Following a number of successful digital transformation projects and business premises relocations, the word is out about CTO’s exceptional customer service and business IT support in Huddersfield.

Businesses in Huddersfield are turning to Core Team One – The Cyber Security & IT Support Experts.

IT Support in Huddersfield

Managed IT Services and remote IT support can be performed from pretty much anywhere these days, but being positioned just a few minutes from the city centre means we are perfectly positioned to provide on-site IT project management and reactive IT support to Huddersfield and the surrounding area.

Just ask one of our customers:

“Having a trusted partner such as CTO has made the time sensitive premises move possible, without them we wouldn’t have met the deadline. Right from initial contact to completion, we couldn’t have asked for anymore. John and the team have taken the pain away from moving and kept us up to date every step of the way. Above and beyond for us and I can’t thank them enough.” – Lee Emmett, Abaris International Ltd

Read their case study here.

Cyber Security in Huddersfield

As well as IT Support, more and more businesses in Huddersfield are coming to CTO to improve their Cyber Security posture and reduce their attack surface.  Many small & medium size businesses use cloud services like Microsoft 365 to bring enterprise grade functionality to their operations, but sadly their MSP’s let them down when it comes to the Security features available when running services in the cloud.

CTO can perform a deep IT Audit to analyse the gaps in your Cloud Security and provide a road map to help you mitigate risks and protect your organisation.  Our configurations stand up against Cyber Essentials & Cyber Essentials Plus accreditations as well as guidelines from governing bodies like the FCA.  All of this can help with your business’s cyber insurance.

 

If you think your business IT system may need sharpening up by the experts, and you are based in or around the Huddersfield area, then call CTO – your local Cyber Security & IT Support Experts.

Cloud levels the playing field for medium-size businesses, equipping them with the same technologies via digital transformation as their enterprise counterparts. Cloud delivers affordable access to enterprise-class solutions offering midsize businesses the full functionality of practically every enterprise-grade application, this is a market segment prepared to compete.

Thanks to the maturity of cloud-computing technology, the cloud now offers practical, real-world solutions to businesses of all sizes. The cloud accelerates a medium-size businesses’ agility, scalability, and responsiveness. It has revolutionized the economics of the way many midsize companies conduct business.

TOP SIX CHALLENGES FACING MID-SIZED BUSINESSES

1. Infrastructure limitations
Growing businesses need technology that scales with them, providing the additional storage and computing power they need-when they need it.
2. Rapid rate of change
Technology is changing rapidly, and without sufficient internal technical expertise and large IT budgets, medium-size businesses are at a disadvantage in keeping up.
3. Security and compliance mandates
Businesses of all sizes are facing an increasing compliance burden, primarily surrounding the safe storage of sensitive data.
4. Keeping systems up and running
IT availability is vital for medium-size businesses, where even brief downtime can jeopardize profitability and company reputation.
5. Backup and disaster recovery
Medium-size businesses need secure, reliable, and cost-effective disaster recovery and business-continuity protection.
6. Protection from cyber threats
Midsize businesses understand they must combat cyber attacks, yet most lack sufficient internal resources to combat them.

BUSINESS REQUIREMENTS FOR MID-SIZED BUSINESSES

• Security and disaster recovery
Cloud applications are updated automatically, fixing any bugs or identified vulnerabilities. Data are stored offsite, routinely backed up, and made available through redundant systems.
• Connectivity and reliability to ensure continuity
Critical applications must be available at all times. Firms must be able to continuously monitor their infrastructure to prevent any potential downtime.
• Communication and collaboration
Medium-size companies must encourage and support productivity, and facilitate productive communication and collaboration across the organization and in customer-facing communications.
• Solutions that scale
To retain their competitive edge, medium-size companies must be able to rapidly scale, pivot, and address changing market conditions, new product or service offerings, and potential disruptions.
• Always-on accessibility
An increasingly mobile and distributed workforce expects their “office” to be wherever they are located.

WHY CLOUD?

