats. Recent report of Verizon Data Breach Investigation (2017) suggests that a good percentage of breaches were associated with web applications.

Some of these threats have now been addressed by various automated scanners which provide a robust detection of security vulnerabilities. However, it is still important to understand such vulnerabilities before we can resolve the danger posed.

Open Web Application Security Project (OWASP) is a group that works towards defining security recommendations, specifications, and explanations in key areas. This group was initially created as a project to define testing standards for web applications security. The specialized project concluded that purchase of dedicated software tools can make the web application immune to security breaches. Apart from this, OWASP published and drafted ‘Top 10 Security Vulnerabilities List’ for any web application.

...
Continue reading
447 Hits
0 Comments

Disaster Recovery Planning: Who Needs A Seat At The Table & Why

Whether you’re implementing or just refining your disaster recovery (DR) process, one of the most important things to consider is your team. Depending on the people at the helm, your efforts will either be thorough and coordinated, or incomplete and disjointed. To start off on the right foot, you’ll need to assemble a knowledgeable group whose areas of expertise cover all the necessary bases.

Below is a list of roles that, in our view, are instrumental to the success of disaster recovery planning. Note that in your organization these roles may not be clearly defined yet (there may not be anyone who currently holds the title Disaster Recovery Coordinator, for example), but these roles should be assigned before the process begins.

Key Roles & Responsibilities For The Disaster Recovery Planning Team 

Your disaster recovery planning team should consist of the following:

Management Steering Committee

Executive team members who oversee the process are involved at a high level, which means they may not technically need a seat at the table—but they should be standing in the room. They play an important role when it comes to approvals for things like budgetary issues, policy considerations, strategic direction, and overcoming roadblocks or intradepartmental issues. These individuals might be part of an existing business continuity oversight committee, or form a separate disaster recovery steering committee, depending on the organization.

...
Continue reading
499 Hits
0 Comments

Records Management for BCP

Records Management for BCP

Records management is an ongoing struggle for many businesses, especially when it comes to Business Continuity Planning (BCP). Every time we go to a client site we get asked about what to do with all of the information the business generates. Where should it be stored? How should it be accessed, and by whom? And how do we know it’s up to date? In this post we are highlighting a few tips and tricks for records management to help your business easily survive the next disaster. 

What is a record?

Let’s start with the basics. What are we actually talking about when we say ‘record’? Most often a record is a set of printed documents that are kept in file folders or binders. But don’t be fooled! Records also include anything written in employee notebooks, or post-it notes at people’s desks. In short, anything written down for your company is a record. And that’s just hard copy.

There are also electronic records. Most often people think of anything that is generated in any of the Microsoft Office suite of programs (like Word, Excel, PowerPoint, etc.). These records also include pictures, any emails sent or received to the company email address (and yes, attachments too), as well as anything sent or received in instant message programs used by your business.

...
Continue reading
841 Hits
0 Comments

The 4 Ps of Incident Management 2.0 - Ramesh Warrier

Plans should not be the only goal of Business Continuity Management (BCM) programs.  The true end-state of BCM should be to assure that your organization can successfully manage itsresponseto any disruption, the goal of Incident Management.

An Incident Management focus has 4 components:

Planning– More than just BIAs and Risk Assessment, planning is the process of gathering, analysis and presentation of data crucial to Incident Managers’ and senior executives’ Decision Support.  These include: assessment of current capabilities, vulnerabilities, gaps, single points of failure, process and IT services critical resources, RTO’s and RPO requirements.

...
Continue reading
663 Hits
0 Comments

4 years later… what we can learn from the Lac Mégantic rail disaster

4 years later… what we can learn from the Lac Mégantic rail disaster

What can we learn from Lac Mégantic

In July of 2013, the deadliest Canadian rail accident since 1867 occurred in Lac Megantic, Quebec.  A series of errors resulted in a train carrying crude oil to roll downhill before derailing in the town of Lac Megantic.  The accident resulted in:

  • 63 derailed rail cars
  • 47 deaths
  • 2000 people forced from their homes
  • 4200 people impacted
  • 30 buildings destroyed
  • multiple criminal charges
  • $460 million dollars in settlements (and ongoing legal battles)

While it might be tempting to assume an accident of this magnitude is the result of a single large error or mechanical failure, this was not the case.  Investigators identified 18 causes and contributing factors that led to the disaster.  Here are a few common, but potentially dangerous assumptions, that were made by the rail company and are often heard in the emergency response and business continuity arena:

