Many data protection plans simply pay lip service to real business needs. Plans
are often too simplistic, myopic when it comes to specific possibilities,
ill-conceived and incomplete. They make implicit assumptions - about the
availability of people, assets and access, for instance - and these assumptions
go unchallenged.
Approximately 85% of data protection plans fail when first tested. Simply stated,
these plans have fundamental flaws that would prevent recovery from taking place
within the targeted time frame.
Over 50% of data protection plans are never tested. This means that
flaws have not been exposed and the plans will almost certainly fail.
No matter how much forethought is given to data protection, the actual
experience of a disaster bears little relation to the pre-considered
events and to plans developed in relative calm.
Too often data protection plans are based on specific disaster
scenarios and would not withstand scenarios that had not been considered.
It is therefore crucial that plans be as flexible as possible and be
subjected to regular, stringent testing.
Joe Tartaglia / High Caliber Solutions
If there are any topics you would like to see discussed in the future or
if you have any comments, please contact me at
JoeT@HighCaliber.com
Every backup plan must include a way for backed-up data to be moved
off premises to protect against the possibility of catastrophic
data loss due to fire, water damage, natural disaster, theft, terrorism,
etc. They way most medium to small-sized businesses handle this is
by having some responsible person take backup tapes home at some set
intervals (usually weekly). However this method has inherent problems:
People are prone to forgetting to take the tapes off site
Interval between taking tapes off site is normally too big (can your business tolerate losing one week's worth of data?)
Data on the tapes is usually not encrypted and thus not really secure
Possible alternative ways to move backed up data off site are:
Nightly backups across the Internet to secure data center
Data replication either in real time or at frequent intervals to an off site data center
Data replication is a great way to solve this problem but it can be very
expensive. Internet-based backup services are a more cost-effective way
to insure that data is properly protected.
High Caliber offers both data replication and Internet-based backup solutions.
Please contact us if you have any questions.
As discussed in our May, 2004 newsletter,
"phishing" is a term used to describe the methods used by crooks to
trick you into sending them personal information that they can
fraudulently use for their own benefit. These slime balls normally
use what appear to be legitimate business emails and web-based forms
to get you to submit personal information to them. The emails and
web sites are, of course, not legitimate, even though they may
appear to be.
The information collected in phishing scams includes credit card
information, social security numbers, bank account information,
and any other items crooks can use to clean out banking accounts
or benefit from assuming some portion of your identity.
Never submit personal information via an email form or on a Web site in
response to an email or other communication you receive asking you to
update that kind of data. If you ever suspect you are being phished, call
the bank or other company that sent you the email at their standard
customer service number (don't trust a number in the email, look it up in
the book or on your statement) and ask them if it's a legitimate request.
You'll find that at no time do banks or other reputable businesses call or
email you asking you to provide personal information.
Protecting Yourself Against Scumware - ActiveX and Active Scripting
One way to thwart scumware is to place tighter restrictions on the use
of ActiveX and Active Scripting in Internet Explorer (your browser).
To do this:
While in Internet Explorer, click Tools in the menu bar
Click Internet Options
Click the Security tab
Move the slider to a higher setting. If you want to see what this
is actually doing, click the Custom Level button. In the
ensuing dialog box, you will see various setting relative to
ActiveX and Active Scripting.
Handheld devices (e.g. Palm Pilots, other PDA's, smart phones, etc.) have
rapidly become indispensible to many professionals. However, it is amazing
how few people have given any thought to protecting the data stored on them.
Desktops and servers are generally backed up routinely (or at least they
should be!), but what about the frequently-changing data stored on handheld
devices? Without a wireless connection, handheld devices are not directly
connected to the standard "backup" system.
Handheld devices (and thus, the data stored on them) are much easier to
lose or damage than standard PC's and even laptops. In addition, data
changes fairly rapidly on these devices. Ongoing education is necessary to
ensure that users understand how volatile their mobile information is and
how regular backups will help guarantee that sensitive or critical data is
not lost.
The standard "backup location" for handheld devices is a user's local hard
drive. Yet this creates a problem when data is swapped back and forth from
the desktop to handheld devices. If it was not for the standard "syncing"
program that most handhelds feature even the basic address book and calendar
information might never get properly saved.
The problem lies in 1) the storing of applications and data files on handhelds,
which may not be covered by the standard sync programs, and 2) the data being
stored only on the user’s local PC which is often not backed up.
For road warriors or home-based users you may need to use small USB memory
sticks or multimedia cards to transfer data for additional safety.
In a jam, an MP3 player can be used to back up vital data. An Internet-based
backup service might also work for web-enabled devices.
Data is often irreplaceable and can destroy a company or put it ahead
of its competitors. Downtime due to loss of data, recovering data, or
rebuilding outdated files can cost thousands of dollars. That's why
it's critical that no matter where your data is stored you need to know
how to best protect it by backing it up.
Lines of Communication Crucial During an Emergency
During a disaster, your organization must focus on two types of
communication: Communications between people inside your organization
and communications with your constituents (clients, vendors, etc.)
Emergency workers must be able to talk to each other in real-time
throughout the data recovery process. If the disaster is relatively
small, there should be many ways to communicate (e.g. phone, email,
instant messaging, etc.). During widespread disasters (and even
specific smaller ones), you may find yourself quickly in need of an
alternate form of communication.
In addition to traditional phone systems, several vendors, including Nextel
and Verizon Wireless, now offer nationwide "walkie-talkie" services to
provide instant voice connections to both individuals and voice groups.
During an emergency, this can become an invaluable tool in the battle to
keep communication lines open.
Email is another great way to keep everyone in touch. Portable email
devices (e.g. Blackberry, smart-phones, web-enabled PDA's) can allow
your staff to move around as needed while staying in contact with each
other either directly or via email group lists.
Keep in mind that a disaster can quickly render your email servers and
alerting systems useless. If your organization manages its own email,
make sure you have alternate forms of communication or email accounts
with an ISP ready.
Finally, wireless digital access is now commonplace in the United States.
This can allow field staff to access the Internet and corporate networks
when using Windows Mobile Edition devices, laptops, and tablet PC's.
Wireless access can also come in handy if the office is totally inaccessible
or the network is dead. Workers who can access email, perform
data-transmission testing, and otherwise communicate with the world via
mobile devices can help you stay connected to your staff.
However you decide to set up communications, make sure you have multiple
paths and methods in place. Making sure that your staff can communicate
with each other will go a long way toward making sure your data protection
plan can be implemented when everything else is falling apart.