Access to enterprise-class infrastructure

Cloud delivers affordable access to enterprise-class solutions, including scalable computing power, storage options, and databases – with predictable cost structure.

Scalability

Cloud provides virtually unlimited data-storage capabilities, growing as companies’ need for more storage grows.  Resources can be added or shelved in response to growth or a change in focus.

Security and disaster recovery

Disaster-recovery protocols are aided by the fact that data is stored offsite, routinely backed up, and made available through redundant systems.

Cost-effective

Cloud models can be economical and help reduce operational expenses.  Companies save on the upfront costs associated with hardware and software, as well as overhead costs on power, cooling and maintaining equipment.

Promotes collaboration

In a world where remote work is commonplace, cloud-based applications offer the ability to collaborate with remote employees, locally or internationally.

Cyber Security

To protect themselves, midsize businesses need comprehensive yet cost-effective network security solutions to mitigate risk to their business and prevent the financial and reputational damage created by data breach.

Contact us to learn more…

Financial companies want to stay ahead, but security and compliance are prime concerns

Financial companies are heavily regulated and frequently scrutinized. While these companies increasingly are moving to Banking on the Cloud, 81% of banking CEOs are concerned about the speed of technological change.
In addition, personal financial information is in high demand by hackers. Balancing compliance and security mandates, providing customers with
a modern user experience, and ensuring overall profitability is an ongoing challenge.
There is tremendous opportunity for VARs and MSPs to familiarize themselves with the intricacies of finance firms and help them in their digital transition to Banking on the Cloud.

TOP SEVEN CHALLENGES FACING FINANCIAL SERVICES COMPANIES

1. Manage risk
Without real-time compliance data, organizations are at risk for noncompliance and have an increased risk of fraud.
2. Thwart cyber-security threats
The threat and impact of cyberattacks on the financial sector is increasing.
3. Overcome the legacy IT factor
Many financial services companies are relying on decades-old software to power their day-to-day business.
4. Optimize the customer experience
Financial services firms must meet changing customer expectations and competitive pressures.
5. Utilize high-performance computing
Financial services firms require high-performance computing (HPC) solutions and an enterprise-grade platform to perform computationally intensive tasks.
6. Leverage analytics and reporting
Financial institutions need a way to access, consolidate, and manipulate data in a meaningful way.
7. Improving communication
Firms require secure and often encrypted communication options for internal and customer-facing communications and must balance cost, regulations, and confidentiality.

BUSINESS REQUIREMENTS FOR FINANCIAL COMPANIES

• Leverage big data for real-time insights and guidance
Big data helps financial companies manage governance, risk, and compliance; provide better customer insight and service; optimize pricing and lending strategies; and promote better operational efficiencies.
• Communication and collaboration
Financial services companies must have productive communication internally and with customers.
• Compliance
Financial firms’ software systems must support and enforce compliance mandates.
• Encrypted messaging
FSI firms must ensure compliance with jurisdiction-specific data privacy and protection rules while securing sensitive company and customer data.
• Security
Big data makes it possible to capture real-time activity and immediately detect anomalies, detecting fraudulent behaviour before any harm can be done.
• Connectivity and reliability to ensure continuity
Firms must be able to continuously monitor their infrastructure to prevent any potential downtime and minimize its impact on business if it does occur.

WHY CLOUD?

Agility

Many financial services companies are big bulky. Cloud-based platforms are scalable on demand, nimble and adaptable enabling FSI companies to react and respond more quickly.

Safer data handling

Cloud provides an additional layer of protection above data stored on employee laptops or USB drives, which can easily be stolen or lost.

Cost and time savings

Businesses can expand their use of cloud services without extra hardware purchases and with little or no software costs or maintenance fees. Cloud services are typically subscription-based, and FSI companies can scale requirements up or down according to needs.

Scalability

The cloud gives financial institutions the ability to rapidly scale processing capability up and down, according to ever-changing market developments and customer demands on a global scale.

