Insights

Reducing cyber-risk through External Penetration Testing

Without PEN Testing, hackers can exploit unidentified weaknesses in your network security Today, maintaining network security is increasingly complex, with more organisations than ever being heavily reliant on a varied range of systems to operate. Gone are the days of a simple PC with a hard drive, amongst many businesses there is a move towards combining flexible and agile mobile devices and tablets with Cloud technologies for; network access, sharing, collaboration and storage. While these developments may transform how your business operates, they create a complicated mix of assets that can leave you susceptible to the ever-increasing risk of cyber-attack. With Vulnerability Monitoring, you can check how secure your network really is, and most importantly, you are enabled to keep your data safe. Why is the risk of cyber-threat increasing? The working landscape of a typical business has changed, and the threat of attack from cyber criminals is increasing as a result. Employees can now work from home, work on the move and work from hot desks for some or all the time. Work devices may be used, which have a level of security installed, but workers’ own devices with less security may also be used to access your network, send and receive emails and files, or search the Internet. The nature of your business may also mean guests have access to your network, and all of this creates the opportunity for hackers to attack in diverse ways. Unfortunately, too many businesses have focused on the benefits of the new technologies and have not paid as much attention to the security implications. Left unchecked weaknesses can be exploited, leaving critical data vulnerable to the spread of a paralysing virus that could result in it being irrevocably damaged or lost. What is the value of External Penetration Testing (PEN Testing)? Understanding how exposed your network is to attack, is key to reducing risk. External Penetration Testing can help to keep your network secure by making visible any of its problem areas and vulnerabilities. It does this by simulating an attack, which is then used to assess your weakest points and/or assess a specific area of interest to your business. PEN Testing offers: continuous network monitoring reports on exposure levels of different resources alerts as to where the most immediate risk is remedial approaches to secure the weaknesses. The value of PEN Testing is in its ability to demonstrate where your system is vulnerable, and whether any of your critical data can be accessed from an outside source. Weaknesses are revealed by attacking your infrastructure in the same way a cyber-criminal would, but without facing the same level of threat. Once any holes in your existing defences have been identified, you then have the opportunity to seal them to maintain the integrity and confidentiality of your data. Reducing your exposure with ASL’s Pen Testing services Trying to defend yourself from attack, when you don’t know when or where it is likely to come from or what form it will take, can lead a business to either ignore the problem altogether or spend much more money than necessary. Many take an uninformed approach and make the mistake of investing in a range of security tools they hope will solve the perceived problem. This may actually increase your exposure as the wise course of action would be to seek expert advice. At ASL, we are highly experienced in protecting businesses from all types of disasters. We offer PEN Testing services in partnership with Tenable.io, who are specialists in identifying and securing against cyber-exposure. Our service does more than address misconfigurations and bugs in your system – it also includes: hacking/virus detection and prevention footprinting and system fingerprinting port scanning service testing/probing password strength testing DNS analysis. In addition, we also offer advice on how to manage your IT security vulnerabilities moving forward. For further information on how ASL can help you to protect your network security from cyber-attacks, call our Sales team on 0345 862 0350.

Cyber-attack – why having no backup and continuity plan could be terminal for your business

