DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 32, Issue 2

Full Contents Now Available!

DRJ Blogs

DRJ | The premiere resource for business continuity and disaster recovery
Brandon Tanner has not set their biography yet

CLIP: The Key to Cutting the Cost of a Crisis

Originally posted on Rentsys Recovery Services' blog.

 

Science fiction writer H.G. Wells said, The crisis of today is the joke of tomorrow. Its true — think about how political cartoonists pounce on breaches and corporate scandals. If youre responsible for crisis management at your organization, however, the cost of a crisis is anything but funny. For example, if you experience a data breach, youre looking at an average total cost of $3.86 million, or $148 per stolen record. Whether youre facing a breach or a public relations fiasco, the key to reducing the cost of a crisis is CLIP:

...
Continue reading
508 Hits
0 Comments

Millennials and Business Continuity: Risks and Opportunities

Originally posted on Rentsys Recovery Services' blog.

Back in 2015, Pew Research found that millennials had surpassed Gen Xers as the largest generation in the U.S. workforce. By next year, millennials are expected to meet a new milestone: the nation’s largest living generation in terms of population.

With that being the case, it’s time to think about how the rise of millennials in the workforce affects your business continuity strategy. Below we’ll explore the risks and opportunities this generation presents.

...
Continue reading
861 Hits
0 Comments

Three Steps to Integrating Cybersecurity With Business Continuity

Originally published on Rentsys Recovery Services' blog.

With cyber threats like ransomware routinely interrupting business operations around the globe, cybersecurity is not just an IT problem — it’s a business risk that needs to be accounted for in the business continuity plan.

But how do you go about doing that? That was the prevailing theme of the Q&A session during a webinar we participated in as part of the Disaster Recovery Journal Webinar Series. Here are some takeaways from the presenters, Eric Thompson, information security officer for Rentsys, and Michael Barrack, managing director at Accume Partners.

Gain Executive Support



The tone from the top drives the success of your business continuity and cybersecurity preparedness. If your organization is going to continually strengthen and insulate itself from all of the likely foreseeable — and sometimes even unforeseeable events — you need to get executive support.

It’s also important for executives to support a culture of collaboration. Business continuity owners, infosecurity officers and business units need to be transparent with each other. Sometimes that means admitting that a process under your control has to be improved. If executives support a culture of transparency, people will be more willing to reveal and troubleshoot problem areas in your organization’s processes. Down the road, this could help the organization mitigate a major vulnerability.

...
Continue reading
2790 Hits
0 Comments

Four Common Weaknesses of WFH for Workplace Recovery

Originally published on Rentsys Recovery Services' blog.

“What will we do if our primary facility is inaccessible? Easy. Our employees will work from home.”

We hear this a lot. If your primary facility isn’t available, it makes sense to have employees work from home. Thanks to the cloud, a work-from-home (WFH) alternate workspace strategy is cheaper and more doable than ever before. But what happens when your entire workforce needs to work from home? It sounds extreme, but we’ve seen it happen.

Before writing off alternate facilities, think about how a WFH strategy would work for your entire business (or branch). Here are the top issues to consider.

Business Processes



For WFH to go smoothly, you must design business processes to accommodate remote work. The three principles of a successful WFH strategy are:

...
Continue reading
911 Hits
0 Comments

How to Plan for Ransomware in 2018

Originally posted on Rentsys Recovery Services' blog.

 

Heart monitors go off simultaneously. Doctors get error messages when trying to access patient records. Then all the computers in the facility go black. The following message appears in scrolling green text:

...
Continue reading
1337 Hits
0 Comments

Three 2018 Business Continuity Predictions

Originally posted on Rentsys Recovery Services' blog.

From hurricanes Harvey, Irma and Maria to the WannaCry ransomware attack, business continuity planners around the nation had several opportunities to put their plans to the test in 2017. In 2018, three words will influence business continuity planning: community, reputation and collaboration. Here are three of our predictions for the upcoming year.

The Increase in Billion-Dollar Weather Events Will Require Businesses to Focus on Community

The 2017 hurricane season proved to be the costliest one to date. Total property losses and economic impact from Harvey and Irma alone are expected to climb as high as $200 billion. The impact of California’s wildfire season isn’t much less — $180 billion — and even before December’s wildfires, 2017 has already made a record as the costliest and deadliest wildfire season in California’s history. According to predictions by Allianz, these billion-dollar disasters will be the new normal.

...
Continue reading
1207 Hits
0 Comments

Need Business Continuity Buy-in? Present It As a Tool for Business Growth

Originally published on Rentsys Recovery Services' blog.

