DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 32, Issue 3

Full Contents Now Available!

DRJ Blogs

DRJ | The premiere resource for business continuity and disaster recovery

Backup & Disaster Recovery: Necessary for the Enterprise

Backup & Disaster Recovery: Necessary for the Enterprise

In the pursuit of efficiency and optimization, enterprises transcended the paper era and entered the digital era. The workspace is no longer the same anymore. Instead of a ton of office equipment, a single desktop computer and/or a laptop is more than enough. Utilization of digital equipment led to the generation and continuous growth of digital data; which in turn led to the requirements and innovation of data storage: on-premises at first and then enterprise cloud storage later.

Enterprise Cloud Storage: Empowering Productivity & Work Efficiency

By using cloud based storage, enterprises considerably improved productivity and increased work efficiency. Instead of a sequential workflow, the cloud facilitates parallel workflows. And with the cloud, accessibility is made simpler and faster. Instead of working from a single workstation, staff can operate without geographic limitations or time restrictions. This has enhanced the ways enterprises function and operate.

Continuous utilization of cloud environments has generated data lakes for enterprises. Due to the block level storage of the cloud, scalability is simplified and accommodating to the big data generated by industries. However, with the large amount of data and the enterprise reliance on this data; it becomes equally important to acquire capable and reliable means of backing up and recovering this data.

...

Minimizing Downtime: How Training Keeps Your Employees Productive After A Disaster

Minimizing Downtime: How Training Keeps Your Employees Productive After A Disaster

Originally posted on Alertfind's blog.

We all know that disasters and other unplanned business disruptions lead to downtime. The length of that downtime may well determine whether or not your business ever reopens its doors. Don’t let your organization get caught unprepared. Part of any emergency preparedness plan must include a recovery plan to minimize downtime after a disaster.

The Cost Of Downtime

It may seem small – a temporary network crash, a leak that causes the office to close for two days – but instances of downtime have a direct and far-reaching impact on your bottom line.

Can you afford to lose $100,000? Because, according to an ITIC study, that is the average cost of a single hour of downtime. One hour. While your organization’s actual cost of downtime will likely differ from the average, as it is dependent on many factors, it is still a price you want to avoid paying if at all possible.

...

Business Impact Analysis: How Long Do You Have After A Disaster To Recover Before Your Business Fails? An Interview With Robert Clark

Business Impact Analysis: How Long Do You Have After A Disaster To Recover Before Your Business Fails? An Interview With Robert Clark

Originally posted on Alertfind's blog.

Robert Clark, business continuity consultant and BCI-approved trainer with more than 40 years of business continuity experience, and Graham Thompson, Business Continuity Analyst for AlertFind, recently discussed why organizations must create and regularly audit their business impact analysis if they want to avoid business disruption or even bankruptcy after a disaster.

Robert and Graham offer expert advice on how business continuity, emergency preparedness and disaster response managers can ensure they’re protecting their organizations from disasters ranging from hurricanes and wildfires to insider threats and terrorism.

Join Robert Clark and Graham Thompson as they continue this conversation and answer your questions live on February 7th.

...

How flexible is your BCP?

How flexible is your BCP?

As Business Continuity professionals, we see a lot of plans. We develop plans for our clients, we help mentor clients on how to build their plans themselves, we review existing plans for gaps, and we audit plans. One consistent concern across all plans, regardless of their size, is it a flexible BCP. At what point is your plan too rigid? How do you know if you have just enough – or too much – information? Do you need responses for every single type and depth of scenario out there? If you don’t know the answers to any of these questions, don’t worry, we’re here to help!

What do we mean by flexible BCP?

For the purposes of this post, we are talking about how well your BCP allows you to adapt, and appropriately respond, to different types of incidents. You should be able to use the same BCP to respond to a fire, a train derailment, a power outage, or an active threat. This might seem a bit daunting; how can one plan possibly respond to all of these things? Simple! The answers are in your plan content and structure, and training.

 

Plan content and structure

Two key areas of a flexible BCP are in the response and recovery steps, and the supporting documentation. The response and recovery steps document exactly what steps you need to take when an incident occurs. But, these steps do not need to be so detailed that they are difficult to follow. For example, one of your steps might be “Inform vendors of the incident and provide temporary instructions.” You do not need to then list the name of every vendor you need to contact for every type of incident. Simply include a reference to your vendor database. That way, you select which vendors you contact depending on what has been impacted by the incident.

...

Why Data Protection And Recovery Must Be Part Of Your Business Continuity Planning

Why Data Protection And Recovery Must Be Part Of Your Business Continuity Planning

Originally posted on Alertfind's blog.