Low-cost storage

The cloud provides easily scalable storage that can be increased or decreased almost instantaneously. Many cloud providers offer storage solutions for a fraction of the cost of purchasing, operating and maintaining internal storage servers.

Compliance efficiencies and big-data insights

Cloud-based tools can help organisations stay on top of regulatory compliance demands and enable then to perform data-analysis projects.

leading-edge security

Cloud service providers (CSPs) have invested in leading-edge security and implemented date privacy best practices. CSPs are typically able to offer levels of security when Banking on the Cloud, most companies lack the expertise or resources to implement and manage on their own.

 

The hero offering for small and medium sized business customers.

Microsoft 365 Business Premium is a complete, intelligent solution that combines Office 365, Windows 10, and Enterprise Mobility + Security to empower employees to be creative and work together, securely. It integrates Microsoft’s best-in-class productivity tools with advanced security and device management capabilities to help safeguard your business.

KEY FEATURES

Work together anywhere

Access your emails, contacts, and calendars across your devices even when offline with Outlook to help you stay connected to customers or coworkers. Connect with customers and coworkers using Microsoft Teams to instant message to answer quick questions, or host or join an online call or video meeting from your favourite device. Easily present, share and collaborate on documents (or a virtual whiteboard) within the meeting space.

Enterprise-grade device management and security capabilities

Protect your data and devices against malware, malicious attacks, and device loss or theft. BitLocker, BitLocker to Go, and Windows Information Protection helps protect business data on mobile devices by ensuring all business data is encrypted and accessible only by authorized users. Further protect Windows
10 devices from unauthorized access using Windows Hello multi-factor authentication to strengthen your users’ device credentials.

Help protect your devices, data, and people

Know that lost or stolen devices are protected with Windows 10 built-in encryption capabilities like BitLocker and BitLocker to Go. Help prevent accidental data leaks by securely separating business information from personal information with Windows Information Protection and perform a remote Selective Wipe of business data on demand while leaving personal data untouched. Make sure employees always have access to files while confining company information to Office apps, using App Protection.

Get up and running fast

Save time by easily configuring security features and settings on Windows
10 devices with Mobile Device Management, fully automating your Windows installation with Windows AutoPilot, and enabling or disabling Windows Store or Cortana on company-owned devices with Enhanced Manageability.

KEY BENEFITS

Work better together and get more done

Collaborate, share, and communicate with flexible tools that go where your team goes. Connect better with customers and colleagues with a range of communication tools, from email and IM to social networking and video conferencing. With multiparty HD video, content sharing, shared calendars, and team chat, you’ll always be in sync with your team. Further increase productivity with Office apps enhanced with the latest AI tools.

Make better decisions with intelligence and analytics

With various analytics and intelligence capabilities, Microsoft 365 Business Premium gives you the insights and assistance you need to do your best work every day.

Scalability

With Microsoft 365 Business Premium, you pay for what you use. As your organization grows, you simply pay for the additional services and storage needed.
More control for your IT staff

Last week I was party to a discussion on LinkedIn regarding recruitment agencies being approached by companies offering them work, mainly just to payroll some employees due to some difficulty they have had in processing. The companies involved approached the recruitment agencies by phone and email and this was subsequently identified as a scam.

In terms of the email approach, some had opened the email and this had pointed them to a bogus (but convincing) website for the fraudulent company. Naturally, I mentioned the recruitment agencies should be really careful opening such emails, as they most likely contain executable files and phishing links, which could activate ransomware. Some recruitment agencies replied they had seen no ill effects from engaging with the email, ….yet.

YET – that’s the critical point.

You see, modern cyber criminals tend to engage in what can be described as Cyber Kill Chain activity whereby ill-effects will not be experienced immediately, but rather after a period of time based on a devious and cunning process they follow over several weeks or months to breach a network and steal data.

So how does the Cyber Kill Chain work?