Your small business is now the preferred target of the cyber-criminal UK businesses still have a lot to do regarding effective backup and continuity planning in the event of a cyber-attack. Despite the clear rise in documented cyber-crimes against UK Businesses, a worrying number remain ignorant to the severity of the risk. Many incorrectly conclude that it will never happen, choosing to believe that their size or niche would not be of any interest to the cyber-criminal. However, failure to take the appropriate steps to adequately protect yourself could result in costing you more than just money. What are the most common forms of cyber-attack? Your enterprise can be targeted in a number of ways; the most common being: hacking/spoofing phishing/spear phishing malware DoSA ransomware. Any network, large or small can be open to attack. But if it is not continually monitored, patched or updated, you are leaving yourself vulnerable to developing exploitable weaknesses. Consequently, you could face your data being encrypted, damaged, lost or stolen, which could have disastrous implications, particularly if sensitive personal information is involved. Prioritise acting now, and protect yourself from cyber-attack EU regulations implemented in 2018 govern the protection of personal data. Not taking cyber-security seriously could mean non-compliance with the General Data Protection Regulation (GDPR). This, in turn, could result in a fine for your business, which could be as much as 4% of your turnover. Obviously, this could be catastrophic for any business, which is why being proactive about cyber-security and planning for a cyber-attack is a must. The action you can take now includes: updating your passwords installing the latest versions of antivirus/malware software regularly updating software/patching training your staff to make them aware enlisting the help of a professional to effectively identify vulnerabilities, detect and stop attacks and planning for continuity in the event of the worst happening. ASL can help you protect your business from attack Data that has been researched and published by our partner, Symantec, identifies how small businesses are being targeted with spear phishing. More than 52.4% of all reported attacks, where an apparently trusted email is used to elicit personal information from the recipient, were against SMEs. The statistics clearly demonstrate that hackers are very aware that a smaller business is less likely to defend itself as vigorously as larger ones, and will take advantage wherever possible. However, by combining our expertise in cyber-security with that of Symantec, we can help you: plan for disaster and assist with continuity services advise on how Cloud technologies can help with security recommend tailored cyber security solutions in line with your specific needs and budget The main issue is lack of awareness of the threat as well as the consequences of doing nothing to mitigate it. As experts in systems monitoring and cyber-security, we can help you identify how your business is most likely to be targeted and where the weakest points are in your network that could be easily exploited. Ignoring the problem, and failing to take any action could prove terminal for your business. To discuss how best to protect your business from the increasing threat of cyber-attack, call us on 0345 862 0350 or email sales@aware-soft.com.

Why should your Business have a proxy URL filtering service?

Using filtering technology to enhance security Employing a Web proxy URL filtering service can deliver many positive benefits for both organisations and end-users that go far beyond the basic implementation of preventing access to named websites or particular types of websites. Filtering technology is predominantly a security tool, one that provides an essential layer of centralised, server-side protection from security threats before they manifest on client devices. Despite its importance, many businesses underestimate the need to have proper web browsing security and leave themselves susceptible to underperformance, risk and liability. What is URL filtering? The internet contains many threats with an increasing number of previously unseen, zero-day vulnerabilities being exploited every day. This mostly occurs when visiting a website or opening an email that contains an unknown URL. Proxy URL filtering or web browsing security is an effective way of protecting your business and maintaining high levels of security. It does this by: creating website allow/block lists controlling data sent to sites or via web-based services detecting and blocking of internet-based threats. Either by using predefined templates or a service that is customisable, allow/block lists can be created according to one or a combination of values, such as user, time of day, URL category, etc. Customisable services allow you to tailor your list in accordance with your business requirements. The scanning and controlling of data sent to sites can help to eliminate the distribution of personal or proprietary data or otherwise unsuitable information. Plus, effective filtering helps detect and block Internet-based threats before they reach your network and pose a much more serious problem. Why URL filtering is necessary Increased security. If you don’t employ a URL filtering policy, you could be giving your users open access to malicious websites that will attempt to disrupt your infrastructure or network, steal sensitive information or infiltrate your entire system to corrupt it or use it to launch an attack elsewhere. This is done either by tricking the user into installing malware e.g. clicking on a disguised link or by drive-by download where the website will attempt an automatic malware installation, which bypasses the need for consent. Liability risk. There is an increased risk of liability if your users are allowed access to sites that display offensive or illegal content, such as hate, drugs, pornography or violence. Improved productivity. The lack of web filtering could mean your users are distracted by social media and instant messaging, leading to time wasting. URL filtering can be used to focus the attention of your workforce where it’s needed most. Improved reporting. Information that could be valuable to your organisation relating to web usage that could impact sales or add value by increasing efficiency, could be lost without URL filtering. Reports and logs can be generated that help to determine how separate areas of the business are performing by highlighting the most visited URL categories. How can Awareness help with your web and data security? ASL can help protect your business from compromised websites and malicious downloads and allows you to control and enforce “Acceptable User Policies “whether the user is in the office or working offsite. The benefits of our antivirus web filtering include: allowing, blocking, reporting or logging of categorised web searches file content analysis (uploaded to cloud-based applications or contained in email) blocking of inappropriate posts preventing the distribution of password-protected content preventing the download of business information to personal email and much more. At ASL, we have more than 20 years of experience assisting businesses to detect and contain hostile attempts to disrupt business operations. Data security is our priority. We believe we can offer you a powerful and flexible way to create custom web filtering policies that serve your business both in terms of performance and security. Contact us on 0345 862 0350 to discuss how our antivirus web filtering services can secure and protect your business.