From laptops to data centers, information technology is an integral part of modern business operations. Many businesses would find it difficult, if not impossible, to function if their information technology went down. So, for a business continuity plan to succeed, it must include an IT disaster plan with detailed processes for data protection and data recovery.

Data protection is the process of safeguarding important information from corruption, compromise or loss. Data recovery is the process of restoring data that has been lost, accidentally deleted, corrupted or made inaccessible. Your business continuity plan must cover both.

A hard-drive or a server may seem like a tiny thing when compared to a business’ physical inventory, but when a business’ IT infrastructure is damaged, the economic losses add up quickly.

...

15 Factors Every Disaster Recovery Audit Must Include

15 Factors Every Disaster Recovery Audit Must Include

Originally posted on Alertfind's blog.

If the disaster recovery strategy at your business includes “set it and forget it,” you’re not alone. Only 40% of companies test their disaster recovery plans once a year, and more than 25% of organizations test “rarely or never.”

This is a problem for a variety of reasons: your business changes, the threat landscape changes, available solutions change, your IT infrastructure changes, personnel change – in short, you’re facing a dynamic landscape that never stands still, even if your disaster recovery plan does.

The solution? Audit your disaster recovery plan thoroughly and regularly to test for performance, efficiency, cost and overall effectiveness.

...

False Alarm in Hawaii: An Emergency Expert’s Thoughts

False Alarm in Hawaii: An Emergency Expert’s Thoughts

Following the news of Hawaii’s false ballistic missile alert on January 13, 2018, we sat down with crisis & emergency management expert and General Manager of Business Resilience at Resolver, Kevin Hall, to get his thoughts on what went wrong and why.

...

Be Prepared with a Dynamic Incident Response Plan

Be Prepared with a Dynamic Incident Response Plan

by Robert Good, Sales and Client Services, BC in the Cloud

Many companies are required to have a Business Continuity Plan in place for compliance reasons, but it makes good business sense to also make sure you have a functional plan to help you recover from an incident as quickly as possible.  Whether it is a hurricane, wildfire, active shooter, or cyber-attack, you can minimize the impact on your organization with a Dynamic Incident Response Plan.

...

Is Local Validation and Verification Enough When Assessing Potential Cyber Attacks?

Is Local Validation and Verification Enough When Assessing Potential Cyber Attacks?

The ability to proactively monitor and scan a production environment to determine the existence of cyber activity has been drastically increasing as new tools and techniques are becoming more sophisticated and available throughout the marketplace. These capabilities, combined with more frequent backups and remote isolation of system and data copies, have provided a strong defense against cyber interruptions for known entities that may compromise a business.

But is this enough, and how are we protecting against the unknown, future attacks that may be hidden from view and go unnoticed for extended periods of time, until such time that they are invoked and severely impact operations?    

For the most part, in addition to standard security protocols for continuous monitoring and checking of the production environment, cyber resilience is defined as a process to ensure adequate backups or point in time copies of the data are frequently captured and sent to an isolated, remotely managed environment that is separated from the primary production site. These ‘protected copies’ are critical should an intrusion be encountered, for use in responding to the attack and required for rebuilding the infrastructure and/or repopulating the data that may have been corrupted or compromised.

...

How to Plan for Ransomware in 2018

How to Plan for Ransomware in 2018

Originally published on Agility Recovery’s blog.

How will you respond when ransomware targets your business? We say “when” because 71 percent of cybersecurity experts believe there’s a moderate to extreme possibility their organizations will experience ransomware attacks in the next 12 months.

Here are our top recommendations for protecting your data against ransomware in 2019.

...

Your Cloud Backup Deployment To-Do List

Your Cloud Backup Deployment To-Do List

Cloud is becoming more mainstream and many enterprises and small to mid-size businesses are profiting from its benefits. However, rushing in to cloud backup can lead to a troublesome situation.  There are several questions that need answers and numerous variables need to be considered before migrating.

Before choosing an efficient backup and disaster recovery plan, you need to evaluate on the following three basic variables:

  • Access Management

One of the biggest concerns pertaining to cloud based backup is who is capable of accessing the stored data? Access management is a big question and in light of a recent survey which stated that more than 60,000 sensitive files of the U.S government were publicly accessible; the concern is well founded. This is why it the first thing enterprises need to consider and evaluate on. There are numerous solutions being provided that can handle access management efficiently such as Amazon Macie.

...

Three 2018 Business Continuity Predictions

Three 2018 Business Continuity Predictions

Originally posted on Rentsys Recovery Services' blog.

