Investing in Your Business Infrastructure

Your business provides products or services that are important to its customers. As a viable entity the business provides investors, owners, management and employees an income and is vital to the financial well being of those involved. Every business is part of a commercial ecosystem and a micro economy in itself. In an effort to compete and stay viable why do so many business owners ignore the need for good information technology and security practices?

Admittedly for most it’s not a great topic of discussion. Information security and information technology in general is considered by most individuals too complex, too foreign, and best left to computer geeks to sort out. Well if you are in a position of responsibility within your organization you might agree, but it would be a dereliction of your duties not to be involved in defining overall technology objectives while reviewing outcomes ongoing.

Why? The operation of business today depends on information technology and information security. There may be some companies out there that still get by with pens and paper but they are very few. Most business relies on email, the web, databases, online banking, and perhaps some computer automation. A breakdown or breach of IT systems can be very disruptive and costly.  Ever contacted a business to order something when their systems were down?  How well did they meet your needs?

Most small business owners ignore the importance of information technology in their business planning.  This leaves the company prone to inevitable breaches, outages, and data losses. Too often simple maintenance and upgrades are ignored for extended periods of time and ultimately the lack of oversight backfires. We have seen businesses shut down by outages.

By the time a crisis occurs all the perceived money saved is long spent in lost productivity and potential reputational harm to the business. You might think you can hide the weaknesses from your customers but they know through their ongoing service experience. Many times your employees will tell your customers of recurring problems before they tell you.

Building and maintaining pragmatic IT solutions is the most cost effective and efficient way to operate. That’s not always easy to do as the latest technology is like a drug to some staff, and the vendor supplying it wants to move as much of the latest greatest as possible. Your involvement and the use of outside consulting are critical in developing, and maintaining your best interests.

Business objectives should be clearly defined with an IT plan supporting each objective in plain English.  There is no need for all the tech jargon. A simple question like how do we ensure data security should drive clearly defined objectives and an information technology roadmap that meets each point, which any layperson can understand.  Keep it simple, stay involved, your business depends on it.

About Network Management Solutions

Since 1996 Network Management Solutions (NMS) has been helping companies best meet their business objectives with pragmatic solutions.  Please contact us with your concerns we are here to help.  Network Management Solutions can be reached at 908-232-0100 or by email at info@nmscorp.com.  Further information can be found at our website, www.nmscorp.com

Facing The Realities Of A Data Breach

Most small to mid-sized business don’t consider themselves to be a data breach target and therefore never develop an incident response plan.  Having to respond to a data breach in real time without a plan can be challenging at best.  Some would call it a nightmare.

Your obligations and approach can vary widely depending on your business and the type of information you maintain.  Has data been destroyed or deleted, have passwords and accounts been compromised, have financial accounts been accessed and funds diverted, or has a database containing credit card or other sensitive information been inappropriately accessed?  How do you know?  A plan helps you to sort out the questions and set a direction to meet your business obligations and move systematically towards recovery.

How did you become aware?  Did an external source notify you such as your bank or law enforcement?  Do you believe that the incident was triggered by an internal or external event, was it intentional?  Often errors by internal staff can create an exposure of sensitive information that is then utilized by an outside source or it can be a calculated collaborative effort between the two.  An external hack may be the result of a targeted effort or weakness that is exploited through non-solicited emails, or a web or application interface.  Regardless of what has happened and how it happened still requires action.

So what are the steps to recovery and whom do you notify? A general approach might be as follows:

Build A Team: Form a team that will be tasked with specific events addressing legal, information security, management, public relations and other concerns.

Discuss Events and Develop Approach: Identifying timelines and events leading up to the incident can be key in establishing a direction and approach for remediating and investigating the breach.

Discuss Legal and Public Relations Requirements: Understanding your business obligations is critical as this will determine what steps you must take to address any legal or regulatory concerns.  Effective public relations will help preserve your business name.

Engage Appropriate Resources: This may include your financial institution, law enforcement, incident response resources, legal counsel, among others.

Commence Data Collection and Analysis:  Collection of computer data, log records and other digital forensic evidence is key to any investigation.  Professionals are required to ensure proper protocol and preservation of evidence. Many untrained computer personnel destroy evidence or miss the breach source so the compromise continues.

Address Legal and Regulatory Requirements: Based on your analysis you may be legally obligated to notify regulatory bodies and affected entities.  Timely response is of great importance. Your business partners may need to be engaged.

Notify Affected Parties: Those affected by the breach may need to be notified by law and the protocol may vary state to state.  This includes individuals that may have had credit card information, or personal and private information exposed.  Others such as business partners may need to know to ensure that they too are not affected.

Assuming that law enforcement will investigate is highly unlikely.  Unless your compromise a matter of national concern or has a multi million-dollar impact or you can pinpoint insiders there is little aw enforcement will do.  You will need to manage the investigation largely on your own.

Maintaining a robust information security program will greatly reduce the likelihood and severity of a data breach.  Having an incident response plan will provide the roadmap to address a data breach in a timely and concise manner protecting both your business and its reputation.

Please contact Network Management Solutions for more information.  We can be reached at 908-232-0100 or info@nmscorp.com.  Our website can be reached at www.nmscorp.com.

Superstorm Sandy Tested Business Continuity Plans

Superstorm Sandy ripped through the Northeast at the end of October creating significant damage throughout New York and New Jersey.  Many residents and businesses were without power for days and in many instances weeks. The storm damaged coastal homes and properties and in certain cases devastated entire towns.

How did your business fare during and after the storm? If you were not seriously impacted was it due to being prepared or were you lucky? Were you prepared in that you had a Business Continuity Plan (BCP) in place to call on, or were you lucky that you were able to scramble for alternatives, or were there no significant service disruptions experienced? Did your prior planning ensure that redundancy was available and alternate measures in place to sustain business operations and that those who could not get to work had designees in place to take over in the interim?

Now is the time to take stock of your preparedness and assess what went well and how you might have done better. Many times an outage will expose weaknesses in a company’s BCP and Disaster Recovery Planning.  We heard from numerous businesses that felt the effects of Sandy and realized they were not prepared.  Equipment damage, data losses and long standing service outages and an inability to rapidly provide alternate resources hurt those businesses.

Companies that prepared plans and tested their viability ongoing did remarkably well.  Critical services were available and key business activities continued. The effort to develop, execute and manage the plan was well worth it to those who prepared.

Network Management Solutions provides Business Continuity and Disaster Recovery Planning.  For more information please contact us.