Apr 1 2013

User Account Control and Business Applications

One of our programmers, Dean Jones, recently dealt with a technical support incident that demonstrated the need to understand how UAC interacts with the business applications we use. A client was seeing odd results where different Windows users would see different data, even though the software in question uses a single shared database for all users. The problem turned out to be the location of the data.

We support a wide range of software, but nearly all this software wants to store data somewhere. Sometimes data is stored in individual files, such as Word documents or CSV files. Other software interacts with large or small shared databases. In any case, the data needs to be written somewhere.

In comes User Account Control (UAC), which was introduced in Windows Vista and has been part of Windows since then. UAC has the effect of making administrator-level users into normal or restricted users for most daily activities. When an administrator needs to perform an action that requires administrator-level permissions, the administrator is prompted to allow the action. The action cannot be performed until the administrator reacts to the prompt. The purpose of this behavior is to protect the user from malware.

Two of the areas UAC protects are the “Program Files” and “Program Files (x86)” folders. Adding, modifying, or deleting files in these or any subfolders requires administrator-level privileges. This is the reason an extra prompt appears asking permission when software installers run.

Now we come back to the support incident. The software in question stores some data alongside the executables. When the software itself is installed in the “Program Files” or “Program Files (x86)” folder, the data is installed there as well. This causes a problem when the machine on which the software is installed is running UAC. UAC doesn’t want files in those folders to be modified without the user responding to a prompt. The architecture of the software doesn’t allow the prompt to appear. Because the software couldn’t write to the original database, it seemed to create a new, separate database in the user’s profile folder. (UAC doesn’t affect files in users’ own profiles.) As a result, different users were seeing different data.

It is important to become familiar with where your business applications store their data. If the software stores its data alongside its program files, UAC may interfere with the software’s operation. There are a couple of possible workarounds, although others may be possible:

Install the software in a location other than the “Program Files” or “Program Files (x86)” folders. Often, the software’s folder is installed directly at the root of a drive.
Disable UAC. This is not recommended because you lose the protection UAC provides.

Below are a few software packages that may need these workarounds:

Sage 100 ERP (when using a ProvideX database)
Vineyardsoft KnowledgeSync/Sage Alerts & Workflow (when using MS Access databases)
ASG-Cypress

With each of these software packages, other options may be available to separate program and data storage. If you know of a way, please leave a comment. I’d like to know.

Mar 5 2013

UPnP Vulnerabilities

A network security company, Rapid7, recently conducted a study on the response of internet-facing equipment to UPnP requests. They discovered millions of devices that respond to UPnP requests on their internet-facing interfaces. This is not the intended behavior of UPnP, and it represents a significant security concern for those whose devices behave this way.

What is UPnP?

Universal Plug and Play (UPnP) is technology that allows devices inside the LAN to automatically configure their internet gateway router to allow needed network traffic (typically from the internet) through the firewall. On most routers, UPnP is an option that can be enabled or disabled. To better explain UPnP, please see the following diagrams.

The first diagram shows typical, non-UPnP use of the router:

The router is normally configured to allow network traffic that is initiated from inside the LAN. (See number 1 in the diagram.) The computer inside the LAN initiates a connection to a server on the internet, and the server sends a response. The router manages the ports necessary to keep the connection going.

Number 2 in the diagram shows that unsolicited traffic is normally blocked by the router. If a computer outside the LAN tries to initiate a connection to a computer inside the LAN (or even to the router itself), the connection request is rejected by the router.

The next diagram shows the intended, typical use of UPnP:

Following are the steps shown in the diagram:

Through various means, the computer inside the LAN determines that it needs to accept network traffic directly from one or more computers on the internet. The LAN computer uses UPnP to automatically configure the router.
The router opens a network port to the internet and forwards any traffic arriving on that port (including unsolicited traffic) to the LAN computer.
The computer on the internet is now able to send traffic through the now-open port in the firewall to the LAN computer.