From hurricanes Harvey, Irma and Maria to the WannaCry ransomware attack, business continuity planners around the nation had several opportunities to put their plans to the test in 2017. In 2018, three words will influence business continuity planning: community, reputation and collaboration. Here are three of our predictions for the upcoming year.

The Increase in Billion-Dollar Weather Events Will Require Businesses to Focus on Community

The 2017 hurricane season proved to be the costliest one to date. Total property losses and economic impact from Harvey and Irma alone are expected to climb as high as $200 billion. The impact of California’s wildfire season isn’t much less — $180 billion — and even before December’s wildfires, 2017 has already made a record as the costliest and deadliest wildfire season in California’s history. According to predictions by Allianz, these billion-dollar disasters will be the new normal.

...

Leverage the holidays to refine your BCP

Leverage the holidays to refine your BCP

Demonstrating return on investment is one of the main barriers to launching a new Business Continuity Plan (BCP) project. Many organizations have difficulty justifying the expense of building a BCP and funding it’s maintenance over time. A healthy organization that has never experienced an interruption may focus on the real possibility of a zero ROI. If an organization is able to dodge the proverbial bullet, it’s true, the project may never yield much return. However, even in the case of extreme luck, there are three distinct ways that a BCP helps you with non-emergency operations in your organization.

1 – Holiday BCP

With the holiday season upon us, business closures can be a difficult puzzle to solve. Whether in the manufacturing or service sector, it can be tough to determine how to shutdown and restart the business. Add in the need to share these impacts both inside and outside of the organization and this task can seem enormous. Thankfully, a solid BCP will give you the information you need to make this happen. The BCP tells you which critical processes need the most attention; it includes instructions for internal and external communications; and it lists all critical vendors, suppliers and customers that may need special attention. The BCP acts as a manual of steps for a short term holiday closure. The New Year will ring in the return to operations-as-usual.

One important item to note is that using the BCP in such closures serves as a plan exercise. This will help identify any pitfalls in the plan and inform the next iteration. Exercises ensure your plan becomes an even more robust and useful resource.

...

7 Lessons Learned from Hurricanes Harvey & Irma

7 Lessons Learned from Hurricanes Harvey & Irma

Written by: Kevin Hall, General Manager of Business Resilience, Resolver

Organizations without an adequate emergency management plan learned a hard lesson in late August and September of 2017. Hurricane season of 2017 showed its might, and while most businesses will never experience a single hurricane in their lifetime, some dealt with four hurricanes in almost as many weeks. Hurricanes Harvey, Irma, Maria and Nate were some of the strongest storms in recent history, causing significant damage and widespread devastation across the United States and Central America.

As Resolver provided counsel and solutions to our customers during these record setting storms, I wanted to share some insight that may help you prepare for future disasters.

...

Efficient Disaster Recovery as a Service

Efficient Disaster Recovery as a Service

The future has been integrated to give utmost importance to business continuity. The various models of data protection and disaster recovery are starting to be prioritized as data generation is growing daily. In order to meet the data protection disaster recovery requirements now and in the future, storage is needed that is automated. Such storage will facilitate disaster recovery and data protection processes and testing, offload IT staff and enable the firms to better support DevOps needs and private cloud. An example of such storage is the efficient cloud storage provided by Microsoft Azure storage.

Technology and DRaaS: Efficiency and Reliability

Cloud service providers have to provide cost-efficient backup which is lined with maximum resource utilization for greatest performance. To offer disaster recovery as a service (DRaaS), however, the service provider may have to over provision storage to satisfy customer needs in case of a failure. Moreover, different demands of customers require a cloud storage service provider to provision different storage systems for each customer.

...

The Wizard comes to life!  Interactive tutorials help you get to know SHIELD

The Wizard comes to life!  Interactive tutorials help you get to know SHIELD

At KingsBridge we recognize that, while we use SHIELD every day and are very familiar with its layout, you have other competing priorities.  When you do have a chance to log in, you might need a couple of minutes to refresh your memory as to where to find everything.  Wouldn’t it be nice if there was something (or someone) who could lead you through the process?  In our ongoing effort to make BCP Simple and Straightforward, we’ve introduced the SHIELD Wizard!

If you’re also responsible for maintaining the business continuity program in your organization, you have added responsibilities!  In addition to maintaining the plan so it is ready in the event of an incident, you’re also responsible for making sure everyone else can access the plan.  Let the SHIELD Wizard take some of the load and step your teams through mundane things (like resetting their password).