Would you agree that in your organization, management views business continuity planning as a necessary hassle, much like filing taxes? It’s not going to build the business, but you need to do it. That’s one of the reasons business continuity owners constantly struggle to get management buy-in.

The key to getting management’s enthusiastic support for business continuity is to challenge a certain entrenched belief they have about business continuity. It’s mentioned in the previous paragraph, but you might have skimmed over it because it’s usually accepted as fact: Business continuity isn’t going to build the business.

...
Continue reading
655 Hits
0 Comments

Banks: What If You Made These Common Cybersecurity Mistakes With Cash?

Originally published on Rentsys Recovery Services' blog.

“Data is the new currency” is one of the new slogans of the digital transformation. Modern consumers recognize the value of their data, and 67 percent are willing to share more data with banks in exchange for new benefits. Surprisingly, banks don’t always afford sensitive data the same protections they do for physical currency. While PwC’s 2017 Risk in Review report reveals that the financial services industry has strong cyber risk maturity overall, there are a few common mistakes that could be leaving your institution vulnerable. To give you an idea of the gravity of these errors, think of your cybersecurity practices in terms of cash management and physical security.

Transmitting Unencrypted Data Is Like Sending Unsecured Bulk Cash Shipments

Would you ever transfer a bulk cash shipment to a major customer without using their armored carrier service? Not a chance. You know that that decision would not only be a liability for your institution, but it would also put your customer’s assets at risk and breach their trust.

...
Continue reading
744 Hits
0 Comments

This Underutilized Group Could Save Your Business in a Crisis

Originally posted on Rentsys Recovery Services' blog.

 

...
Continue reading
856 Hits
0 Comments

Four Ways to Keep Your ePHI From Becoming a Statistic

Originally posted on Rentsys Recovery Services' blog.

Medical Provider Struck by Hackers!

Insurance Giant Suffers Massive Data Breach!

Millions of Patients Have Data Stolen!

It seems like there are new headlines about data breaches in the healthcare industry every month — if not more frequently. In the last few years, electronic protected health information (ePHI) has become the primary target for hackers, and it's easy to see why.

According to a recent report by Reuters, ePHI fetches 10 to 20 times more than credit card data on the black market. That's why organizations that handle healthcare data are prime targets for data breaches and theft. In fact, 28.5 percent of the entire U.S. population was affected by just two — Anthem and Premera — healthcare data breaches that were discovered in 2015.

Starting to feel a little overwhelmed? Don't worry. Here are five things you can do to keep your ePHI safe from prying eyes.

Encrypt Everything


In 2013, two laptops were stolen from a secure office at a hospital in California. The laptops contained ePHI such as financial information, health conditions and demographic information. Unfortunately, the data wasn't encrypted, so the hospital had to notify 729,000 individuals that their ePHI had been compromised. The hospital implemented policies and procedures to reduce risks to the patients' ePHI, but the damage was already done. Had the laptops been encrypted, the hospital could have protected the information.

recent article by Health Data Management points out that it's easy to encrypt everything, since encryption tools are embedded in current operating systems and come with nearly every device. (If a device doesn't have built-in encryption functionality, that's a sign that it's outdated and shouldn't be used to handle ePHI in the first place. We talk about that more below.) Yes, encrypting all your data costs time and money, but it's a drop in the bucket when you compare it to the cost of recovering from a breach.

...
Continue reading
1063 Hits
0 Comments

Five Ways to Thwart a Cybersecurity Nightmare

Originally posted on Rentsys Recovery Services' blog.

Employees of Hollywood Presbyterian Medical Center received a nasty surprise on February 5 when they discovered that a hacker had infiltrated the network and taken the computer systems hostage using ransomware. In exchange for the decryption key, the hacker demanded 40 bitcoins, which is approximately $17,000. In the interest of restoring the network quickly, the CEO decided to pay the ransom.

The hospital reported that patient care wasn’t compromised, but the incident is yet another example of the sobering prevalence and potential impact of cybersecurity threats.

...
Continue reading
1461 Hits
0 Comments

Why High Availability Solutions Shouldn’t Replace Disaster Recovery Planning

Originally posted on Rentsys Recovery Services' blog.
 
These days the cloud is no longer a no-go for critical infrastructure. In a survey conducted by Infosys last year,81 percent of respondents said they were already or were planning to use mission-critical apps in the cloud within the next two years.
 
