Show Some Love
To Your Business Continuity Plan
Wintertime can feel like a wonderland. There’s hot cocoa, cozy fireside conversations, glistening white snowfall, ice storms, power outages and tons of employee sick days.
You can’t predict the future, but a business continuity plan – BCP for short – ensures that unexpected events don’t slow you down because, in business, every minute counts – literally.
Downtime costs SMBs $137 to $427 per minute, according to a 2020 IBM report. Although the loss is smaller, extreme downtime is the ultimate undoing for many SMBs.
This month, while you’re rushing out to buy flowers or before you settle in for a cozy Netflix series, don’t forget to show your BCP some love too.
WHAT IS A BUSINESS CONTINUITY PLAN?
It’s just like it sounds – a plan to keep your business continuously running in the case of an unplanned event like a natural disaster, cyber-attack or human error. A BCP outlines processes and procedures your company will follow during a crisis. It considers operations, assets, human resources, technology and safety; in other words, it keeps necessary functions in your organization running until the disaster is handled.
Isn’t a disaster recovery plan the same thing? Disaster recovery plans focus solely on restoring your IT systems. It’s one – albeit critical – component of your BCP. If a winter storm knocks out your Internet, a disaster recovery plan restores data access and any IT services you may have lost.
Continued on page 2
Continued from page 1
WHY A BCP IS IMPORTANT
Let’s say your office suffers a major fire incident. Do you know where and how your employees would work? Would they be able to handle customer calls? Where would your executive team meet to make critical, time sensitive decisions? In addition to providing a plan for restoring your IT systems, a BCP is a practical framework for your entire company’s resiliency and financial sustainability.
Additionally, people want to know you have it together. If you hesitate or flounder in response to an emergency, you’ll lose the trust of your team and customers, and that’s incredibly hard to get back.
WHAT YOUR BCP NEEDS
A few basic elements make up a solid BCP framework for every business, no matter your industry.
1. Your company’s critical functions. What are the must-do activities in your business? This could be anything from order fulfillment to customer support. Knowing what’s absolutely critical to your company helps you prioritize during a disruptive emergency. Assess the likelihood and impact of these risks to understand what you’re preparing for.
2. Risk assessment. What types of crises could disrupt your business? These could range from natural disasters, like floods or earthquakes, to cyber-attacks or a key employee leaving unexpectedly. But don’t linger too long on this step because you can’t possibly think through every scenario – focus on recovery.
3. Recovery strategies. For each critical function and process, develop strategies to recover during a disruption. This might include alternative methods of operation, using different locations, employing backup systems, etc. Pro Tip: ditch wordy manuals and use flow charts and checklists to communicate plans to your team.
WHY A BCP IS IMPORTANT
Let’s say your office suffers a major fire incident. Do you know where and how your employees would work? Would they be able to handle customer calls? Where would your executive team meet to make critical, time sensitive decisions? In addition to providing a plan for restoring your IT systems, a BCP is a practical framework for your entire company’s resiliency and financial sustainability.
Additionally, people want to know you have it together. If you hesitate or flounder in response to an emergency, you’ll lose the trust of your team and customers, and that’s incredibly hard to get back.
WHAT YOUR BCP NEEDS
A few basic elements make up a solid BCP framework for every business, no matter your industry.
1. Your company’s critical functions. What are the must-do activities in your business? This could be anything from order fulfillment to customer support. Knowing what’s absolutely critical to your company helps you prioritize during a disruptive emergency. Assess the likelihood and impact of these risks to understand what you’re preparing for.
2. Risk assessment. What types of crises could disrupt your business? These could range from natural disasters, like floods or earthquakes, to cyber-attacks or a key employee leaving unexpectedly. But don’t linger too long on this step because you can’t possibly think through every scenario – focus on recovery.
3. Recovery strategies. For each critical function and process, develop strategies to recover during a disruption. This might include alternative methods of operation, using different locations, employing backup systems, etc. Pro Tip: ditch wordy manuals and use flow charts and checklists to communicate plans to your team.
4. Data backup and recovery. Check (and double-check) that all your critical company data is regularly backed up and can be restored quickly. Decide on off-site storage and cloud backups and establish protocols for data recovery.
5. Communication plan. This includes how you’ll communicate with employees, customers and stakeholders during a crisis. Who says what and through which channels? Include contact lists, communication templates and dissemination methods (e.g., e-mail, social media, website updates).
6. Alternative operations. If your main office isn’t usable or accessible,where will your team work? Do you have relationships with alternate suppliers if your primary ones are unavailable?
7. Review schedule. Your business will evolve, and so should your continuity plan. Create a schedule to run drills and update your plan regularly. Also, distribute it to everyone who needs to know, so everyone knows their role during a crisis.
IS A BCP RIGHT FOR YOUR BUSINESS?
There is absolutely no company – big or small – that’s not at risk of a disaster.