The SHIELD Wizard is your Business Continuity Planning (BCP) assistant.  The Wizard is available 24/7 to make sure you (and your teams) get the simplest functions completed with the least amount of uncertainty possible.  If you are building/updating your plan and want to know how to upload your personnel data, just follow the Wizard.  Simply click on the blue question mark in the corner, select “Uploading Personnel to the Personnel Table” and follow the prompts.  Before you know it, your personnel table is up-to-date with no videos to watch or manuals to read.  The Wizard stepped you through the process and your task is done in seconds!

...

Social Media in Business Continuity

Social Media in Business Continuity

Social media is everywhere. It’s in coffee shops, at tourist attractions, even walking down the street. People are constantly cataloguing what is happening in their lives on social media with photos, news articles and trendy hashtags. And this is especially true when emergencies arise. Loved ones reach out, asking if they are ok. Photos still get taken, and sometimes the event is live-streamed as it occurs. With 2.06 billion Facebook users and 328 million Twitter users worldwide,* that’s a LOT of news going out! So what is the place of social media from a business continuity perspective? What should companies and employees be doing, and not doing, on social media during and after events?

Like most things, social media has pros and cons. This is especially true within the context of business continuity. As a reminder, business continuity and emergency response are not the same thing, but they also must work together to be successful. Allowing certain things to happen during an emergency may set an unwanted precedent for the business continuity response. So, let’s start with the cons.

 

...

Need Business Continuity Buy-in? Present It As a Tool for Business Growth

Need Business Continuity Buy-in? Present It As a Tool for Business Growth

Originally published on Agility Recovery’s blog.

Would you agree that in your organization, management views business continuity planning as a necessary hassle, much like filing taxes? It’s not going to build the business, but you need to do it. That’s one of the reasons business continuity owners constantly struggle to get management buy-in.

The key to getting management’s enthusiastic support for business continuity is to challenge a certain entrenched belief they have about business continuity. It’s mentioned in the previous paragraph, but you might have skimmed over it because it’s usually accepted as fact: Business continuity isn’t going to build the business.

...

Disaster Recovery in Microsoft Dynamics 365

Disaster Recovery in Microsoft Dynamics 365

When Amazon Web Services (AWS) stopped working earlier this year, the internet panicked. A while later, the company reported that the outage was caused by a typo. According to an estimate published by the Wall Street Journal, the outage which lasted for over three hours saw business corporations in the S&P index lose a whopping $150 million. What’s more, Apica Inc., a company that monitors websites reported that the $150 million typo also caused 100 websites of the top retailers online a performance slowdown of over 20%.

Events like this while rare, they remind everyone of the undisputed significance of disaster recovery. Without well laid out disaster recovery protocols, a failure on one side of the web can have devastating effects across the internet. For any enterprise, the greatest fear in the event of a disaster is the deleterious effect the outage has on its customers. This perhaps explains in part why customer relationship management (CRM) market has been on a steady growth path in recent years. According to Gartner, the CRM market is estimated to be worth $36 billion today.

A section of CRM industry watchers strongly believes that Microsoft Dynamics 365 is the future of customer service. Microsoft is investing heavily in the cloud, the clearest indicator that the multinational predicts considerable growth of its cloud business. Available statistics estimate that Microsoft Dynamics CRM market will be worth €1.1 billion (approximately $1.3 billion) by 2019. As this market grows, the demand for dynamics CRM consultants will rise and Microsoft Dynamics 365 features like disaster recovery could become the industry standard in customer service management, financial management, operations management, marketing, etc.

...

Increase your Business Continuity Profile

Increase your Business Continuity Profile

Business Continuity Profile

It’s one thing to have a business continuity plan, but it’s another to make sure your staff know about it.  Those involved in writing the plan and the core members of recovery teams are likely aware of the plan.  This is great, but what about everyone else in the organization?  When bad things happen, will the staff know the company has a plan in place?  Will they know they have a role? Will they know how to quickly (and easily) access the plan so they can assist in the recovery?  In short, once you have written the plan, you have to raise the business continuity profile to a level where everyone knows about it.

While it's great the say "raise the business continuity profile", but how do we do that without a time-consuming training initiative?  Here are 6 resource-light ways to elevate the business continuity profile in your organization:

Add BCP to new staff orientation

Most companies have some sort of orientation process for all new employees.  This is a perfect opportunity to share information about the business continuity plan and who to contact should they have follow-up questions.  This is the time to capture after-hours contact information, and emphasize the need to keep the information current.  Be sure that new employees know that this is how you will reach them after hours, if needed.  If they are reluctant to provide the information, ask them if they would prefer the company notify them that the office is closed, before they leave home, or after they arrive at the office in the morning.  This is often enough to convince them!

...