With many cloud environments featuring capabilities for high availability, which by definition provide 99.999 percent uptime, how does that affect disaster recovery (DR) planning? If you manage all your applications in a third-party cloud environment with high availability built into the apps’ architecture, does that mean you can nix internal DR plans, procedures and tests?
 
The answer is no, and here are three reasons why.

You Need a Plan for Handling Data Corruption

DR planning is still a key component of the organization’s overall business continuity strategy. It’s important to have a high availability strategy for your critical systems and information, but if your high availability solution replicates errors, your data — while it might be available — would be useless. In that case, you’d need to fall back on your DR plan to recover that system.

Your Employees and Vendors Need a Plan to Follow

 
Even if you’ve outsourced management of critical applications, your employees still need to know what will transpire in the event of a power outage, facility loss or other incident. For instance, where will they work? How will they access the data and applications that are necessary to their job duties?

Your Cloud Provider Needs to Understand Your Environment

 
If you’re using a third party to manage your environment, it’s important to test so the vendor understands your environment. With documented and rehearsed DR plans, the vendor will be familiar with how to react during a business interruption and can do more on your behalf.
 
Although high availability is a key part of protecting your top-priority applications, it shouldn’t replace DR planning. To see what other components you should include in your DR plan,download our checklist.  
4331 Hits
0 Comments

How Do I Get My Data Back If My Cloud Provider Goes Bankrupt?

Originally posted on Rentsys Recovery Services' blog.

It’s a business continuity and disaster recovery planner’s worst nightmare: You wake up to the news that your cloud provider — the one that houses your critical data — has gone under. How do you get your data back?

The scenario isn’t entirely unheard of. In 2013, cloud provider Nirvanix announced it was closing its doors and told customers they had two weeks to migrate their data to another location. This announcement, however, should not have come as a surprise to customers. According to InfoWorld, Nirvanix had been informing its customers that it was having financial difficulties and at one point informed customers and partners that they could no longer upload data to the Nirvanix cloud.
Your provider going bankrupt should not come as a surprise to you, either. Before working with a cloud provider (or any other vendor who manages your critical data), you should assess the vendor’s financial situation as part of the due diligence process. If there are any red flags, proceed with caution.
 
No matter the financial situation of the provider, the contract you sign should have provisions around what happens with your data in the event of bankruptcy, default, etc. These provisions could include arrangements for transferring the data to another cloud environment or copying your data to external media and returning it to you.
 
If a provider won’t add a contract provision that protects you in the event of a bankruptcy, consider looking at alternate vendors.
 
For more guidance on choosing the right cloud provider, check out our post "11 Questions to Include in Your IT Vendor Due Diligence."
3416 Hits
0 Comments

How Far Away Should Your Disaster Recovery Site Be?

Originally posted on Rentsys Recovery Services' blog.

The question "How far away should my primary data center be from my disaster recovery (DR) site?" has plagued DR planners for years. Companies first began seriously examining the role distance plays in DR after 9/11, when the attacks on the Twin Towers caused a large portion of Manhattan to shut down and all the recovery vendor sites filled to capacity.

Unfortunately, there’s no clear-cut answer to this question. Some suggest locating the backup site at least two FEMA-defined regions away, but most people shy away from setting firm guidelines measured in miles.

Instead, the geography should be dictated by the risks related to your organization’s business processes, data and physical location (a business impact analysis should reveal what these risks are). Once you’re aware of the risks you face, you can weigh the benefits and drawbacks of nearby and distant DR sites.

Nearby Disaster Recovery Site


A nearby DR site is beneficial for a variety of reasons. It’s within driving distance, making it easily accessible. If your DR site is nearby and is unaffected by an incident affecting your primary location, you can continue business operations more quickly than if your DR site were hundreds of miles away. In addition, the bandwidth costs are less, and you’re not as likely to experience significant system recovery delays due to latency issues.

However, the benefit of having a DR site within driving distance depends on the locale's risks. If your region is prone to hurricanes, earthquakes or floods, having a DR site in the same region can be risky. For instance, Hurricane Sandy was 1,100 miles in diameter — that’s more than a third of the continental United States. In regional disasters like this, your DR site could be affected by the same event as your primary facility, rendering it useless.

On the other hand, Spokane, WA is a geologically stable area whose biggest threats are wildfire and train derailment. Many businesses in these areas are comfortable with a nearby DR site as long as the site is on a different power grid.

...
Continue reading
5389 Hits
0 Comments

One Thing Your Cloud Provider Could Be Missing

Originally posted on Rentsys Recovery Services' blog.
 