The importance of a comprehensive email security solution

Why you shouldn’t rely on generic cloud-based email security to protect your organisation An increasing number of internet-based threats are being deployed via email, which is why it is imperative for your business to have a comprehensive security service in place. It is much easier to stop threats before they become full-blown attacks on your network or infrastructure. Prevention, by means of the detection and blocking of threats, is preferable for the business continuity of any enterprise. Dealing with the fallout of the avoidable and damaging consequences of a lack of security can be extremely complex as well as costly. So, what steps can you take to ensure your email system is secure? Understand the threats Internet-based threats are constantly evolving and are a challenge to detect when sent under cover of an innocent-looking email. Sophisticated methods of camouflage are employed to mask the presence of malicious URLs; for instance, emails can be embedded with: spyware bait for the purposes of phishing DoSA (Denial of Service Attack) spam disguised URLs (containing redirects and/or time delays) zero-day attacks (exploiting undiscovered email security vulnerabilities). Any of these can result in damage to your operating system or applications and may also lead to the corruption or loss of sensitive data. Learn how email security works Internet-level defences identify and eliminate spam and viruses before they have an opportunity to enter your network, and web-borne viruses, phishing threats and spyware are detected and controlled with URL filtering. Email content and attachments, either sent or received, are scanned, monitored and managed according to your own defined policies, driven by your business requirements. Appreciate the risks of low-level protection A cloud-based email security service is provided at a basic level with Microsoft Office 365 and Google Apps, etc. However, your business should not be reliant on this limited level of protection as it is not sophisticated enough to neutralise more than the simplest form of malware. Ignoring the need to detect and block an ever-increasing number of complex internet-based threats could make your business vulnerable to exploitation. Having a service that provides a wide-ranging level of email security could mean the difference between you averting a cyber disaster or finding yourself recovering from one. How Awareness can help ASL can offer an all-inclusive level of security for your email system that: protects critical data from the threat of spam and virus blocks spear phishing campaigns restricts web access (customisable, according to your requirements) filters URLs assists administrator controls protects and supports roaming users. Our service also offers the central management of your security requirements without the need for additional hardware or software by providing a web-based console. For more than two decades, we have supported small to publicly-listed UK corporations with their growing needs for reliable email and an effective security solution that maintains network and infrastructure integrity. Our comprehensive email antivirus service detects and blocks threats before they become a serious issue. To discuss how to enhance your email security, call our Sales team on 0345 862 0345 and find out how we can help you and your business safe online.