There are several core stages in the cyber kill chain. They range from Reconnaissance (often the first stage in a malware attack) to Lateral Movement (moving laterally throughout the network to get access to more data) to data Exfiltration (getting the data out). All of your common attack vectors – whether it be a phishing email (like in the example above) or brute force attack or the latest strain of malware – can trigger activity on the cyber kill chain.

Each stage is related to a certain type of activity in a cyberattack, regardless of whether it’s an internal or external attack as follows:

Reconnaissance

In every heist, you’ve got to scope the joint first. The same principle applies in a cyber-heist. It’s the preliminary step of an attack, the information gathering mission. During reconnaissance, a cyber -attacker is seeking information that might reveal vulnerabilities and weak points in the system. Firewalls, intrusion prevention systems, perimeter security – these days, even social media accounts – are identified and investigated. Reconnaissance tools scan corporate networks to search for points of entry and vulnerabilities to be exploited.

Intrusion

Once the cyber-attacker has gathered the intel, it’s time to break in. Intrusion is when the attack becomes active. Cyber-attackers can send malware – including ransomware, spyware, and adware – to the system to gain entry. This is the delivery phase: it could be delivered by phishing email (like in the example above) or it might be a compromised website (or a bogus but convincing website, like in the example above) or a compromised login (without MFA, for example). Intrusion is the point of entry for an attack, getting the cyber-attackers inside.

Exploitation

Now the cyber-attacker is inside your door, and the perimeter is breached. The exploitation stage of the attack exploits the system. Cyber-attackers can now get into the system and install additional tools, modify security certificates and create new script files for nefarious purposes.

Privilege Escalation

Cyber-attackers then use privilege escalation to get elevated access to resources. Privilege escalation techniques often include brute force attacks, preying on password vulnerabilities, and exploiting zero-day vulnerabilities. They will also modify GPO security settings, configuration files, change permissions, and try to extract credentials.

Lateral Movement

Cyber-attackers now have ‘the run of the place’, but they still need to find the vault. Cyber-attackers will move from system to system, in a lateral movement, to gain more access and find more assets. It could also be termed an advanced data discovery mission, where attackers seek out critical data and sensitive information, admin access and email servers – often using the same resources as IT and leveraging built-in tools like Powershell – and position themselves to do the most damage.

Obfuscation (anti-forensics)

Put the security cameras on a loop and show an empty elevator so nobody sees what’s happening behind the scenes. Cyber-attackers do the same thing. They conceal their presence and mask activity to avoid detection and thwart the inevitable investigation. This might mean wiping files and metadata, overwriting data with false timestamps (timestomping) and misleading information or modifying critical information, so that it looks like the data was never touched.

Denial of Service

Jam the phone lines and shut down the power grid. Here’s where the cyber-attackers target the network and data infrastructure, so legitimate users can’t get what they need. The denial of service (DoS) attack disrupts and suspends access and could crash systems and flood services.

Exfiltration

Cyber-attackers always have an exit strategy. The attackers get the data: they’ll copy, transfer, or move sensitive data to a controlled location, where they do with the data what they will. Ransom it, sell it on Ebay, send it to WikiLeaks. It can take days to get all of the data out, but once it’s out, it’s in their control.

All of this activity can take days, weeks, or months to complete, but to cyber-attackers it’s well worth the time and effort, because data is an extremely valuable commodity.

The recent BA breach ICO report illustrates how a clever hacker was able to use the Cyber Kill Chain approach to cause a significant data breach. This is a simplified explanation, but this is basically what happened.

  • Reconnaissance – A Swissport employee based in Trinidad & Tobago was the first step in the attack chain and was identify as a target with a weak security posture.
  • Intrusion -The Swissport employee had remote access to BA’s network using Citrix. Multi Factor Authentication wasn’t enabled meaning there was a way into BA’s network from what might be viewed as a legitimate source.
  • Exploitation – BA’s Citrix configuration allowed the attacker to breakout of the limited environment and take a look around their network.
  • Privilege Escalation – The attacker found domain administrator credentials in a file in plaintext. This allowed the hacker to have the ability ‘move’ to more commercially sensitive areas of the network.
  • Lateral Movement – The hacker then used this access to scour the internal network to specifically find payment card details in log files on servers.
  • Exfiltration – The attacker installed a script on the BA website to steal payment card information and personal data.