The goal of UPnP is to make more direct connections between computers inside and outside the LAN. UPnP is often used by gaming consoles, PC games, and voice-over-IP (VOIP) services. In some cases, these games and services will not function at all when UPnP is disabled. In other cases, performance is improved by enabling UPnP on the router.

Even when UPnP is implemented properly, it can be a security risk in the LAN. Commonly, UPnP requests from inside the LAN are not authenticated. This means the router can’t tell the difference between the desired UPnP request from a benign PC game and the unwanted UPnP request from a malicious piece of malware. If malware has infected a computer inside the LAN (through whatever means), it can use UPnP to open ports in the firewall and allow itself greater access. This is possible even when UPnP is running properly.

Because of the lack of authentication, it is a good security practice to disable UPnP on the router. This can adversely affect devices and programs in the LAN that want to use UPnP. However, these problems can sometimes be corrected by manually opening ports in the router and configuring the device or program to use the manually opened port.

What is the current problem with UPnP?

When enabled, UPnP is only supposed to be available to computers inside the LAN. However, Rapid7′s study revealed that millions of devices on the internet are also responding to UPnP requests from computers on the internet outside the LAN. Following is a diagram showing one possible situation:

Following are the steps shown in the diagram:

An attacker outside the LAN detects that an internet-facing router is responding to UPnP requests from outside the LAN. The attacker makes a UPnP request to the router.
The router opens a network port to the internet and forwards any traffic arriving on that port (including unsolicited traffic) to a computer on the LAN.
The attacker uses the now-open port to conduct additional attacks inside the LAN.

The exact abilities the attacker will have depend on how the router responds to requests from the internet. The responses will depend on the brand of the router and the firmware version installed on the router.

What can be done?

How do you know if this vulnerability affects you? Web-based UPnP vulnerability checkers are available. One such is part of the free “ShieldsUP” service from Gibson Research Corporation. To test a router, do the following:

Using a computer behind the router you want to test, navigate to the following page:
https://www.grc.com/x/ne.dll?bh0bkyd2
Click one of the “Proceed” buttons.
Click the “GRC’s Instant UPnP Exposure Test” button.
Allow the test to run and observe the result.

If you discover that your router is vulnerable, try turning off UPnP in your router and run the test again. (Some routers have been reported to leave UPnP running on the internet side even after it has been disabled on the LAN side.) If the router is still vulnerable, following are some options that are available:

Search the website of the router’s manufacturer for newer firmware for your router. Keep in mind that the manufacturer may offer multiple versions of the firmware for the same router model. The different versions may be for different hardware revisions of the router. Pay close attention to which hardware revision you own. Read installation instructions carefully before starting. Disabling UPnP after installation may be necessary.
Alternative firmware for some routers is available. Three such are DD-WRT, OpenWrt, and Tomato. Before installing alternative firmware, verify compatibility with your router (including the hardware revision number). Read installation instructions carefully before starting. Disabling UPnP after installation may be necessary.
Buy a new router. It may be advantageous to do research before buying to ensure the router you purchase does not also have the UPnP vulnerability. Disabling UPnP on the new router may be necessary.
For those who are technically minded, turn an old PC into a router. The computer must have at least two network adapters. (If the computer has only zero or one network adapter, additional USB, PCI, or PCI-e adapters can normally be added.) Replace the existing operating system on the computer with a router OS such as pfSense or m0n0wall. Read installation instructions carefully before starting. Disabling UPnP after installation may be necessary.

Regardless of the option chosen, test your solution after it has been implemented.

How does this affect business?

UPnP is technology typically implemented in routers meant for home or small-office use. Some businesses may be directly affected by this, but many will not be because they use networking equipment that doesn’t have the vulnerability. However, businesses may be indirectly affected if they allow remote access into the network via VPN or other means. If a remote user’s home network is vulnerable and compromised, the compromise may propagate from the home network to the business network through a VPN connection.

Where is more information available?