Protecting your corporate WiFi

How secure is your network? Modern businesses that require different forms of connectivity and functionality, could be exposing their wireless network to unnecessary risk without proper firewall configuration. Firewalls protect your hardware and networks from unwanted data or viruses trying to get in, or unauthorised systems traffic trying to get out. A systems functionality and security are provided by configuring your firewall with VLAN’s so that network access can be controlled and risks eliminated. Defending your wireless network security with the correct firewall configuration Defending your network security successfully involves the proper configuration of your firewall. The firewall maintains your enterprise’s security by preventing access either to or from a specified network. This is done by implementing firewall rules that define the level of access authorised users have; for instance: corporate WiFi – an open rule to the local LAN and internet staff WiFi – a restricted rule to Remote Desktop and a rule to the internet guest WiFi – a restricted rule to the internet. Secure firewall configuration eliminates unauthorised access to your sensitive data. In turn, this prevents it from being corrupted or leaked, either accidentally or maliciously. This is vital if you have BYOD users who use different devices, including tablets and smartphones. The variation in devices used can make defining who has access to what data very complex. Correct firewall configuration allows for authorised BYOD users to remotely access your private networks securely, using logins and authentication certificates. This is essential to establish and uphold BYOD security and best practice for your enterprise, which maintains the integrity of your networks and data. The role of VLAN’s in network security A Virtual Local Area Network (VLAN) is a way of creating network groups and segregating them from each other. This is done without the need for additional hardware or rewiring of your building. Access is provided to groups, such as corporate users, staff and guests, without exposing your network to any unnecessary risks. VLAN’s are essential to achieve this and: are configured on enterprise-class devices such as switches and firewalls they simplify your network design and deployment allow different networks to share the same hardware whilst being completely segregated. The correct configuration of the switch means that wireless access points can be connected to any of its ports. As long as those ports are configured to the appropriate VLAN traffic, all networks can pass over the same switch without interfering with one another. This means that issues such as broadcast storms, which may arise due to the use of poor equipment or configuration, can be detected and isolated without the other networks being impacted. Why choose Awareness to secure your network? With more than 20 years’ of experience in the industry, ASL design infrastructure solutions for clients utilising enterprise-class hardware. The hardware we supply (switches, firewalls) are fully managed layer 3 devices, that gives us the ability to: define access levels segregate logical networks detect and control network issues such as broadcast storms fully meet your network security requirements. For further information on how ASL can help uphold your network security with Firewall and VLAN configuration, speak to us on 0345 862 0350.

WiFi/Wireless Security Best Practices

Protect your enterprise or face serious consequences There are many advantages for your enterprise working wirelessly, but unless you are adhering to wireless security best practices, you could be running unnecessary risks that threaten your network and data. This is especially true if your business grants access to your LAN to BYOD users and guests. The consequences of ignoring your WIFI/wireless network vulnerabilities are serious and could have damaging consequences to your business. Advantages of WiFi technology Wireless access points are cost effective, easy to install and provide instant access to your enterprise’s LAN to anyone who is in range and has the password, including guests. WiFi technology also enables: mobility BYOD scalability. Mobility – Total mobility is permitted as co-workers and guests can connect to a server from anywhere on premises via WiFi. This allows for information to be accessed and shared, which facilitates collaboration and contributes to productivity. BYOD – Enterprises can gain from Bring Your Own Device as co-workers and guests use their own smartphones and laptops for work purposes. WiFi throughout the premises enables users to work on the LAN with their own equipment. As well as being convenient, BYOD represents an opportunity for your enterprise to save money at the same time as increasing productivity levels. However, while implementing BOYD has many benefits, there are risks that need to be considered such as data security implications – find out more. Scalability – New and guest users can be accommodated very easily with a wireless network as it usually involves the issuing of a password and making a corresponding server update. Users can be removed just as easily too, making the entire system cost-effective and flexible. Threats and vulnerabilities posed by WAP technology Mobility, BYOD, and scalability are significant advantages but they can also increase the risk of network security threats. BYOD users’ devices may already have malicious code embedded in them that could wreak havoc the minute they gain entry to your network. If not properly secured and monitored, WiFi can leave you exposed to menace, malicious or accidental, from both internal and external sources. This is because unsecured wireless access points can be easily recorded and information such as logins and passwords picked up. Network security threats can also come in the form of: broadcast storms man-in-the-middle attacks using rogue APs stealing sensitive data and/or bandwidth spam attacks or wireless packet floods data modification/loss/leakage/corruption attacks being launched from your network. The cost of downtime to your bottom line and reputation as a result of exposure to one or more of these threats can be much more significant than the investment it takes to obtain the necessary protection in the first place. 5 WiFi security best practices If you are not sure how to take advantage of wireless technology at the same time as reducing network vulnerability, below are five practices to implement as soon as possible. 1. Seek expert advice from professionals in wireless network security. 2. Identify which of your business assets need protection and why. 3. Define access requirements and create separate networks using firewalls and VLANs for: corporate users staff users guest users. 4. Carry out a site survey to identify areas of vulnerability. 5. Implement continuous network monitoring to identify unusual traffic. To protect your network against security threats and vulnerabilities, consult with Awareness. Our high level of skill has been gained over a period of more than two decades – assisting our clients with their network security requirements. To discuss WiFi security in more detail or to book a site visit, call Awareness on 0345 862 0350.

