Quickbooks

The Biggest Backup Mistakes Businesses Make

March 22, 2019 by securewebsite

Companies rely heavily on technology for their day-to-day operations – from customer service and ordering to manufacturing and accounting. Consider the technology, from hardware to software, your business uses to keep it moving forward every day. Now imagine what would happen if something went wrong and it stopped working. Whether a virus has paralyzed your operating system or a hacker has infiltrated your network, could you recover quickly to keep your business functioning? How will you recover lost data files crucial to your daily operations?

Disaster scenarios are not anomalies. Unfortunately, it happens on a regular basis and can have serious implications for businesses. This is why backup is so imperative to today’s business operations. While you may be thinking that you’re covered because your business has data backup, you might be surprised to know that this may not be functioning the way you think it is. There are several mistakes modern organizations make when it comes to data backup that every business owner should know about how to stay on top of their business backup.

Know What You Need

According to a piece in Small Business Trends online, more than half (58 percent) of small businesses are not prepared for a data loss. The article goes on to show that 140,000 hard drives fail in the U.S. each week. That’s right. Each week. Furthermore, it states that 60 percent of small to medium businesses that lose their data shut down within six months of the loss.

“On average, small companies lost over $100,000 per ransomware incident due to downtime,” according to an online article by CNN Business. “For one in six organizations, these attacks caused 25 hours or more of downtime.”

Businesses need to understand the massive impact system failures, regardless of the cause, can have on their operations. One of the first things business leaders should do to properly prepare their backup and disaster recovery (BDR) plan is ask themselves the following questions:

What data is mission critical to my business? Consider customer records, inventory, accounting, etc.
Where is that data stored, which systems run those applications, and how is it currently being backed up? Think about where business critical data is being stored, how often it is being backed up, and if your company regularly tests its backup systems.
How much data can my business afford to lose and how much downtime can it handle without long-term consequences? The answer to this question is your recovery time objective (RTO). How long can your business go without being able to process sales, manufacture products, provide services, pay employees, invoice clients, etc.? How quickly do you need to be able to rebound from such a disaster to prevent a loss of revenue, clients, and reputation?

The answers to these questions will help you outline the backup and disaster recovery needs specific to your business. Your IT manager should be able to answer all of these questions. If you don’t have an internal IT manager, a professional third-party IT vendor such as ORAM Corporate Advisors can help you formulate and implement a BDR plan that works for your business.

Cover Your Cloud

Another big mistake people make is not backing up what they have stored on the Cloud. The Cloud is not just some empty space where things are stored. It is actually a third-party storage option. In other words, instead of storing things on your own server, your things get stored on someone else’s server.

You need to ensure that you don’t forget to back up your Cloud email, storage, and files. I would not trust a third party to maintain that data for me. At ORAM, we recommend Backupify as a terrific back up option for everything you have on the Cloud.

Though you have stored all of this information on the Cloud, backing up that data is important for a variety of reasons. First, you may need to back up that information to meet industry standards or government regulations. You also want to be prepared in the event your business is attacked by a virus, ransomware, or other hack. Additionally, there are disasters that can unfold such as earthquakes, hurricanes, fires, and others that are beyond your control that can negatively impact your data. Internal threats such as disgruntled employees can compromise data that is imperative to your business as well by simply deleting it. Backing up your software as a service (SaaS) avoids, or at least reduces, the impact of such devastating crises.

Testing, Testing, Testing

One of the biggest backup mistakes people make is not testing their backup systems. Businesses will install applications or programs and let them go to work. They fail to define what exactly is being backed up and then they never test it.

For example, consider some of the online services businesses use such as Carbonite. Back in the day, Carbonite didn’t back up their QuickBooks files. People would install the software on their computers and think everything was backed up but, lo and behold, it wasn’t. Databases, like QuickBooks, were not getting backed up because the file was constantly in use by other software, therefore, they weren’t able to take a snapshot to back it up.