Original study from Rapid7:
https://community.rapid7.com/docs/DOC-2150
US-CERT Vulnerability Note:
http://www.kb.cert.org/vuls/id/922681
“Security Now” (from TWiT) podcast episode discussing UPnP:
http://twit.tv/show/security-now/389
“This Week in Enterprise Tech” (from TWiT) podcast episode discussing UPnP business impact:
http://twit.tv/show/this-week-in-enterprise-tech/29

Diagrams use clip art from user “cyberscooty” at openclipart.org.

Dec 18 2012

Windows 8 Feature: Connected Standby

With all the buzz about Windows 8 you’re probably thinking what does it really do for me over what I currently have in both Windows XP and Windows 7? I’ve asked myself that same question considering most of my customers’ needs and requirements. Of all the new features to the look and feel of Windows 8 that my college Amber has in her blog post here, one of the most significant features is the huge power consumption advantages of this new operating system when built on devices that it can leverage.

This is achieved using a new “sleep” state called Connected Standby. Much like how your mobile phone maintains connectivity to the cellular network while the screen is off, Windows 8 connected standby devices will take this a step further. With advances in low power consumption components and the application hooks into those components, Windows 8 can maintain what is likened to a Logical Power Off state.

All the tiles in the metro interface that maintain up to date information will continue to maintain connectivity to its source while in a connected standby state. Say for example I maintain a tile for the local weather, or news in Windows 8, that same type application called a widget in Windows 7 would need to wait for the machine to return from standby mode, connect to all network resources, and then download the latest data. All this activity is cause for slow boot and return from standby times. Windows 8 however never really goes into a full standby; it maintains these applications with little consumption of power and only downloads the amount of information to maintain a consistent user experience with their data.

We all can agree that the display is in most cases the most power hungry part of any mobile device, including laptops, so having the capability to maintain network connectivity while in a logical powered down state would prove extremely efficient. The chart below shows a comparison of Windows 7 power usage while in an idle state with the screen off and Windows 8 power consumption while in connected standby state. You’ll notice the very short bursts of power consumption while the device reaches out to its network sources to update the live information on the device, such as emails, tasks, contacts, weather data, Stock updates or that most recent business intelligence report that helps guide your daily decision making for your business. Microsoft calls this data collection while in standby mode “Idle Hygiene”.

Connected Standby has been modeled as the system is “on” with the screen off. All this is done with some very frank dependencies on specific hardware components. These components all have to include enhanced device power management, from the processor, to the memory stack, all the way through to the wireless/network devices. This interface is controlled by a new kernel level component called the power manager miniport (PEP). This allows application developers to code their software without the need to care about power management and consider the system state as always on, thus offloading the power management coupling to the PEP and the subsequent hardware components.

The initial list of Metro Style apps that use the background features while running in the Connected Standby mode are:

Playing music
Downloading a file from or uploading it to a website
Keeping live tiles alive with fresh content
Printing
Receiving a VoIP call
Receiving an instant message
Receiving an email
Sharing content (like uploading photos to Facebook)
Synchronizing content with a tethered device (like syncing photos)

As more Metro Style apps are built and adopted by the market, this list will likely grow and I’m excited to think of all the possibilities yet to come! Less plugging in, More Data!

Dec 4 2012

Windows 8 New Features

I was recently with a client and was asked if I had seen or used the new Windows 8, my response was a simple “no”. Although I hadn’t used the new operating system, I had heard it is really a different experience, more like a tablet on a PC. This had me intrigued and I knew I wanted to learn more about it. After further research and feedback from fellow team members, below will summarize a handful of the new features and comments from those recent adopters.

Faster Install and Boot

The installation is reported to be much faster and easier than Windows 7. I have also heard and read great things about how fast it boots up! Windows 8 has much better performance than Windows 7 even with the new interface.

Metro User Interface (UI)

The metro UI makes the experience very similar to using a tablet. The tiles represent apps. For those of you who prefer the more familiar desktop experience, you can click on the Desktop app or click Win+D.