  • We've trained our staff in all safety procedures. The rail engineer in the Lac Megantic disaster received training.  Despite this, he did not conduct a proper brake test to ensure the locomotive was secure.  The engineer applied 7 handbrakes, yet investigators estimate that the operator should have applied at least 17 brakes to secure the train.  Investigations revealed that training, testing and supervision were insufficient.  Safety training is important, but regular reviews and testing are just as critical.  Management needs to be sure that staff are always following procedures accurately and consistently.
  • We have written procedures for our staff to follow. In the rail disaster, personnel mislabeled the oil cars with the wrong type of crude oil and did not follow brake procedures.  Just because procedures are written down doesn’t mean staff will always follow them.  We can learn from the checklist approach used in the airline industry and now adopted in operating rooms as well.  Mandatory checklists require the pilot/surgeon to physically check off that required procedures are followed, every time.
  • We’ve evaluated the situation and decided it’s too costly to fix so we’re going to accept the risk. Eight months before the Lac Mégantic rail disaster the lead locomotive was in for repair.  Due to the costs associated with a standard repair and the pressure to return the locomotive to service as quickly as possible, the company took short cuts using an epoxy-like material instead of performing the standard repair.  This material caught fire the night of the disaster and was a significant contributing factor to the events that led to the derailment.  Businesses make cost-benefit decisions everyday but we need to be sure we’re fully recognizing all the costs.  The railway is now in bankruptcy protection because of the event.
  • We are regulated and regularly inspected so we’re confident that we’re following all required procedures. Prior to the rail disaster, reports documented a pattern of repeat problems.  Despite these reports, Transport Canada did not always follow up to ensure the company was addressing the underlying conditions that led to these recurring problems. Lack of oversight left gaps that contributed to the disaster.  While many regulations exist, regulators often do not have sufficient resources to verify that companies are following the rules.  Do not confuse compliance with safety.  Companies need to do their own due diligence.

These are just a few of the excuses we hear companies use to make themselves feel comfortable that they’re meeting safety and business continuity obligations. These are also some of the same issues that led to the Lac Megantic disaster.  Don’t assume you are meeting your obligations.  Test, retest, and ensure you have tools and plans in place to ensure the safety of your operations.

...
Continue reading
450 Hits
0 Comments

7 Emerging Trends in Disaster Recovery Industry

7 Emerging Trends in Disaster Recovery Industry

For most business executives, finding a way to keep their businesses running even in the event of a disaster cannot be overstated. In fact, disaster recovery and business continuity are fast becoming the most important IT conversation that business leaders are having to discuss with their staff as well as train them on the protocols to follow when a disaster strikes. On average, business organizations take 1-9 hours to recover from a disaster. Each hour costs an average of $700,000.

In any disaster recovery procedure, the first few minutes and hours after a business system crashes are extremely crucial. For most enterprises, the rest of the recovery process is determined by how well events unfold in the period immediately after the disaster hits the business process.

Failure to be adequately prepared for a disaster has the potential to wreak havoc on the reputation and financial standing of the organization. What’s more, a poorly managed disaster can scare customers away. A Business Continuity Institute poll conducted by risk experts found that 85% of the people who took part in the survey had concerns that their businesses were at risk of a cyber-attack within a period of 12 months from the time the poll was conducted.

...
Continue reading
1661 Hits
0 Comments

Emergency Response, Disaster Recovery and Business Continuity: Putting Incidents in Context

Emergency Response, Disaster Recovery and Business Continuity: Putting Incidents in Context

You’ve likely heard the terms before and may have a vague idea of their definition, but how do emergency response, disaster recovery and business continuity really work together during an incident? This blog post will walk you through these phases.

 

Putting Incident in Context

You are sitting in your office building and the fire alarm goes off. Following health and safety procedures, you head outside and smell smoke. You can see flames coming from the top two floors of the building. The fire department has arrived and is setting up to put the fire out. Your colleagues are moved away from the building, and anyone who is hurt is treated. You are left to wonder when, if ever, you’ll be able to come back to work.

Within three days your IT group has you set up with a laptop so that you can work remotely. You and your colleagues work together online and through conference calls. Eventually, after the damage to the office is fixed, you get a notice that everyone can return to work as normal.

...
Continue reading
504 Hits
0 Comments

Hyperlink your way to a successful BCP

At KingsBridge our primary focus is developing simple and straightforward business continuity software (our flagship tool Shield). However, we also believe strongly that to develop a useful tool, you need to be using it everyday, just like our customers do. To make this happen, we also do consultingwriting plans, exercising plans and performing gap analyses on existing plans. The gap analysis is always an interesting experience because we see how other organizations have structured their business continuity plans. We can receive hundreds of pages of content to perform our analysis. When the documentation arrives, our first thought is often, how do they find anything in here? They must be flipping pages forever to find the content they need when the plan is activated.

