It’s February 2017. That happened quicker than anyone expected. While many of us are still trying to forget what happened in 2016, the truth is that it is time to prepare for what you need to do to ensure your business is safe and will thrive in 2017.
So what do we need to focus on? The technology world is so quick to evolve and it feels like there is a new product, app, cloud service or tool every day and it’s a “must have”. While all these new tools are great at a consumer level, they can often put a business in a tough position when traditional “in house” software is still utilized with what people assume is the exact equivalent available for free on the app store. We have seen an explosion in cloud services, apps and infrastructure, while security breaches have also increased at an alarming rate.
So while we review what 2016 brought and look forward to 2017, there are three key pillars we feel are critical in any technology that your business uses, large or small.
In the security world of I.T, 2016 was one for the record books. Over 2.2 billion records were stolen in 2016 alone (that we know of) and that number does not reflect on the amount of Crypto/Ransomware infections that occurred and resulted in businesses with lost data. And while you may think that most of these attacks are only aimed and enterprise level business or public cloud services, the truth is that over one third of security attacks are aimed at Small Business. Why you may ask? Well security budgets are much less with older equipment left in place for longer periods of time opening up the chance that vulnerabilities in these systems are often overlooked. Less sophisticated anti-spam systems (and sometimes none at all) are often used to save money, opening up users to being tricked in to clicking on ‘fake emails’ and the protection around a business’s data can often be overlooked, meaning if the crooks manage to get a hold of that data, or hold it to ransom, there is a greater chance of being paid by the business to get it back, as they have no other option. Another area in small business that can often lead to security vulnerabilities is the complexity of using the system once these safe guards are in place. Yes, it may be a pain to ask the I.T. department to install this particular program for you, but the fact you don’t have permissions to do that, means you also don’t have permissions to accidentally install a virus on your computer which can spread to your business servers. Sure, we understand that having to change your password every so many weeks and it needing to contain certain characters and numbers can be annoying, but the truth of the matter is that it is very important. Keeping old, weak, or the same password as other systems is a large security problem.
Take the Yahoo, LinkedIn or Tumblr hacks for example. Huge amounts of user account details were stolen, which has happened to many other ‘free services’ you likely use online for personal use. Assume you had an account on one of these sites and those details were distributed online. So what you may think, they force you to change your password next time you log in, why would anyone want my old Yahoo account. It’s not necessarily what’s in your account they are after, but your credentials. Hackers take these credentials and test them in bulk against other services online. So if the email of firstname.lastname@example.org with a password of ‘letmein123’ was used anywhere else online, they now have access to your other services. Flip that around to your place of employment where chances are your company allows access to emails on your phone or through a web browser. If that email address was email@example.com, it’s not too hard to guess where the email runs from. If you happened to use the same password at work, then the next thing you know someone has access to your business emails and anything else your account may have access to at work. This now becomes a business issue, not a personal issue, all because Yahoo got hacked and an employee used the same password.
You can use a site such as this one, https://haveibeenpwned.com/ to test if your email address shows up on any leaked accounts from previous data breaches.
Many years ago businesses had to worry about how people could get access remotely to their IT systems. Now it’s not about how, we already know that, because everyone wants to be able to work remotely from home or their mobile devices. It’s about making sure the wrong person doesn’t get access remotely pretending to be someone else, stealing or destroying data along the way.
Passwords are just one example of security that needs focus, with remote access methods, where data is stored, email protection, web protection, encryption of data and many other layers making up the entire picture of I.T. Security. Next time you say ‘why would anyone want to hack me’, think about the story above and how that could impact your business.
Backup / Business Continuity
So what happens to your business when it all goes bad? Something physical fails, a security breach occurs, there is a localized incident such as fire or flood, or the one many people forget about, human error occurs and something important is deleted. This is where your backup system kicks in and demonstrates how important it is to have backup. In a perfect world, you would never need your backup system, but nobody is perfect and when disaster strikes, you need to be able to get your data back and systems up and running quickly.
But often overlooked is how long the restore process takes and what would actually occur in that situation. It’s all good to sit and say ‘I have a backup’, but when was that backup taken, where is it kept (on-site, off-site or both?) and how long would it take to get your systems back up and running and what is the cost of recovery. This is a calculation that needs to be made by a business when investing in backup systems and why it is important not to look for the cheapest option available, as often, you may be forgetting about how much it will cost to have the business down for a day or two while the data is restored from that backup.
