the newsletter of tbd consultants - 4th qtr 2017
The USGBC led the way towards a greener building environment, and the USRC is now trying to inspire safer buildings. In this article we look at the USRC rating system for how buildings respond to earthquakes.
The WannaCry ransomware attack wreaked havoc on computer systems around the world, and showed the vulnerability of the computer systems we rely on for almost all of our day-to-day business. The NotPetya attack soon afterwards showed that people hadn't learned from the first attack. It was the most important assets, the data, that WannaCry and NotPetya went after, but even things like power-outages and hardware failures can prevent you being able to access your data, bringing your business to a halt. Disaster Recovery Plans are there to ensure your business is interrupted for as short a time as possible when worst comes to worst.
Making sure antivirus software is functional on all computers, having operating system updates applied regularly, and having good backups goes a long way towards minimizing the potential for data loss, and giving you a good chance of getting data restored in the event of problems occurring.
WannaCry and NotPetya both used the same basic exploit, hitting computers that had not had updates applied for several months (mostly Windows 7 machines), or that were using so-called legacy software that required the use of operating systems (like Windows XP) that no longer received updates. Keeping your network and its computers updated might be costly at times, but not as costly as an attack can be. It is estimated that almost 50% of companies hit by a disaster (which could include events above and beyond major data loss) do not reopen. The way Microsoft forces us to accept updates on Windows 10 suddenly seems a lot more reasonable.
Phishing emails are a very common way of introducing ransomware and other malware to a nework, so educating users about good email practices (don't open attachments or click links if you have the slightest suspicion about the sender) can be an excellent strategy for protecting your data.
With backups, it is important to have copies maintained off-site as well. A fire that destroys a server will almost certainly destroy the backup hard drive alongside it, and if that hard drive is connected to the network, the ransomware that encrypts the files on the server will almost certainly encrypt those on the backup drive also, or delete backups as WannaCry was programmed to do.
To prepare a disaster recovery plan, a company would need to assess the effects of various potential disasters on the company, see what plans can be implemented for mitigating such disasters beforehand (such as installing UPS systems and emergency generators), set up protocols for initial responses to get back up and running (short-term plan), and then to get the system back to full capacity (long-term plan). Such procedures should also be practiced, not only to test if they actually work, but so staff knows what to do in the event of a disaster happening.
A disaster recovery plan should form an important part of a larger, Business Continuity Plan, that addresses additional issues such as where people might work from if the current business premises was rendered uninhabitable, and how you might staff the business if a virus epidemic (for instance) hospitalized a sizable proportion of your employees.
Businesses also need to consider who has knowledge of, and access to the business continuity plan if disaster strikes. It is not going to be much use if it ends up as one of many encrypted documents that you can't access after a ransomware attack. Build resilience into your network.
The current bull market has been running for over eight years, which is remarkable in itself, but especially so considering all the uncertainties that have been plaguing us in the political and international fields. In this article we look at the resilient economy, with its strong corporate revenues, that has been driving the market.
Design consultant: Katie Levine of Vallance, Inc.