Could your BYOD policy be risking your data security?

The implications for disaster recovery when staff use their own devices at work BYOD (Bring Your Own Device) is a popular trend among UK SMEs, which without a proper policy in place to govern its usage, might be harmful to your data security. When staff access sensitive business information using their own laptops, phones and tablets, there is a corresponding increase in the risk of a disaster happening. Typically, an individual’s own devices are set up with less security and virus protection. Why businesses like BYOD Savings can be made when employees use their own devices for work purposes. Their laptops, tablets and phones are often more up to date and advanced as well as being lighter, more portable, with bigger screens and wider capabilities than your existing company hardware. Productivity increases because of the level of familiarity with your own device. People work better and your business benefits as a result. However, it is important to consider how you could be impacted if you are employing BYOD. You could be making yourself more vulnerable to data breaches and loss and suffer legal consequences as a result. So, what risks should you consider? The associated risks of BYOD Lack of security Disaster is more likely in the form of accidental leakage and data loss, viruses and cyber-attacks when your staff use their own devices. Their device could be easily compromised, lost or stolen, which could give a third-party easy access to sensitive data. The consequence could be extremely serious or possibly fatal for your business. Management of different operating systems Devices are being updated and upgraded all the time, meaning the operating systems are too. The number of different versions make it very complex for a business to manage and support and this can lead to security breaches occurring. Your disaster recovery plan should include an effective solution that addresses this management issue. Having no BYOD policy Arguably the biggest risk of a disaster happening at all is failing to have a company BYOD policy. As well as weakened data security, there are also legal implications. BOYD legal implications and responsibilities Depending on the nature of your business, you may have to comply with legal requirements to do with the Data Protection Act, the Official Secrets Act or the Freedom of Information Act, etc. Your BYOD policy should address who is responsible for the protection of personal information and the implications of non-compliance with legal obligations. BYOD policy planning – what to include Apart from having a legal compliance strategy, other considerations are: network security data encryption local data storage prevention protection controls and limiting access tracking and deploying of applications establishing secure app-to-app workflows. Communicating your policy fully to your employees means they will be aware of what their responsibilities are when it comes to safeguarding your sensitive information. It will also help to reduce the risk of a disaster being caused internally. ASL can help you to successfully benefit from BYOD by performing a full assessment of the risk involved on all devices that access your company data. We can offer qualified advice on the security implications of jailbreaking and sandboxing, as well as assessing encryption methods and the use of passcodes to protect sensitive areas. For further details on creating a BYOD policy for your business that reduces the risk of a disaster, contact ASL on 0345 862 0350.