Cloud backup services have become very common in recent years and are often a first step for a business when exploring the use of the cloud. It presents as a risk free service to get your data backed up and away from your server infrastructure to another location. But if you have migrated to a cloud only option, how long will it take to get a copy of your systems operational again in the event of a disaster? How long would it take to restore 50% of the data on your file server if a disgruntled employee clicks delete on their way out the door after resigning? How much retention do you have in the cloud in the event something was removed or lost but not discovered for 6 months? These are all questions you need to ask your backup provider and ensure you are aware of the facts, how much an event would cost your business in comparison with the cost of your backup system.
In 2017, backup and the speed of restoration is going to be more important than ever. With the roll out of the NBN reaching more and more businesses across Australia and giving access to faster internet at lower prices, combining an on-premises backup with a cloud solution can give you the best of both worlds at a price not previously available, allowing rapid restore in the event of equipment failure or data removal, while also giving you the peace of mind that your data is in the cloud, in the event of a major disaster where everything on-premises was destroyed.
Infrastructure and Connectivity
While the cloud continues to grow at an ever expanding pace, as an established business you more than likely have some kind of on-premises server equipment still, whether it still be to host all of your systems, some of your systems, or your old systems. As time goes on, many businesses are moving to a hybrid cloud approach, where systems like Office 365 are utilized to provide traditional services at a lower cost such as Email, SharePoint and Skype For Business, while still having on-premises servers to hold the huge amount of data sitting on your file share or run a line of business application that does not yet have a cloud option.
As 2017 progresses and cloud services become cheaper, stability increases and they become more available in localized areas, there are going to be more options for moving platforms to the cloud that previously were not suitable for small business. Many application providers are either developing cloud options, or replacing their software with cloud only versions, meaning there is less and less need for on premise servers as time moves forward. These applications are not the only thing your servers support, however they often tie in to your company data and unless the business have resources available to take on projects such as software migrations or changing the way data is stored, those old file shares that traditional employees love and know won’t be going anywhere and the business will have to support that. While there is nothing wrong with that, there are other options available and as long as the correct provisions are made to secure that data, then that can continue to run as long as the business is happy to invest in that infrastructure.
Another approach that is becoming very popular with businesses is the concept of ‘virtual desktops’. For many people they are familiar with this concept through systems they have used or are using such as Citrix or Terminal Server / Remote Desktop. With this approach, your entire system lives in the cloud and you connect to it from any device with an internet connection through what is a ‘virtual desktop’. While this path allows you to operate without any server infrastructure on site, you still need devices to connect to those ‘virtual desktops’. The benefits to this mean you are able to leverage much more reliable infrastructure for your servers to run on, while basically renting the space off the cloud provider for a monthly fee. The underlying technology they use will far exceed what a small business can normally budget for, meaning you get enterprise level reliability for a fraction of the price it would cost you to put in comparable systems and allow you to “upgrade” your servers with the click of a button and a small increase to that monthly fee. That said, for the business that is using a small number of physical servers on site, the cost of cloud infrastructure may be more spread out over 3 to 5 years than what on-premises systems are.
While cloud computing continues to change the landscape for infrastructure and regardless of whether you take an on-premises, hybrid or full cloud approach to your operations, connectivity to the cloud is often forgotten about. A connection to the internet today is more critical to business than ever before, so ensuring that your connection stays up should be high on the priority list for 2017. Fortunately in this space, the NBN has allowed for faster and cheaper connections than ever before, but the NBN alone is not enough to ensure you stay connected. A fail-over connection in addition to your primary internet link to support your business is almost mandatory in 2017, especially if you are utilizing the cloud for any of your business critical systems. We recommend these fail-over links be able to kick in instantly with an alternate provider, using alternate technology (such as 4G, Wi-Fi, NBN, etc.) to ensure that if a cable is ever cut, your business will keep running.
In conclusion, the three main focuses for 2017 being Security, Backup/Business Continuity and Infrastructure/Connectivity are very much the same as they have been in the past. The difference in 2017 is that they need to allow for new scenarios and technology that are impacting our businesses quicker and harder than ever before.
If you want to discuss any of the items in this article and how they relate to your business, please contact us on 1300 138 761 or email us at firstname.lastname@example.org