To date, some backup programs like Carbonite don’t backup everything you may need to have restored in the event of a disaster scenario. While some software is very good at backing up common files such as documents, photos, and spreadsheets, they can fail to backup less-common file types such as secondary files or files larger than 4GB. When it comes to backup, this could put a real damper on your business operations should the worst happen.

Backup testing should be fully automated so as not to pull human resources away from your business operations. The automated system should test backup and restoration services for the following:

Virtual Machines
Applications
Databases
Individual Files

Ideally, your automated backup testing should occur each time your system is completely backed up though this rarely happens. Backup testing should happen on a regular basis not only to ensure that backup is happening as it should but also that it can handle the additional data your company is creating as your business expands.

Additionally, testing should do more than just check that your data is being backed up. It should also test your recovery so you have information about the length of time you can expect to be down if your system is struck by disaster. This allows you to be specific with your clients, partners, and others about when they can expect your systems to be functional again rather than giving an arbitrary message that your system will be up and running again “soon.”

Backup Everything You Need

Another thing I would say is a backup mistake people make is not taking a full snapshot of their environment. As an example, for a long time people did file-based backup. They simply backed up the files on their computer. In reality, you don’t want to backup just the files on the computer.

Using an old-school analogy, you want to put the tape in the VCR and hit play. That’s what we call a snapshot. We say, “Ok. This device has failed. Let’s do a restore to a point in time and then we can just go from there.”

In the era of ransomware, crypto viruses, and other threats to business operations and data, you want your business to be able to be back up and running as fast as possible. Whether it’s a server or a computer, you need to be able to hit that VCR play button for a certain point in time. This allows the business or the person to move forward as fast as possible.

This environmental snapshot is important. Statistics from World Backup Day, which occurs on March 31 each year, shows one in 10 computers is infected with viruses each month yet 30 percent of people have never backed up their data. This statistic alone demonstrates the importance of having automated backup software such as Mozy working on a regular basis to protect your business.

How can these mistakes be avoided?

The best way to avoid these common business backup mistakes is to ensure you have proper procedures in place that meet the specific requirements of your business and that they are functioning properly. Confirm that your business network is backing up weekly and consistently test a full restore of your systems to ensure that everything is backing up, so you never have to worry. Check to ensure that your data is not only being backed up regularly and backing up everything, but be sure that your recovery plans are functioning smoothly as well.

Be sure to do your homework when looking for the best backup and recovery plan for your business. PC Magazine put together a piece in January, “The Best Cloud Backup Services for Businesses for 2019” with a full chart of backup software options in the Cloud. The chart compares various software with ratings for everything from price to encryption in transit and regulatory compliance.

Check with your internal IT manager or consult with a third-party IT vendor such as ORAM Corporate Advisors to make sure you have the right processes and procedures in place. This third-party consultant can also help you with regular testing to make sure your network is backing up as it should and that your recovery system is also functioning effectively and efficiently. They can make software recommendations based on the unique needs of your business. For many businesses across several industries, such testing can also achieve regulatory compliance requirements as well.

If you have questions about developing a backup and disaster recovery plan, implementing it, or for testing, please call the experts at ORAM at (617) 933-5060 or contact us online. Schedule your free initial consultation today to achieve your IT goals within your budget.

Moving Enterprise Resource Planning Applications to the Cloud

March 15, 2019 by securewebsite

Many small businesses use a variety of applications from QuickBooks to Salesforce to handle the needs of company operations. Though larger businesses can use the same mishmash of applications, most have moved to a single Enterprise Resource Planning (ERP) application that meets the same needs but in a single application. With such an excellent resource available, most companies are now focused on moving their ERP apps to the Cloud.

Keeping Up with the Times

As technology has grown and we have become more mobile as a society, the ERP software is moving to the Cloud for improved access and speed. Hosting the ERP in the Cloud makes the app more user-friendly for a dispersed work environment. In other words, by hosting its ERP application on the Cloud, a company can share the benefits of the application with a distributed workforce. Individuals and departments in different locations such as remote employees, branch offices, and salespeople in the field can access the ERP quickly and effortlessly.

