Keeping Your SMB Bring-Your-Own-Devices Secure

If you have a small or medium sized business, it is likely that you have staff who are bringing their tablets, phones, iPads, and laptops to work every day. However, all of this puts your business to risk as they can also bring malware into your network.

On top of this, any of these devices can be lost, misplaced, or stolen. Since its extremely likely that your staff are using these devices for their work, think about all of the information that could be on there about your company…and it happens because Joe in accounting left his cell phone on the counter at a local coffee shop, and a hacker picked it up.

Also, think about this: depending on how successful your company is, there also might be a list of clients found on the devices, or at least a few. Now, someone has access to your clients, and what is stopping them from contacting your competitors and sharing your sensitive company information…for a price, of course.

Hacking also often involves the act of phishing where an employee will open up an email and then click on a link or open an attachment. When this happens, malware is unleashed, and the device and network is at risk.

Here are some tips to keep devices secure that you can share with your staff:

  • Only use apps that have been purchased from a reliable source like iTunes or Google Play.
  • Do not reuse passwords and use a different password for each login that you have.
  • Keep all apps and operating systems updated. Any update that comes in should be downloaded and installed immediately. Don’t choose to update later, as this is a great opportunity for hackers to get into a vulnerable app.
  • Start using anti-virus software. These apps can be found in iTunes or in the Google Play store.
  • Be cautious when installing anything with a “free download.” Sometimes viruses and malware can be found there, and they can get out onto your network before you know it.
  • Choose the feature where device passwords are protected and wiped clean after a certain number of log-in attempts.
  • Make sure that all staff understands that free Wi-Fi spots are not secure. So, they should be using a VPN anytime they are trying to connect to a free Wi-Fi network.
  • Phishing scams are becoming more common than ever before, so make sure that your staff knows how to recognize scams like this.
  • Don’t trust email addresses that you don’t know and don’t trust any email that claims it is coming from the CEO or Board of Directors unless it’s an email that you can verify.
  • Do not use any device that is jailbroken. This opens it up to too many viruses.

Understanding MDM

Mobile device management software, or MDM, should be used. This software helps to protect devices, and it is a safety net for any type of business or personal device. For instance, if a mobile device is lost and the person who finds it tries to enter the passcode a certain number of times, the device will lock out the person doing it. You can also set it so that the entire device is erased if there are too many login attempts. MDM also offers firewall protection, encryption, and antivirus capabilities. Additionally, it can monitor the system to add another level of security. There should be a policy in place that every employee must use this software on their device, or they can’t use it.

Utilize Additional Experts

“Do it yourself” information security for small business in theory might seem to save a few bucks. But in the long run it might cost your small business a lot more. Engaging experts such as Managed Security Service Providers, or for smaller businesses, also known as a Virtual CISO’s (chief information security officer), can run the most comprehensive vulnerability scanning software among other ethical hacking tools, will make sure bad guy hackers can’t get in and make a mess of all you have worked for.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Protecting Your Parents from ID Theft

When we look at statistics,most of the people who are victims of ID theft are 50 years old or older. Unfortunately, cyber criminals have no issue taking advantage of older adults and seniors, including your parents.

old parentsThese crooks violate their trust and take advantage of their ignorance of the online world. People over 50 also tend to have more money and savings including retirement funds.

Here are some scams that are commonly pulled on older adults and seniors…like your parents.

Common Scams Targeting Your Parents

  • They get an email that seems like it is coming from their bank, the FBI, IRS, etc. The email claims that there is an issue that needs to be taken care of ASAP. Typically, it’s financial, so the scammer asks for their bank account information, or it’s for information, and they ask for a Social Security number.
  • They get a call with a sad story…their kid/grandkid needs help, and they need money wired immediately.
  • They might also get a call, email, or letter concerning their mortgage. If a scammer can get access to information like your parents’ bank information, Social Security number, or even the deed to their home, they can refinance your parents’ mortgage and keep the equity they get back.
  • There are also retirement home scams. In these scams, scammers get a job at a retirement home, and then manipulate the residents to tell them personal information.