According to a 2022 threat report by ConnectWise, nearly two in three mid-size businesses experienced a ransomware attack in the last 18 months. One in five victims spent $250,000 or more to recover.
The odds are not in your favor when it comes to business risk.
Remember, the goal of a BCP is to minimize disruption to your business and help you get back to normal operations as fast as possible. Get with your team and review your BCP today. If you don’t have one, consider this your sign to get it done.
"Nearly two in three mid-size businesses experienced
a ransomware attack in the last 18 months"
Get a FREE Report Download: The Business Owner’s
Guide To IT Support Services And Fees
You’ll learn... The three most common ways IT companies charge for their services and the pros and cons of each approach.
• A common billing model that puts ALL THE RISK on you, the customer, when buying IT services; you’ll learn what it is and why you need to avoid agreeing to it.
• Exclusions, hidden fees and other “gotcha” clauses IT companies put in their contracts that you DON’T want to agree to.
• How to make sure you know exactly what you’re getting to avoid disappointment, frustration and added costs later on that you didn’t anticipate
Claim your FREE copy today at bensingerconsulting.com/buyersguide/
You’ll learn... The three most common ways IT companies charge for their services and the pros and cons of each approach.
• A common billing model that puts ALL THE RISK on you, the customer, when buying IT services; you’ll learn what it is and why you need to avoid agreeing to it.
• Exclusions, hidden fees and other “gotcha” clauses IT companies put in their contracts that you DON’T want to agree to.
• How to make sure you know exactly what you’re getting to avoid disappointment, frustration and added costs later on that you didn’t anticipate
Claim your FREE copy today at bensingerconsulting.com/buyersguide/
GET WEEKLY CYBERSECURITY TIPS IN YOUR EMAIL!
VISIT BENSINGERCONSULTING.COM/TIPS/
RESISTANCE TO RESILIENCE:
Learning To Live Without Limits
More than half of us will have given up on our New Year’s resolutions by December (and some of us already have). According to a 2020 Ipsos survey, 55% of respondents quit their resolutions before year’s end. Of those, one in 10 gave up in less than a month.
Our resolutions are often things we care deeply about – health, finances and relationships – so, why is it so hard to keep them? Speaker, author and self-proclaimed "most noticeable student" in school Nick Vujicic says it’s about aligning our hearts, minds and actions to stay resilient in the face of inevitable resistance.
Growing Through Resistance
Born without arms or legs due to a condition called phocomelia syndrome, Vujicic faced a lot of resistance early in his life. When he was born in 1982, Australian law prohibited disabled students from attending mainstream schools – until his mother had the law changed. Once in school, Vujicic faced relentless bullying. It got so bad that, at age 10, he tried to end his life. He survived and decided never to let himself or others impose limits on him again.
Today, Vujicic speaks to audiences worldwide, reminding us that when we hit walls of resistance, "You don’t go through it; you grow through it." Because without resistance, he adds, there’s no resilience.
Heart-Mind-Action Alignment
Trouble usually arises when we get stuck in what Vujicic calls “the battle of the mind” – when we’re handcuffed between our emotions and minds, ruminating over what people say or think about us, true or otherwise. You allow yourself or others to limit your beliefs about what you can or cannot achieve. But when crap hits the fan, positivity isn’t enough, Vujicic says. When faced with resistance, heart-mind-action alignment is critical to unlocking your resilience.
Our resolutions are often things we care deeply about – health, finances and relationships – so, why is it so hard to keep them? Speaker, author and self-proclaimed "most noticeable student" in school Nick Vujicic says it’s about aligning our hearts, minds and actions to stay resilient in the face of inevitable resistance.
Growing Through Resistance
Born without arms or legs due to a condition called phocomelia syndrome, Vujicic faced a lot of resistance early in his life. When he was born in 1982, Australian law prohibited disabled students from attending mainstream schools – until his mother had the law changed. Once in school, Vujicic faced relentless bullying. It got so bad that, at age 10, he tried to end his life. He survived and decided never to let himself or others impose limits on him again.
Today, Vujicic speaks to audiences worldwide, reminding us that when we hit walls of resistance, "You don’t go through it; you grow through it." Because without resistance, he adds, there’s no resilience.
Heart-Mind-Action Alignment
Trouble usually arises when we get stuck in what Vujicic calls “the battle of the mind” – when we’re handcuffed between our emotions and minds, ruminating over what people say or think about us, true or otherwise. You allow yourself or others to limit your beliefs about what you can or cannot achieve. But when crap hits the fan, positivity isn’t enough, Vujicic says. When faced with resistance, heart-mind-action alignment is critical to unlocking your resilience.
To realign your heart and mind to produce meaningful action, Vujicic suggests writing down the words Faith, Family, Friends, Fitness, Finance and Fun to create a "Grid of Happiness." Next, write down 10 short-term goals to achieve over the next 45 days that align with your happiness grid. Why? Vujicic says that achieving your dreams without short-term goals is like paddling a life raft with one paddle in the open ocean.