While ERP applications are big software that can be cumbersome and are often cost-prohibitive for small businesses, larger businesses have realized the many benefits a single application has to offer. For starters, an ERP can fully integrate all aspects of sales, production, human resources, accounting, and more under one application. Rather than deal with eight to 10 applications to handle business like most small companies, large companies can work with a single ERP application.

Additionally, ERPs build workflows that eliminate jobs as the various modules can “talk” to one another to complete multiple phases of a project that once took many people. For example, the manufacturing module of an ERP can communicate with the accounting module to signal that a product has been finished so the client can be automatically invoiced. With processes locked into place, it requires fewer people to handle operations meaning companies can save money on manpower.

Benefits of Moving ERPs to the Cloud

Savvy small businesses transitioned their apps to the Cloud long ago in the form of Software as a Service (SaaS). This allowed small businesses to work more nimbly while adapting faster to changing technology and our modern mobile society. The ERPs of the past often slowed larger companies down when it came time for such technology and working world adaptations due to their sheer size, much like turning the Titanic versus a tugboat.

The good news is that as larger ERPs have improved over the years, there’s been a push to move them to the Cloud. No longer do companies have to bog down their networks and limit employee access by hosting their ERPs locally. Today, moving business ERP apps to the Cloud offers many benefits including:

Faster Access to Business Systems
Ease of Management of the ERP
Simple Access for a Remote and Distributed Workforce
Allows for Unhindered, Seamless Growth

Transitioning to the Cloud

At ORAM, our advisors caution companies to avoid biting off more than they can chew when transitioning their ERP application to the Cloud. We highly suggest moving one department at a time after serious transitional planning. The order of operations and departments that are moved to the Cloud will depend on the unique needs of each company.

The biggest mistake businesses make as they transition their ERP apps to the Cloud is the lack of accounting for on-premises and legacy systems. Most companies have older systems in place they still utilize that need to be able to connect with the ERP once it is moved to the Cloud. For example, if a company has a large envelope printer from 1984 it still uses, that legacy system needs to be able to communicate with ERP to continue business operations without interruption.

The way to best approach moving ERP applications to the Cloud is with much discussion, forethought, and planning. You’ll need to look at your overall business workflow and operations. Employees on the front lines in each department can offer insights into processes, procedures, regular deadlines, and operations that may impact your transition plan.

In addition, consultants like those at ORAM can offer assistance with proper planning. Should your business require assistance in transitioning its ERP application to the Cloud without negatively impacting your business, the experts at ORAM Corporate Advisors can help through our consulting services. Call us today at (617) 933-5060 or visit us online.

The Dark Web: What it is, how it impacts your organization, and ways to protect your business

October 19, 2018 by securewebsite

The Dark Web sounds like the name of Hollywood’s latest horror movie. In reality, it is something much scarier. It can rob your business, negatively impact employees, and shutter companies.
While you can’t see it, the Dark Web is a huge threat to the stability and continuity of business. Knowing what it is and why it is threatening is the first step to protecting what you have built with hard work and dedication. Here is what you need to know about the Dark Web, why it’s so dangerous, and ways to best protect your organization.

What is the Dark Web?
The Dark Web is the shady side of the World Wide Web. Digital communities on the Dark Web are accessible with special software that allows users and those operating dark websites to remain anonymous and untraceable. While it offers some legitimate uses, it is estimated that more than 50 percent of all sites on the Dark Web are employed in criminal activities. This can mean everything from the theft of digital credentials to their disclosure through sale.

Your Credentials
Digital credentials such as usernames and passwords keep you and your employees connected to critical business applications, email, and other online services. Criminals know that if they can get those credentials, they can access everything from your business’s list of clients to your trade secrets and funds. This means digital credentials are some of the most valuable pieces of information floating around the Dark Web.