How to Prevent These Scams

Here are some ways that you can prevent scams like these:

  • Make yourself a guardian over the personal information of your parents. When they get some type of contact that seems suspicious, you should instruct them to get in touch with you. Any information, even your mother’s maiden name, can be used in an identity theft attempt. Tell your parents to never give their personal info to anyone over the phone or via email.
  • Make sure they know to never share any personal information on social media accounts.
  • Tell your parents to check their bank accounts and credit accounts regularly. You should work with them to sign up for alerts for suspicious transactions.
  • Give them a shredder so that they can get rid of things like bank statements safely. Anything with account information, a Social Security number, or other personal info should be shredded.
  • If your parent is using a Wi-Fi hotspot, you should install a VPN for them.
  • If your parent has recently passed away, make sure you don’t put too much unnecessary information in their obituary. These are hot zones for ID theft, so leave out any info an identity thief could use.
  • Show your parents that they should only put information into a website that starts with https://, NOT http://.
  • Also, talk to your parents about emailing safely. Phishing scams are very good, so tell them not to click on any link in an email.
  • Sign your parents up for the website OptOutPrescreen.com. This helps to cut out any unnecessary offers they might receive.

Keep an Eye Out for Scammers

Don’t let your parents become a victim. You can easily prevent it, and more importantly, your parents won’t have to go through the process of rebuilding their credit and recovering their identity. Taking action now is the best way to protect against ID theft. Knowing if your parents are doing something that is risky could definitely be in your favor, as you can help them figure out what is going on and stop it.

Protecting Their Identity

We are all pretty vulnerable when it comes to ID theft, but older people are much more vulnerable. You can’t totally protect yourself and your parents, but you can make it much less likely that something will happen if you take the advice above. It’s always also worth it to invest in ID theft protection for both you and your parents, and you also might even consider a credit freeze.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Is Your Uber Driver a Criminal?

Do you ever Uber? If you do, you probably feel relatively safe when getting into a stranger’s car. However, you might not be as safe as it seems.

Most people believe that Uber does thorough background checks on its drivers, but that’s not totally the case. Recently, there have been a number of cases where Uber drivers, who have been accused of crimes when on the job, actually have a record and several run-ins with the cops.

Simply doing a quick Google search for “rideshare assault” provides way too many search results of recent stories of sexual assaults and otherwise, perpetrated by drivers. There’s simply no shortage of predators behind the wheel.

In South Carolina a college student got into a car she thought was her Uber, police say. She was found dead in a field. I was asked to discuss this on CNN. When you watch the video on rideshare murder, you will clearly see how upset I was, and frankly, still am.

CNN took a look at Uber, and its competitor, Lyft, and the report found that both of these companies approved the hire of thousands of drivers who have records. Uber did respond to this report, and it says that it knows that there were some hiring mistakes previously, but the company has worked hard to improve the way it hires. In 2017, the company claims, it rejected over 200,000 applicants because of issues found during a background check.

A number of state and local law enforcement organizations have pushed the ride-sharing companies to put more of a focus on who they are hiring. Right now, for example, they don’t fingerprint applicants, nor do they do any type of Federal background checks. Instead, Lyft and Uber both use third-party background check companies. It uses the Social Security number and name of potential drivers to check the national sex offender database, terrorist databases, and local court records. The goal is to get people on the road quickly, so not a ton of time is spent on this.

At this point in time, there are over 40 states that require screening for ridesharing services. But these laws don’t require the companies to screen in a certain way or to use a specific company. Instead, 42 states allow rideshare companies to take this on by themselves. Massachusetts is one state the requires an additional check in addition to the regular background check, and New York City requires that all drivers for ridesharing companies get their fingerprints taken.

It is also important to mention that just because a company does finger printing along with background checks, this isn’t foolproof. The FBI system that is accessed actually has an incomplete record system, and it really isn’t meant to be used like this.

If you use Uber, keep all of this on your mind before you take your next ride. Yes, there is a simple background check that is done, but that doesn’t mean your Uber driver isn’t a criminal.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

The Significant Risks of the Remote Desktop

Are you one of the millions of Americans who are now working from home? Or have you been working from home for awhile? Either way, it is likely that you are using some type of remote desktop protocol. If you are, there are some things that you should be aware of.

None of us believe that we will be hacked, but we have seen over and over again that it is possible. Even the biggest companies out there have been hacked, and a small company is even more at risk of this. Add the use of a program called Remote Desktop offered by Microsoft or Google Chrome or many other third-party remote access programs, and you need to be aware of some things.

Essentially, Remote Desktop allows you to access a computer remotely. It might be in your home or your office, and you can give access to others who are also working remotely in the form of a “remote assistance scam”. However, when you give access, or have this access, your network may be wide open for hackers. There have been thousands and thousands of cases where people have become victims of various remote desktop/remote assistance scams, and if a hack is successful, it can destroy a small business, wreck a persons bank account or lead to identity theft.

What is Remote Desktop?

Remote Desktop is a very common software, and if you work on a computer with Windows, you probably have this program, and you don’t even know it. Though it’s a great tool, it is not as secure as it should be.