I’ve been hearing a lot of “where is the darn Start menu?” While on the desktop view, you can move your mouse to the left hand corner and click on return to the Start Screen.

Improved Search

The search box is no longer available from a start menu. To initiate a search from the desktop you can tap the WINKEY or (CTRL + ESC) and start typing. If you are already on the Start Screen you can simply start typing. You can choose to search files, settings, or even apps.

Windows Explorer

For us Windows Explorer junkies, they have added the Ribbon to this view. I have heard some complaints on the image viewer, sounds like there are some bugs.

Cloud Sync

With your Windows Live Id, you can sync your data to the cloud allowing you to access your information from any Windows 8 device. Check out the Windows to Go feature, it allows you to offload your data on a flash drive and plug it into another device and start working on it like its your own. This is more of an Administrator feature.

I have a couple colleagues that have recent experiences with Windows 8 both at home and in the office. Immediate feedback from them included:

“People are going to stay on Windows 7 awhile due to the interface change and effort that will be involved in training. Also, a lot of folks just moved to Windows 7 so they are not ready for an upgrade just yet.”
“Speedy install and much simpler!”
“While using Internet Explorer on the metro UI and on the more familiar desktop, the user experience is different. A user also reported not being able to find their IE tabs while in the metro UI.”
“Wife says: ‘Put Windows 7 back on’”
“I like the metro UI because I can get a lot of information I use every day very quickly”

There is a list of at least 300 new features in Windows 8, check out the web as there is information out there on all of them. In the end, my perception is that this is going to be a substantial user experience change for all users whether you use a tablet or not. The interface is definitely moving in the right direction as increased tablet use has began introducing consumers to the experience, however, I’m not sure mid to large size organizations will be excited to adopt initially. Personally, I think I would like it once I got used to it; it is just finding the time to work through it.

Oct 17 2012

Cyber Attacks on U.S. Banks: An Alarming Trend

It is hard to look at computer and network security news without seeing news of another U.S. bank being the target of cyber-attacks. Within the last month, numerous major financial institutions have fallen victim to various levels of attack, ranging from Denial of Service (DoS or DDoS) conditions to the theft of funds. As a result of recent attacks, it is important to stay in-tune with security best practices, and protect the assets of one’s own organization.

Distributed Denial of Service attacks (DDoS) have been causing headaches for organizations, including Bank of America, JPMorgan, Chase, Wells Fargo, Citigroup, Bancorp, Capital One, Regions Financial Corporation, SunTrust, and others. These DDoS attacks are carried out by attackers who control computers dispersed throughout the world. The attackers use those controlled computers to consume large amounts of resources on victim websites and systems, ultimately resulting in the outage of service to customers. Despite sensitive information not being directly vulnerable to the DDoS attacks, undoubtedly this type of activity causes detrimental results for the affected institutions and the users wanting to access their online services.

More alarmingly, some of the cyber-attacks on the U.S. banks have escalated from DDoS type attacks where access to services are compromised, to sophisticated attacks resulting in the loss of funds or sensitive customer data. For example, Burlington City’s bank account in Washington lost approximately $400,000 to attackers over the course of two days; the attack stemmed from a compromise at Bank of America. Detailed information on the compromise is sparse, and could have origins from user error, insecure system configuration, or several other areas. In any case, it is possible that more of these types of attacks will surface.

Attacks on the U.S. financial institutions are said to have many sources–some people are claiming that organized cyber-criminals from countries outside the U.S. are leading the attacks, being motivated by different reasons. No matter what the motivation is for current attacks, it is an important reminder for financial and non-financial institutions to continue being diligent about security. Continuing with user awareness training, security assessments, and technical control reviews are important steps in defending against such cyber threats.

For further reading on these cyber-attacks, check out these news media articles!

Sep 28 2012

Saved by the Bell (or Alarm of my iPhone)

Losing your phone is like breaking your wrist! I know because I’ve done both in the past month.

Which hurts worse? Honestly? Sad to say, but losing my smartphone!