This above attack took approximately 3 days!

[vc_row][vc_column][vc_column_text]

7 Scary Cybersecurity Statistics and Recommendations to Improve Security

A cyberattack is a scary event. It can shut down your business, cripple government agencies and incapacitate hospitals and other healthcare providers.

Here are seven cybersecurity statistics and recommendations that should get you thinking about new ways to enhance your IT security posture.

  1. 43% OF SECURITY BREACHES AFFECT SMBs – In 2020, small and medium-sized businesses will continue to be primary targets of cyberattacks. Many businesses struggle with IT budget constraints and lack proper cybersecurity resources, which hackers routinely take advantage of.

    RECOMMENDATION: Automate patch management to stay up to date with security patches. In the Kaseya 2019 State of IT Operations survey, only 42% of organisations had, or planned to have, automated patching.

  2. 29% OF BREACHES IN 2018 INVOLVED THE USE OF STOLEN CREDENTIALS – Compromised passwords are a major threat to businesses. Passwords can be hacked with brute force attacks, stolen through email phishing scams and purchased on the dark web.

    RECOMMENDATION: Tighten your password security protocols and implement authentication methods like two-factor authentication (2FA) and single sign-on (SSO) for enhanced security. Organisations also need dark web monitoring to proactively check whether their compromised credentials are being shared on the dark web. With dark web monitoring, organisations can take steps to prevent a data breach from occurring.

  3. 3.5 MILLION UNFILLED CYBERSECURITY JOBS PREDICTED BY 2021 – The cybersecurity skill gap is a major threat to organisations. 53% of organisations report a problematic shortage of cybersecurity skills.

    RECOMMENDATION: Address the skill gap by implementing cybersecurity training or partner with academic institutions to nurture cybersecurity talent.

  4. ON AVERAGE, SMALL COMPANIES LOSE OVER $100,000 PER RANSOMWARE INCIDENT – Ransomware has been on the rise over the past couple of years, knocking out some city services and forcing others to revert to paper records. The effects of a ransomware attack can be very damaging to small or midsize businesses and the expensive nature of these attacks can be attributed to costs associated with downtime and recovery.

    RECOMMENDATION: Implement a reliable Backup and Disaster Recovery (BDR) solution that automatically tests backups to ensure recovery. Choose a BDR solution that is integrated with your endpoint management tool.

  5. 32% OF DATA BREACHES IN 2018 INVOLVED PHISHING ACTIVITY – Phishing featured in 78% of cyber espionage incidents in 2019. Phishing is a method of gathering personal information, including login credentials, through the use of deceptive e-mails to get unsuspecting recipients to click on malicious links.

    RECOMMENDATION: Organisations can avoid phishing attacks by training their employees to identify phishing emails and to report any phishing activity. Tools are available to help with this type of cybersecurity training. Tools are also available to help identify and quarantine phishing emails.

  6. 8 OF THE 10 MOST EXPLOITED SOFTWARE VULNERABILITIES LAST YEAR INVOLVED MICROSOFT PRODUCTS – The most exploited vulnerability in 2019 involved Adobe Flash Player while there were four for Internet Explorer and three for Microsoft Office.

    RECOMMENDATION: Be sure to have an automated patching process in place that covers Windows and macOS operating systems, browsers and third-party applications.

  7. THE AVERAGE COST OF A DATA BREACH WAS $3.92 MILLION IN 2019 – Data breaches are extremely costly. For example the U.S. incurs the highest average data breach cost at about $8.2 million.

    RECOMMENDATION: Use an endpoint management solution that integrates antivirus, backup and patch management in a single console.