Credential Theft
Criminals steal credentials from login information for social media platforms such as Facebook to dates of birth and credit card numbers. The problem is that many individuals and companies often fail to realize their credentials have been stolen until it’s too late.

In more than 75 percent of cases, it is law enforcement or another third-party that notifies a victim that something is amiss. By then, it’s usually too late to prevent data theft or a serious breach that could stop your company in its tracks, lead to a loss of customers, or even bankrupt your business.

Human Resources and Payroll
Your business relies on its human resources and payroll department(s) but these valuable individuals are some of the biggest risks to your organization’s digital security. When they utilize their work email to access websites and programs such as ADP, Paychex, and Ceridian, it can open the door for criminals who have stolen their credentials.

Cybercriminals can use their stolen information to heist the personally identifiable information (PII) of other employees, access payroll information, and even steal from the company coffers. Such breaches can also lead to other criminal activity such as the identity theft of employees or customers.

Client Relations Management
The client relations management (CRM) tool your business uses allows you to communicate seamlessly with your customers. This is great for your business and it’s great for cybercriminals, too.
Pretend for a moment that you have used the same password for your eBay account as you do for your business’s HubSpot. If a hacker steals your eBay credentials, they can access your business’s HubSpot. They can now send an email to your clients pretending to be you. The hacker can ask your clients for anything they want from money to their PII. This can ruin your name and reputation with your clients and within your industry as well as that of your company.

Communications
Another risk lays in your company’s communications from Verizon to Adobe and T-Mobile. For example, if someone wants to hack your AT&T account, they may be able to reveal your payment information from a bank account or credit card. Now they have access to your accounts and can steal money from you and/or your business. Using your mobile number, they can also spoof text messages, reset your bank account password, and access your cash as well as other websites, social media platforms, and other apps you utilize.

Business tools such as email services can also become hacked with the theft of employee credentials. Whether your company uses Gmail, Yahoo, or Office365, these are all hackable. Once someone has access, they can send spoofed emails to clients pretending to be you or an employee asking for more information or even money.

Collaboration
While collaboration among employees, contractors, and vendors is typically considered a positive attribute in business, it can also put your organization at risk. Many individuals and businesses today use Dropbox as a great method of file sharing and collaboration. Such files often contain a plethora of valuable information including trade secrets, PII, and client data. A hacker can use this information to spoof emails, gather data from clients, and target them as their next victims.

Travel Services
If your business employs a travel service to help them get from point A to point B, this can be another security risk. Companies such as Expedia, Travelocity, and Orbitz typically store your credit card information along with other PII that can be devastating in the event they are breached.

Be sure to employ different login credentials for each of these websites to best protect yourself and your business. Use multi-factor authentication if it is offered and don’t store your billing information with these sites if given this as an option.

E-Commerce
Whether your company orders office supplies online from Staples/Office Depot or your business sells products through Amazon/eBay, this is yet another area of risk. Again, stolen credentials can allow for the theft of PII and access to financial information that can drain your bank account before you realize what has happened.

Banking & Finance
Programs such as QuickBooks or Freshdesk or banking apps from financial organizations such as Bank of America or Wells Fargo can also lead to problems when it comes to credentials. If a hacker steals access to your bank accounts, credit cards, or financial programs, it can be truly devastating for your business.

Imagine having all of your accounts wiped out. How will you pay your employees, cover your business mortgage, or pay out contractors? Once the money is gone, the likelihood you will ever see it again is minimal, as hackers can be very difficult to trace and, even if you do get it back, how will you cover your business expenses in the meantime?

Social Media
If your employees or business are on social media, which most are, this can put your business at higher risk for a breach. Pages on social media can be easily spoofed or copied. A cybercriminal can invite your friends and followers, steal their information, and worse. This can ruin your reputation whether the hacker takes an unpopular political stand on the false page or accesses more people to victimize through spoofing of their personal or business pages.