"You see no islands, and you get tired quickly because you don’t see progress." Once you re-frame your mindset, the next step in achieving your goals is investing in the skills and knowledge to reach them. Then, set aside the time, like three hours every Saturday, to work toward it. This will get you to your goals much faster, and you will have more resilience in the face of resistance. For example, if you want to write a book, set a goal to invest in a coach or read a how-to book.
Then, spend three hours every week working toward small goals, like writing the outline, and then the first chapter. Even if you’ve failed once, twice or many times before, learn from it and move on because Vujicic reminds us, "As long as you’re breathing, your story isn’t over."
"You see no islands, and you get tired quickly because you don’t see progress." Once you re-frame your mindset, the next step in achieving your goals is investing in the skills and knowledge to reach them. Then, set aside the time, like three hours every Saturday, to work toward it. This will get you to your goals much faster, and you will have more resilience in the face of resistance. For example, if you want to write a book, set a goal to invest in a coach or read a how-to book.
Then, spend three hours every week working toward small goals, like writing the outline, and then the first chapter. Even if you’ve failed once, twice or many times before, learn from it and move on because Vujicic reminds us, "As long as you’re breathing, your story isn’t over."
GET WEEKLY CYBERSECURITY TIPS IN YOUR EMAIL!
VISIT BENSINGERCONSULTING.COM/TIPS/
Old Malware, New Tricks
An old malware scam is reemerging with dangerous new tricks, causing significant problems for anyone who uses a web browser – i.e., nearly all of us. Hackers using the “update your browser” scam found new ways to hide malicious files, making it harder for security experts to locate and remove them. We’ll see more of this scam, so you need to be on the lookout.
What Is The Fake Browser Update Scam?
A website gets hacked by cybercriminals, who make a few changes. Namely, hackers use JavaScript requests to covertly replace the existing website content with a deceptive prompt for a browser update.
For example, if you use Chrome, you’ll see a page asking you to update your Chrome browser. Click on the update button, and you’ll download malware on your device.
What Is The Fake Browser Update Scam?
A website gets hacked by cybercriminals, who make a few changes. Namely, hackers use JavaScript requests to covertly replace the existing website content with a deceptive prompt for a browser update.
For example, if you use Chrome, you’ll see a page asking you to update your Chrome browser. Click on the update button, and you’ll download malware on your device.
Hackers know that users are told in security training to only click on links on trusted sites. They take advantage of that training by hosting their scam on a legitimate site, luring you into their trick.
But this time, the scam has a new tactic. Instead of hosting harmful files on the compromised site as they’ve done in the past, they’ve developed a way to store files on cloud services or even crypto-currency block-chain. This makes it a lot harder for cyber security experts to find and remove.
The first scam of this kind, ClearFake, was uncovered in October 2023. Since then, security experts at Proof-point have identified four threat actor groups using the fake browser scam to attack victims.
We keep hearing it – cybercriminals are using the latest tech to find new ways to exploit users. This is just the latest example.
But this time, the scam has a new tactic. Instead of hosting harmful files on the compromised site as they’ve done in the past, they’ve developed a way to store files on cloud services or even crypto-currency block-chain. This makes it a lot harder for cyber security experts to find and remove.
The first scam of this kind, ClearFake, was uncovered in October 2023. Since then, security experts at Proof-point have identified four threat actor groups using the fake browser scam to attack victims.
We keep hearing it – cybercriminals are using the latest tech to find new ways to exploit users. This is just the latest example.
What Can You Do About It?
First, no browser targeted in this scam – Chrome, Firefox or Edge – will ever have a pop-up or show you a page stating your browser is out-of-date. To check your browser’s status, go directly through your browser’s settings menu. Also, make sure you’re running very effective antivirus protection on all your devices. Antivirus will constantly run on your device, alerting you to suspicious activity.
Additionally, train your team on this new scam. Because it goes against usual training, you’ll need to step in and talk to them about how to look for signs of the fake browser update scam. We use browsers to do almost everything, so this won’t be the last time you hear about scams like this. Be sure to keep your systems updated (via your settings, NOT pop-ups) and use a strong antivirus program.
First, no browser targeted in this scam – Chrome, Firefox or Edge – will ever have a pop-up or show you a page stating your browser is out-of-date. To check your browser’s status, go directly through your browser’s settings menu. Also, make sure you’re running very effective antivirus protection on all your devices. Antivirus will constantly run on your device, alerting you to suspicious activity.
Additionally, train your team on this new scam. Because it goes against usual training, you’ll need to step in and talk to them about how to look for signs of the fake browser update scam. We use browsers to do almost everything, so this won’t be the last time you hear about scams like this. Be sure to keep your systems updated (via your settings, NOT pop-ups) and use a strong antivirus program.