The above statistics show that cyberattacks and data breaches can be a huge threat to your business. It is critical for your organisation to establish a strategy to mitigate security risks. Even if you are a small business with a limited budget, you can achieve enterprise-level security with CTO RMM (Core Team One – Remote Monitoring & Management). CTO RMM is a remote monitoring and endpoint management solution that allows us to manage and secure your entire IT and provide you with peace of mind.

Sources: 2019 Data Breach Investigation Report by Verizon, Cybersecurity Jobs Report by Cybersecurity Ventures, Second Annual State of Ransomware Report by Osterman Research, Criminal Underground Continues to Target Microsoft Products in Top 2019 Vulnerabilities List by Recorded Future, Cost of a Data Breach Report 2019 by the Ponemon Institute.

Many of our team have recommended and sold Veeam backup and replication over the years, because it’s simply great!

Why?

Well for over a decade, Veeam has been the leading provider of backup, recovery, and replication solutions. Whilst the company initially focused on server virtualization for VMware environments and quickly became the leader in this category, in recent years, Veeam has expanded on this core backup and recovery offering, delivering integration with multiple hypervisors, endpoints and physical servers, along with public cloud (IaaS – Infrastructure as a Service) and SaaS based (Software as a Service) workloads.

In addition, Veeam® is the leader in backup solutions delivering Cloud Data Management™, serving over 365,000+ organizations across the globe, widely recognised as #1 for Microsoft Office 365 Backup and #1 for Market Share in Europe.

Best Advice

As a company keen to offer the best in business continuity and disaster recovery solutions to our clients, CTO has numerous staff qualified as Veeam Sales Professionals and Veeam Technical Sales Professionals and are well placed to offer the best advice on backup, recovery and replication solutions for its clients.

Please take a look at our dedicated web page here to see how we could assist your business and keep your data safe.

Many thanks

Richard

Small businesses are under attack. Right now, extremely dangerous and well funded cybercrime rings in China, Russia and the Ukraine are using sophisticated software systems to hack into thousands of small businesses to steal credit card and client information, and swindle money directly out of your back account. Some, allegedly, are even being funded by their own government to attack small, virtually defenceless businesses.

Don’t think you’re in danger because you’re ‘small’ and not a big target like Vodafone and HSBC? Think again. 82,000 NEW malware threats are being released every single day and HALF of the cyber attacks occurring are aimed at small businesses; you just don’t hear about it because it’s kept quiet for fear of attracting bad PR, legal cases and data-breach fines, and out of sheer embarrassment.

In fact, a recent report stated that one in five businesses have been the victims of cybercrime last year – and that number is growing rapidly as more businesses  utilise cloud computing online and mobile devices, and store more information online. Quite simply, most businesses are low-hanging fruit to hackers due to their lack of adequate security systems.

Compounded by COVID

As we enter another period of lockdown (likely to be several months), you need to be prepared for Cyber criminals who are using the pandemic to their advantage in order to gain access to business data. BBC News highlights that online groups are continuing to prey on fears of the coronavirus and sending ‘phishing’ emails. The scams may claim to have a ‘cure’ for the virus, offer a financial reward, or encourage you to donate. However, if clicked, you or your employee could download ransomware to the computer and spread it across your company’s network.

So what can you do?

Collaboration

Your team must continue to collaborate, therefore you need to provide them with the right tools so they feel empowered to do this. CTO can offer guidance on implementing Software as a Service (SaaS) applications and can help you choose and roll out a range of popular services, such as chat rooms, video conferencing and document sharing.

Secure Your Home Workstation

Ensure you have fully patched and updated anti-virus and anti-malware software. It’s important to follow the same best practices you would as if you were in the office, and report any suspicious activity or concerns to internal IT or your MSP.

Use a Secure WiFi Network

If possible, you should work on your secure, private home network instead of relying on public WiFi. If you send your data through an unsecured WiFi connection, you lose the power of privacy making it possible for cybercriminals to intercept your data. You may be putting personal information at risk if you are accessing your email account or sending sensitive data over a public WiFi network. It’s essential to ensure your network is secure through the use of a Virtual Private Network (VPN) and a strong password that isn’t easily cracked. Alternatively adopt Two Factor Authentication for accessing devices – this is actually free with Windows 10.