Your cloud solution could be missing something. We’re not talking about bandwidth, security or service level agreements (though these things are all important). We’re talking about customer service. 

Often businesses evaluating potential cloud vendors are focused so much on tech specs that they don’t think about the matter of interacting with the vendor after the contract is signed. Sometimes this isn’t an issue if you’ve chosen a good provider. Other times, however, you might find that getting the support you need is like pulling teeth.
 
The following three categories can help you identify if a potential service provider will be a help or hindrance to meeting your data and application management goals.
 
Listening Skills
 
Are the cloud provider’s representatives trying to sell you services you don’t need, or are they dedicated to helping you build a backup solution that’s right for you? To get the most value out of your cloud solution, you need to make sure you’re not paying for products and services that you won’t use or that don’t do what you need them to.
 
Technical Assistance
 
What type of technical assistance does the provider offer? Support options could include self-service, phone support, on-site, in-house, outsourced or a combination.
 
It’s also important to know when assistance is available. Is the support provider — whether it be your vendor or a third party — only available during business hours? Is the company in the same time zone as you? Be sure to find out what level of support to expect and make sure you’re comfortable with it.
 
Technician Certifications
 
Knowing who will be offering your support can be almost as important as knowing the type of support you’ll receive. If you’re using a managed cloud service, are the people who will be handling your data certified engineers? Even if you manage your own data, will you have access to qualified help desk agents to resolve any issues?

Working with the right vendor can make a world of difference in how effective your cloud solution is for your business. To read more about best practices for implementing a cloud solution, read this post.
1225 Hits
0 Comments

Freight Trains and Chemical Spills: How to Prepare Your Business

Originally posted on Rentsys Recovery Services' blog.

At the beginning of this month, a train carrying the flammable, toxic chemical acrylonitrile partly derailed and caught fire near Knoxville, TN, forcing 5,000 people to vacate the area.

A few days later, July 6, marked the two-year anniversary of the oil train derailment and subsequent explosions in Lac-Mégantic, QC, which killed 47 and forced 2,000 people to evacuate their homes.

...
Continue reading
1680 Hits
0 Comments

11 Questions to Include in Your IT Vendor Due Diligence

Originally posted on Rentsys Recovery Services' blog.

Outsourced IT is nothing new, but as Verizon Wireless’s recent report "Better Outcomes for IT Outsourcing" points out, digital transformation is changing the face of outsourcing. Customers want flexible service delivery models, ways to improve inefficient processes and spending models based on opex versus capex.

But with the rise of cybersecurity issues, tightly wound supply chains and customer expectations for always-on service, you need to make sure that any vendor with access to your data and systems is fully vetted. Before you involve any third party in your IT processes, make sure you know the answers to these questions:

...
Continue reading
2288 Hits
0 Comments

Cloud Vaulting Doesn’t Always Equal Disaster Recovery

Originally posted on Rentsys Recovery Services' blog.

One of the key benefits of cloud services is that they enable faster and more cost-effective disaster recovery (DR). So once you've selected a cloud vaulting service and your data is tucked safely into the cloud, you can check DR off your to-do list, right? Not necessarily. 

While cloud vaulting solutions can lend themselves to a DR strategy, simply sending your data to the cloud isn't enough. There are a few components you need to look for to ensure your cloud solution has what it takes to meet your DR goals.

...
Continue reading
1571 Hits
0 Comments

Why the Desktop-as-a-Service Market Is Growing

Originally posted on Rentsys Recovery Services' blog.

Xaas cloud solutions are infiltrating the tech world: infrastructure-as-a-service, software-as-a-service, platform-as-a-service, desktop-as-a-service (DaaS) and so on. Of these, DaaS probably spends less time in the spotlight than its counterparts, but it's nevertheless gaining in popularity.

Last year, according to 451 Research, the market for virtual desktop infrastructure (VDI), which is the foundation for DaaS, grew 30 percent in the span of a year. It's expected to repeat that growth pattern through 2017. 

...
Continue reading
2936 Hits
0 Comments

Backing up Your Files for Disaster Recovery Isn’t Enough

Originally posted on Rentsys Recovery Services' blog.

If you’re not an IT person but are involved in business continuity and need to be familiar with your business’s disaster recovery (DR) plan, how do you know if your organization is using the right data backup and recovery solution? The specific answer will vary based on your organization’s size and industry, but one thing holds true for all organizations: You need a solution that can back up your environment, not just your files. We’ll explain why.

File-Sharing Services

...
Continue reading
2462 Hits
0 Comments