Other Employee Risks
In addition to the threat of employees having their work credentials stolen, their personal credentials can also put your business at risk if they end up in the wrong hands. For example, if an employee uses their LinkedIn credentials such as their username and password for work in QuickBooks, they can expose your company to a breach. Employees should be trained to use unique usernames and passwords for each program, app, and website they use. This is true not just for work but also for their private internet use as well.

While it can be cumbersome to keep track of different usernames and passwords for each website or app they use, there are password management tools such as MyGlue or LastPass that can keep track of them all. While some of these password management programs are free, some do have a minimal cost associated with them. Remember, you get what you pay for in business. Some of the free apps are poorly encrypted locally on your own device so if you get hacked, the bad guys will still have access to your information. We advise working with a larger company so you know they have the manpower and ability to keep your information safe and secure.

Users often have the same password for multiple services such as network logons, social media, and online stores. This greatly increases the potential for a breach. Train and retrain your employees on cybersecurity. It is worth the investment as is paying a small annual fee for a secure password management tool. Consider this well spent money as an operating expense just as you do with your marketing budget.

Combating the Dark Web
At Oram, our experts are able to search the Dark Web so you don’t have to. Using Dark Web ID from ID Agent, our experts search for your personally identifiable Information (PII) on the Dark Web to determine if you are at risk of experiencing a breach. This gives you time to protect your information, notify your bank or lender, and change passwords before you experience a breach.

How Dark Web ID Works
Dark Web ID is a commercial solution to detecting compromised credentials in real time on the Dark Web. It offers the same advanced credential monitoring capabilities that are employed by Fortune 500 companies. This specially designed software connects to multiple Dark Web services including Tor, I2P, and Freenet where it searches for compromised credentials. With this proprietary software, you don’t have to expose your own software, hardware, or network to these high-risk services directly.

By searching the most secretive and covert corners of the internet, Dark Web ID locates compromised credentials associated with your business, contractors, and personnel. If we find credentials that compromise your company, we notify you immediately BEFORE you become the victim of identity theft, data loss, or a breach. The real-time awareness of compromised credentials Dark Web ID provides means you will know if your PII has been stolen so you can safeguard both your personal and business assets before it’s too late.

Be Prepared
The more information you have, the more valuable it is and the more prepared you can be. We employ extensive logging and reporting capabilities that allow us to track your credentials and the credentials of your employees on the Dark Web. As a result, we can triage incidents quickly and create effective policies and procedures to reduce the risk to your business.

How It Helps Businesses
We use the Dark Web ID as a tool to identify compromises throughout your organization that could put your company at risk for a data loss or major breach. With this software, we are able to monitor the Dark Web 24 hours a day, seven days a week, 365 days a year. It is so effective, it reports more than 80,000 compromised emails daily. In addition to email, the program searches and monitors the following platforms frequented by cybercriminals:

• Hidden chat rooms
• Private websites
• Peer-to-peer networks
• Internet relay chat (IRC) channels
• Social media platforms
• Black market sites
• 640,000+ botnets

Predictable Patterns
While it is good practice to be prepared for a breach, it’s even better to have a warning that one could be coming. Using Dark Web ID, we can identify industry patterns. If we see that your industry is starting to come under attack, we can share that intelligence with you to best protect your employees, your business, and your consultants.

Prevention is the Best Medicine
While a network attack may be inevitable, they can be made less destructive and costly. With proactive monitoring of stolen and compromised credentials, you can be alerted to prevent losses before they happen. With alerts that tell you when your credentials have been stolen, you can respond immediately to prevent a breach.

By employing monitoring services and software such as Dark Web ID, your company can move toward compliance with data breach and privacy laws. Our experts can even help you develop and implement a data breach response plan.

If you would like more information about the Dark Web, Dark Web ID, or reducing cyber risks to your business, please call Oram today at (617) 933-5060 or visit us online.