Why it is vital to have a first-class cloud-hosting services partner

The hidden pitfalls of transitioning to public cloud-hosting service environments Attracted by cost-saving opportunities at the same time as being able to improve the quality of resources, many UK businesses have transitioned from a privately hosted on-premises environment to a public cloud-hosting service. However, research by ‘415’ has revealed a range of issues that can arise from transitioning, and of the businesses surveyed, 21% advised they were considering a return to an on-premises based solution. A possible explanation for this could be that businesses often underestimate the complexities of switching to a cloud environment and find themselves dealing with issues of reliability and efficiency that are beyond their level of expertise. Working with a first-class cloud-hosting services partner can give you that depth of knowledge and technical skill that reduces risk and enables you to fully benefit from the transition. Public Cloud-Hosting– advantages vs. risks Advantages A public cloud service provider offers resources over the internet, such as software, data storage and applications. For a growing number of businesses, it makes sense to transition their on-premises environment to a public cloud-hosted environment for three main reasons: inexpensive – pay for what you use on an ongoing basis flexible – instant provisioning and on-demand access to high-quality services from any device scalable – easy to expand server base in line with business needs. Another appealing benefit is the ability to take advantage of these high-level services without facing the same set-up costs. Risks The reasons for transitioning your environment to the cloud are compelling, however, without the proper expertise to correctly configure and manage the environment, you run the risk of: uncontrolled escalation of ongoing costs confusion arising from increased complexity using the wrong tools leading to ineffectiveness inaccurate reporting and tracking of digital assets lack of proper support from the providers themselves. Choosing the right cloud-hosting services partner Working with a partner who has the right kind of knowledge and expertise can help you to develop, implement and deploy an effective plan for transitioning, as well as maintaining it properly afterwards. This would mean: costs being kept to a minimum and maintained at a predictable level solving issues of reliability and efficiency faster response times assessment of virtual machine use correct use of tools effective analysis of workloads. With over 20 years of experience in assisting UK businesses with their IT requirements, Awareness offers first-class expertise and technical skills in supporting your business migration to a cloud-hosted environment. We partner with you and your cloud service provider to maximise the advantages for your business while keeping costs at predictable levels. We can offer valuable insight into how your virtual machines are performing and help with aspects concerning efficiency, agility and flexibility. For further information on our cloud-hosting services, call us at ASL on 0345 862 0350.

The dangers of leaving disaster recovery out of your IT budget.

Why disaster recovery should be a necessity for your business, not an option. Many UK corporations take the view that investing in disaster recovery and business continuity is just not necessary and opt to apportion the company budget in different areas. If this is your view, it’s a very risky one and could result in the loss of more than a period of downtime. A significant number of businesses fail to fully recover from the impact of a disaster that they could have survived if only they had had the foresight to plan ahead. So, what stops businesses from planning for the consequences of what could go wrong? Why businesses don’t plan for DR. There are a number of reasons why SMEs fail to plan for how they will recover after a disaster and continue to operate. These include ignorance of the need and/or consequences, thinking it doesn’t apply to them due to size and/or reach of their operation or assuming that their IT infrastructure is secure. However, the three main reasons are: 1. Cost – it is widely assumed the costs associated with implementing a DR (Disaster Recovery) plan are going to be very high. Businesses weigh the perceived cost against what they assume to be a small probability of experiencing a disaster and draw the conclusion that it’s not worth the expense. A ‘we’ll cross that bridge’ attitude is adopted, only to find that trying to deal with the consequences of a disaster when one is actually happening, is too late and costs far more than the initial outlay of an effective DR solution. 2. Lack of outage awareness – many SMEs don’t realise how their business is being affected by small outages and this is likely due to a lack of reporting. Management may assume that their IT infrastructure is solid because they are unaware of any problems. This lack of awareness can accumulate over time to negatively impact running costs and reputation and result in lost business, customer loyalty and productivity. An effective DR solution with appropriate monitoring (see our PRTG product for details) would quickly identify areas in the infrastructure that require improvement and immediately have an impact on efficiency and security of data. 3. Small amounts of downtime are routinely accepted – as par for the course in business and, consequently, they are overlooked or viewed as unimportant. However, what may start as a small problem could exacerbate over time if left unchecked. Disaster could be as a result of human error, a natural event, software/hardware malfunction or cyber-crime but the fact is, the more businesses are relying on their IT environment to support the operation, the more need there is for a reliable disaster recovery solution. Why should you make DR a priority for your SME? Without a disaster recovery plan in place, your business risks: picking up the bill for new hardware/software that may have suffered catastrophic damage paying expensive ransoms as a consequence of cyber-crime (ASL would never advocate paying a ransom) losing income from production/sales losses paying salaries of employees unable to work because the business has ground to a halt security threat to own/client data loss of client confidence inability to recover altogether and facing business closure. How ASL can help with your DR planning and implementation. ASL have over 20 years of experience in helping small, medium and large corporations to plan for and avert the worst happening, keeping you up and running when they need it the most. Our experts can visit you on-site and offer a review of your IT environment and create a disaster recovery solution that is scalable to your business needs and tailored to your budgetary requirements. DR doesn’t necessarily mean having to invest in a secondary data centre. Other options exist, such as Cloud-based Disaster Recovery as a Service (DRaaS), which we will be more than happy to discuss with you to help you conclude which is the best recovery strategy for your business. To discuss your disaster recovery option in more detail, speak to an ASL expert on 0345 862 0350.