The other day I was having a business lunch with two of my colleagues. I set my phone down so I could concentrate on conversation and the task at hand. Upon leaving the restaurant, I realized I didn’t have it with me, so I immediately ran back in to check the booth where we were sitting. The server told me she had cleaned the table and it was not there. I made several trips — back to work, back to my car and back to the office. After looking under the booth, around the booth and speaking to the manager, I finally gave up and went back to the office.

Feeling down, but not defeated, I opened my laptop and did a Google search on recovering your lost iPhone. Good news! Because of the brilliant design of the iPhone and the great knowledge base that is the Internet, I found out that you could use a handy feature, the iCloud, to not only locate the lost phone, but signal an alarm that lets people in the area know you are trying to find it!

I thought I would share this tip with you so you don’t have to feel like you lost your left arm should this happen to you!

Find My iPhone

Apple offers a free built-in service called “Find My iPhone” that you should set up right away so that when the dreaded event happens you’ll know what to do.

To set it up, go to “Settings” and down to the “iCloud” tab. Scroll down to the bottom and look for the green radar icon that says “Find My iPhone” and make sure it’s turned on.

Steps to Recovering Your iPhone:

From your computer, go to iCloud.com and sign in with the same Apple ID you use on your iPhone 5.
Once you log in, you’ll see the same radar icon for “Find My iPhone.” Click it. That will take you to another page that’ll show you where your iPhone and other Apple devices you have are on a Google map.
At the top left, click on “Devices” and select your iPhone. That’ll zoom you in closer to its location and open a window showing you how recently it was tracked and how much battery life it has left on it.
It also shows three buttons with different actions you can take. You can choose to have the iPhone play a sound, which is useful if you misplaced the device near you. I highly recommend this as I know it works!

You can also turn on “Lost Mode.” That’ll let you remotely lock the device and let you set up a passcode, keeping potential thieves from using it.

In the Lost Mode, it’ll also ask you for a callback number and will let you send a message to the device, such as “This iPhone has been lost. Please call me.” You can message the phone multiple times. Warning: some tech-savvy thieves know how to disable the “Find My iPhone” service.

If you have sensitive information on the device that you’d rather not have stolen, you can also remotely erase it. This will wipe the iPhone 5 clean of all your data, but — and this is a big but — you will also lose the ability to track the device. Use this with caution.

If you have located your device, but think it may be in the hands of thieves, call the police. Since Apple launched Find My iPhone a few years ago, police have been able to help retrieve the devices.

Find My iPhone also works with iPads, Macs and iPod Touches.

Sep 27 2012

Generations and Technology

We are beginning to hear more and more about the challenge in working with the many generations present in our workplace.

I recently heard a presenter mention that the business world is struggling with the Millennial generation because this generation has challenges with speaking to customers face to face. It made me curious at how each of the generations views technology and what are their technology preferences for communication, working, and leading.

The generations most prevalent in the workplace today are:

Traditionalist (born 1922-1945)

Known as the silent generation
95% are retired
Tech challenged in the work place

Baby Boomers (born about 1946-1964)

Workaholics
Most influential
Strong believers in “face” time

Generation X (born about 1965-1976)

Naturally skeptical
Extremely loyal employees
Use technology

Generation Y (Millennials) (born about 1977-1995)

Fastest growing generation in the workplace
Desire to make a difference
Multi-task at higher levels
Dependent on technology

According to a survey done by LexisNexis:

Two-thirds of all Boomers agree that Personal Digital Assistants (Blackberry, for example) and mobile phones contribute to a decline in proper workplace etiquette, and believe the use of a laptop during in-person meetings is “distracting”. Less than half of Gen Y workers agree.
Only 17% of Boomers believe using laptops or PDAs during in-person meetings is “efficient,” while more than one third of Gen Y do.
Only 28% percent of Boomers think blogging about work-related issues is acceptable, while 40% of Gen Y workers do.