But why use a VPN?

They are encrypted network connections that allow your remote workforce to securely access your company’s
systems. And if you need to set up new accounts or accesses so your team can work efficiently from home, you should set strong passwords for user accounts. In particular, you should implement two-factor authentication (2FA) if available.

Coordinate With Your Internal IT or MSP

When working remotely, it’s crucial to continue your typical cybersecurity best practices and reach out with any questions or concerns. If something has happened to your device, early reporting may help minimise the risk to business data. By providing clear and basic information this will help your employees stay connected and ahead of cyber threats. If you would like further advice on remaining productive, without increasing cybersecurity risk don’t hesitate to reach out to CTO.

Many thanks

Richard

Senior Consultant | Phone: 01135329800 | Email: richard@coreteamone.com

How ‘capable’ is your Backup/Disaster Recovery plan? Can you recover to an hour, a day or a week ago? How long will it take to recover?

Recent press stories have shown that many Users and indeed Multi-National Companies are in the dark when it comes to their backup regime. This can be as diverse as an Office 365 User backing up to a USB disk rather than the ‘free and bundled’ OneDrive system, to global brands who struggle to resume normal service quickly in a disaster recovery scenario.

Indeed, back in July it was reported that Garmin, the internationally renowned navigation company, had suffered a ransomware attack resulting in their systems being down for several days. Not only did this attack have a financial implication of a potential £10M ransom payout, it also had significant micro-economic effects in terms of customers being unable to download fitness sessions and pilots prevented from downloading flight plans for aircraft navigation systems.

Furthermore in August it was reported Adobe, the developer of the world’s best creative apps and services made an update to its Lightroom photo manager application subsequently resulting in the deletion of a swathe of images on Users’ iPhones, iPads and iPod Touches. This update was particularly severe on professional photographers who in some cases had lost two years of edits and, no doubt, faith in an application they have relied on significantly for years.

How embarrassing!

In both cases, if the Companies concerned and Users involved had a decent backup/disaster recovery regime in place, they could have rolled back to the last ‘clean’ backup prior to the ransomware attack and faulty application update, thus bringing services back online in a timely manner and avoiding significant customer inconvenience.

Here at CTO we offer a comprehensive range of backup solutions through both Veeam and Datto that can protect customers in the event of a disaster and will specify the perfect solution for you.

Recovery Point Objective and Recovery Time Objective

CTO are highly proficient in designing, specifying and deploying a secure, reliable and fit-for-purpose business continuity/disaster recovery solution.

CTO look at the Recovery Point Objective (RPO) – which is how far to roll back in time and the maximum allowable amount of lost data measured in time from a failure occurrence to the last valid backup.

Plus the Recovery Time Objective (RTO) which is related to downtime and represents how long it takes to restore from the incident until normal operations are available to Users.

To put this into context, RPO is about how much data you can afford to lose before it impacts business operations. For example, for a banking system, 1 hour of data loss can be catastrophic as they operate live transactions. At a personal level, you can also think about RPO as the moment you saved a document you are working on for the last time.

In case your system crashes and your progress is lost, how much of your work are you willing to lose before it affects you?

On the other hand, RTO is the timeframe within which application and systems must be restored after an outage. It’s a good practice to measure the RTO starting with the moment the outage occurs. Instead of the moment when the IT team starts to fix the issue. This is a more realistic approach as it represents the exact point when the users start to be impacted.

Would you like help aligning your RTO and RPO values with your business needs?

There is no one-size-fits all solution for a business continuity plan. Companies operate in different sectors with different needs and therefore have varied requirements for their recovery objectives. However in conjunction with the client, who know their business best. CTO can conduct a Business Impact Analysis (BIA) to analyse your applications. It can determine which of them are driving your business, generating revenue and are imperative to stay operational. We can then design a ‘capable’ solution tailored to your needs.