Advice on creating a successful disaster recovery plan.

Don’t wait for disaster to strike to decide how to recover from it A surprisingly large number of UK businesses never reopen after a disaster, simply because they did not prioritise the need for an effective disaster recovery plan. Planning now for how you will recover after a disaster is an essential part of ensuring business continuity and ASL have created a helpful guide to get you started. Don’t procrastinate – plan now The percentage of SMEs who have not yet considered how they will recover if disaster strikes could exceed a staggering 50%. However, if you don’t plan at all or leave it until it’s too late, it will take your business much longer to return to an operational state. In fact, the consequences of procrastination could mean not recovering at all and going out of business altogether. Effective planning with clearly defined data recovery strategies could avoid downtime altogether, ensuring your ability to stay up and running while others flounder. Prioritise data to be recovered after a disaster There is an enormous amount of data generated by businesses today and the challenge you face is deciding what data your business needs immediately and what can be left to be recovered later. Trying to recover it all in one go could needlessly increase the amount of downtime you experience and could escalate your costs. Prioritising the data simplifies the process, which increases your ability to bounce back quickly and for less expense. Consider more than one type of disaster Data disaster does not only come in the form of human error or ransomware. Your operation could experience hardware or software failure as well as natural types of disaster, such as fire or flood. Evaluating the impact on your business of each type of disaster will help you to assess the level of risk each one represents, which can then be built into your DR (disaster recovery) plan. Prepare for on-premise and Cloud infrastructure disasters With the rise in popularity of Cloud computing in recent years, there has been a corresponding increase in the need to plan to recover data from that environment. Regardless of whether your infrastructure is Cloud or on-premise based, it’s imperative you are able to recover the data you need when you need it and this should be accounted for in your planning. Define SLAs – Service Level Agreements Whether you have outsourced your DR or you have your own IT department, it is vitally important that data recovery expectations have been agreed by you and your team. If service levels are not defined in this way, misunderstandings could occur, which can negatively impact the level of business continuity that can be achieved. Have a Plan B Ensure your backup plan has a backup plan. Having more than one person who can make decisions and fully understand the nature of the SLA (Service Level Agreement) is extremely important if you want to avoid hindering the successful implementation of your Plan A. Having a Plan B means someone will always be available, regardless of the nature of the disaster or when it strikes. Test, test and test again Testing is a vital part of your planning process. It highlights any weaknesses in your plan and demonstrates where improvements can be made. It also creates a level of certainty that your recovery solution will actually work when you most need it. You should factor in a test at least once a year. A final thought on the importance of updating Updating is not only important for your systems to maintain resilience, but it is essential for your disaster recovery plan too. As your business evolves, your systems, including your hardware, software and how you host your infrastructure, may change. The evolutions in how your business operates must be reflected in your plan or it will fail. For further information on successful planning for a disaster recovery solution, call ASL on 0345 862 0350.

Find out how our knowledge can grow your business.