A BPW Foundation’s Gen Y study published in April 2011 also noted that by 2025, Generation Y will make up roughly 75% of the world’s workforce. With this many millenials making up the majority of the workforce by 2025 — only 13 years away — employers can’t afford not to take notice.

In my discovery I learned that it is not necessarily about one generation using technology more than another–it is that each generation values and uses different types of technology for different purposes. What technology one generation values as a productive work tool, another generation may have another technology solution that works just as well.

Sep 21 2012

Shorten the Path to Smarter Decisions with Business Intelligence

Your business is riding on your decisions. How confident are you that you’re steering in the right direction? Unfortunately, your decisions will only be as good as the data they’re based on. And in most organizations, that data is notoriously difficult to gather.

A recent anonymous company had difficulty accessing the information it needed to monitor its performance and revenue against its competitors. The organization’s well-defined key performance indicators (KPIs) were practically useless because of the time it took to extract and manipulate data. As a result, if its competitor changed its pricing on January 1, it would take the company until early March to measure the effectiveness of the price reductions and promotional campaigns it had launched in response.

Sound familiar? If you’re like most decision-makers in small and midsized businesses, it probably does. Compiling data from a whole host of databases is a time-consuming task for many managers and executives. And if the information you need is stored in spreadsheets, you’ll have to spend hours combining it into one sheet—while trying to avoid breaking links, accidentally changing formulas, or making copy-paste errors. You’ll then face the challenge of sharing your data in a format that’s accessible and relevant for your entire distribution list. But here’s the worst part: because you’ve pulled data from multiple business systems—most of which you probably don’t use on a day-to-day basis—you and your colleagues may not understand what the data means, and how it fits into the overall business picture.

To put it bluntly, the deck is stacked against you. And there’s a simple reason why. As a business grows over the course of many years, the IT department will typically implement increasingly powerful business systems. These solutions will support many critical business functions—but they won’t necessarily talk to each other. Rather than wait for the IT department to build integrations or generate reports, many business users will simply dive into business systems themselves, pulling information as best they can to drive their decision-making. But with a limited understanding of the systems and databases they’re touching, these users run the risk of presenting an incomplete—or inaccurate—picture of the business.

In an ideal world, business users would have functionality at their fingertips that allows them to pull information from multiple business systems, slice and dice it on the fly based on their most urgent questions, and generate reports that will be relevant and accessible to their audience. This is the promise of business intelligence (BI) technology.

Who needs BI? Anyone whose decisions affect the direction of a business. This may include anyone from line managers and the finance department to C-level executives. And the need for BI isn’t confined to large enterprises.

In their hunger for good business information, decision-makers are no longer just saying, “I want information now, and I don’t care how I get it.” They’re saying, “I want information now, and I want to be able to do whatever I want with it.” They even want to be able to make decisions from anywhere at any time by using BI apps on their iPhones and iPads.

How can you meet the voracious demand for better decision-support data? Take a holistic approach to BI. Rather than simply finding and implementing the most highly-rated reporting solution your budget will allow, ask yourself:

• What’s the full scope of business applications we’ll need to report on?

• What types of data are we working with now—and how will that change over the next five years?

• What existing reporting solutions can we leverage?

• How can we deliver real-time insights to the mobile devices of our managers and executives?

• How can we analyze our corporate Facebook and Twitter account data alongside conventional business data?

• Could cloud-based BI be an answer for us?

The answers you come up with can guide you toward the off-the-shelf BI product, custom-developed BI solution, or cloud-based offering that best meets your long-term needs.

Sep 6 2012

Big iPhone/iPad Update Now Available

Reblogged from WordPress.com News:

Today is an exciting day! A new version of WordPress for iOS was just pushed live, and it's been dubbed the "biggest update ever". It features a completely re-imagined interface for both iPhone and iPad that takes mobile blogging to the next level. It's most noticeable on the iPad: a sliding panels interface enables you to quickly get to any part of the app and rediscover your content.