Easy plan navigation is critical to writing your business continuity plan. It’s one thing to ensure your plan includes all the critical plan elements and it is kept up to date. It’s quite another to ensure that everyone can find the information that they’re looking for. How do we manage this in Shield? Hyperlinks!  [READ MORE...]

...
Continue reading
502 Hits
0 Comments

Business Continuity or Disaster Recovery?

Business Continuity or Disaster Recovery?

Business Continuity plan, or Disaster Recovery plan? How do you know which of these you should be writing for your company? Is there even a difference between the two?

The short answer is yes, there is a difference! And it is not intuitive. Most people hear the words ‘disaster recovery’ and assume that the phrase means ‘recovering from a disaster’. Likewise, ‘business continuity’ sounds like it means ‘continuing with business.’ These terms are often misused because the assumed definitions sound very similar. So let’s set the record straight!

Disaster Recovery Plan

A Disaster Recovery plan is not a plan to recover from a disaster. It is the plan your IT department will follow to bring systems back online in the event of an outage. These outages (what we in the industry call ‘incidents’) can occur in a number of different ways and affect a myriad of components. An outage or incident may be the cause of, or it may lead to, a disaster. If you have ever been sitting at your office desk and your email suddenly stops working, chances are your company experienced an incident. The IT department works madly to get your email back online. Then there is a sigh of relief when it works. And email is just one part of it. Access to the internal network, the different software you use, the phone system, and the internet all fall under Disaster Recovery too.

...
Continue reading
723 Hits
0 Comments

Business Continuity Awareness Week 2017

Business Continuity Awareness Week 2017

Mark your calendars! Business Continuity Awareness Week 2017 is next week, May 15 – 19! You may be thinking, “Wow, that’s coming up fast! I’m not ready, I thought I had more time!” Don’t worry! We’re here to help you with some last minute tips and tricks to pull off an educational, forward thinking Business Continuity Awareness Week!

This year’s theme is Cyber Security

The first thing you should know is this; The Business Continuity Institute (BCI) announced this week’s theme as cyber security. In a nutshell, cyber security is made up of the firewalls, technology, processes, etc. that help to protect your business from viruses, attacks, and other wrongful access. Below are a few examples of what you can do to increase its awareness in your organization.

Put up posters

The BCI has six different posters for download on their website – for free. Download some of these posters, print them, and hang them throughout your office. Each poster touches on a different part of cyber security and what your employees can do to stay secure.

...
Continue reading
637 Hits
0 Comments

Orchestration for Disaster Recovery

It’s no longer acceptable to have simply checked a box indicating that you have a disaster recovery plan, or have performed a disaster recovery exercise within the last year that required significant resource investment and more than 16 weeks to plan for. In today’s always on world, with the severe reputational damage that can be caused by an outage at the forefront, many companies need a validated plan that may be fully executed in a minutes notice. As a result, companies are moving towards designing more proactive strategies to fail between sites on a more frequent basis, running production from the failed over site for an extended period of time to verify operations, then failing back to their original state.

For many companies this may seem to be an almost impossible task; however, the very recent introduction of recovery technology in the form of advanced orchestration, which automates and executes the entire recovery run book from end to end, now provides a single pane of glass to govern the complete process. Many companies are now successfully leveraging these advanced designs to not only successfully orchestrate and validate a fail over, but are gaining valuable insight and documented proof of the results for audit and compliance.  

Will your disaster recovery plan do that?

...
Continue reading
647 Hits
0 Comments

Driving Resiliency Through Operational Risk Management

I recently had the pleasure of presenting with a panel of RSA Archer customers on the topic of “Building Resiliency Across the Value Chain" for a Disaster Recovery Journal webinar.  

Two key questions were posed to the 80 attendees. The first question was: “Where is your organization on the business resilience scale?”  The responses were:

 

...
Continue reading
1241 Hits
0 Comments

The price of Cloud Backup and DRaaS

Cloud computing is hardly a new player of the IT world. Its ever-growing market share and popularity within the IT community derives from combining flexible prices with the Always-On Availability of infrastructure resources. It brings out a whole new world of possibilities for your business, while reducing the long-term costs of maintaining your own infrastructure. Yet, despite the obvious cost advantages of moving data to the cloud, pricing is still a top concern, as Veeam discovered from our recent 2016 cloud end-user survey (see chart below).

Are cloud backup and DRaaS affordable?

The answer depends on many factors. A change of mindset is required when thinking about the affordability of cloud-based backup and disaster recovery (DR). Depending on your individual business requirements, cloud backups or even a full Disaster Recovery as a Service (DRaaS) solution can be very affordable, especially considering the money saved in the event of a disaster. The general rule is the lower the recovery time objective (RTO) and recovery point objective (RPO) your business requires, the higher the potential cost.

...
Continue reading
1672 Hits
0 Comments