The True Cost of Avoiding Business Continuity Planning

Have you pushed business continuity planning to the back burner? If so, then the long-term survival of your company may be sitting on the back burner, too. Your competitive advantage hinges on having better data in larger quantities. When your access to this data is interrupted by systems failure, your operations will likely grind to a halt. You’ll be unable to open customer records and check account balances. You won’t be able to verify inventory levels before you commit to a delivery date. And you’ll struggle to extend appropriate discounts to your top customers—in fact, you won’t even have a way of entering these orders into the system.

These interruptions to business operations are much more common than you might think. Although major natural disasters may only occur once in a generation—or even once in a lifetime—many smaller disruptions can occur in the day-to-day operations of a business. At some point, you’re highly likely to experience a multi-tier or multi-server failure, caused by human error or hardware defects. These relatively small incidents may not be as damaging to your business as a tornado or flash flood, but they can keep your staff from making sales and serving customers for hours or days at a time.

For a transaction-based company, the cost of computing system downtime can be steep. For example, Arthur D. Little, Inc. has estimated that the cost of power outages can range from $41,000 per hour for a cellular communication provider to $6,480,000 per hour for a brokerage. The effects extend to manufacturers, too. McNeal Enterprises, a 115-employee machine shop in San Jose, California, once lost $200,000 in missed production and damaged parts during a 90-minute blackout.

The impact of systems outages on smaller companies—especially services providers—can be harder to quantify because employees are often able to work harder to make up for lost productivity. Nevertheless, losing access to business systems can lead to the kinds of delays and errors that drive customers to a competitor. And according to one commonly-cited source, out of companies that experience a major loss of business data, 43% never reopen, 51% close within two years, and only 6% survive long-term.3

If you’re considering implementing a business continuity and disaster recovery plan—or enhancing your current plan—you’re on the right track. But before you proceed, keep in mind that most companies approach business continuity in the wrong way. How? They focus on technology, putting new hardware in place without giving enough thought to the practical purposes it will serve.

Rather than concentrating on the systems you should purchase, then, we recommend you plan your business continuity using a four-phased approach centering on People, Processes, Technology, and Testing.

1. People.

Start your business continuity planning by asking, “What are the basic resources my staff will need in the event of an outage?” After all, if your people have nowhere to sit, no phones to use, and no internet access, all the backup hardware in the world won’t get your business up and running. And if you can’t keep your paychecks going out on time, even the most dedicated employees will have second thoughts about showing up for work. Unfortunately, many companies overlook the need to plan ahead for these essentials.

2. Processes.

Once you have a plan for your people to regain productivity during a disaster or systems outage, ask yourself two questions: “How do we make money?” and “How will we resume doing these things after an interruption?” If you’re a manufacturer, you can’t ship your products without generating invoices. If you’re a professional services provider, you can’t deploy your consultants effectively without seeing your team calendar. These are the business processes you’ll want to focus on restoring as quickly as possible.

3. Technology.

Already figured out which employees you need to have working again minutes after a system outage, and what you would like them to be working on? Now, select the technology that will make this possible. Data backup technology and redundant systems typically play a major role in the technology phase of business continuity planning. But depending on your business model, your people and process needs may rely just as heavily on smart phones, tablets, and mobile broadband. In any case, make sure you have your technology in place before you need it.

4.Testing.

It has been said many times: “A business continuity plan is useless until you’ve tested it.” But rather than simply testing your disaster recovery plan once a year, consider taking a staggered approach. Arrange to test a portion of your plan each quarter. You’ll stay fresher on what your plan calls for you to do, you’ll keep the testing process more manageable, and you’ll be able to more frequently implement changes in testing based on changes in your business environment.

Get Started!
If you’re looking for more than just technology, give Eide Bailly a call. Our technology and business consultants would love to speak with you about your business continuity and disaster recovery needs, and then help you make a plan that protects your bottom line. To schedule your free business continuity consultation, please call 866-324-0968 today.

Tech Talk

aligning technology with business