Criminals are well-aware of this, of course, and they have worked to create a number of tools for hacking into the software. When they get access to networks, the hackers can also access company info and steal things like login information. Once they have this information, the hackers can buy and sell them so other hackers can use them. Once they are in, they have access to anything and everything on the network.

You are at Risk

It is estimated that there are more than 3 million businesses out there that have access to Remote Desktop. Most of these are small businesses, and many of them manage their own IT services. If you own a small business and you have an IT department, you fall into this category. Additionally, hackers know that these companies are weaker, and they target businesses like this…and any company that has Remote Desktop is also a target.

What You Can Do About It

At this point, you are probably wondering what you can do to protect your company or yourself from hackers who like to use Remote Desktop to access networks. Here are some tips:

  • If you don’t use Remote Desktop, you should remove it from your computer.
  • Make sure that when there is a Windows Update, that you update it as soon as you possibly can. It’s possible that this update could have a security patch that is imperative for keeping hackers out.
  • Ensure that your wireless connections are encrypted, and also password protected.
  • If you want to keep Remote Desktop, you can, but choose to only use it on a computer that is running on a VPN, or virtual private network.
  • Use a firewall, too, so you can restrict access.
  • Another thing you can do is set up two-factor authentication.
  • Beware of any pop ups or phone calls that lead to someone requesting remote access to our device.
  • Understand that none of this is fool proof. The only way to totally protect yourself from hacks via Remote Desktop is to totally delete the program.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Cryptocurrency Fraud and Malware Scamming Investors

Cryptocurrency is hot right now, and whenever something is hot, hackers pay attention. Research has recently showing that more than 10 percent of all the funds that were raised through the ICOs, initial coin offerings, simply disappeared.

CryptocurrencyIt is popular for ICO’s to be used as an early-stage investment form. So, instead of buying shares, investors buy digital tokens. However, the companies that sell these ICOs don’t have any product to give investors except a whitepaper. This whitepaper tells them how things could theoretically work, the investment scheme, but it seems, it doesn’t always happen that way.

Sometimes the Money Just Disappears

Ernest & Young took a look at over 370 ICOs. The firm found that out of the $3.7 billion raised through these offerings, about $400 million vanished. Where did it go? Research shows it went to hackers using phishing attacks.

It’s not clear if the researchers looked at companies that didn’t deliver or disappeared. For instance, one company, Tezos, pulled in about $232 million during an ICO. However, investors got nothing. That looks like fraud.

How Malware is Responsible for Missing Money

At this point, you might be wondering how these scams are happening. One way is criminal hackers using malware. Specifically, it’s Satori. Satori, which is the actual malware responsible for this, is definitely wreaking havoc with investors who are looking for a huge return. Netlab 360, a Chinese-based company, released a report recently pointing the finger at Satori, which is affecting the Claymore Miner software.

By using mining software, investors are able to obtain the cryptocurrency. However, the malware is making this impossible getting in the middle of the transaction. After the malware gets control of the software, it replaces the address of the wallet with one that is controlled by the hacker.

So, the user believes that this currency is coming into their wallet, but in reality, they are doing the work and someone else, the hacker, is getting the currency. What’s even worse is that the owners of the wallets don’t even realize this is happening unless they look at their software configuration.

In total, researchers have determined just over one Etherium coin has been hacked, so it’s not extremely profitable at this point, yet. However, there is great potential, and when it comes to cybercriminals, they will certainly find a way.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Beware of Job and eWork at Home Scams

Pandemics can be quite stressful. There are millions of people out of work, and there we really don’t know when the economy will truly bounce back. Those who are out of work are seeking other jobs, at least temporarily, and many are looking for jobs that they can do from home…right from Google.

jobsSince people have been losing their jobs, searches for terms like “laid off,” “unemployment benefits,” and “unemployed” have skyrocketed. Though some people are finding legitimate search results, others are falling for sites that are scams, and Google is allowing these sites to stay.

We have often used Google search data to determine what type of economic anxiety people are feeling, and this is certainly true right now.

Google makes its money through advertising, so it’s not totally surprising that these sites are allowed to stay on. When people are searching for information on unemployment, advertisers are seeing this, and are able to determine where they should market. This includes those working for predatory companies, who are targeting people who are unemployed.

One such example is “unemploymentcom.com.” This is a site that seems, at first, like it might be a good resource for someone who is unemployed. While there are some legitimate links there, in general, the site is trying to get people to sign up for “site profiles” and other things. It also urges people to sign up for access to your credit score…for a fee, and it absolutely sells all of the data it gets to other organizations.

When you look at the privacy policy of this website, you can see that it is owned by OnPoint Global, a conglomerate, which claims it has around 11 million people filling out unemployment surveys each month. However, what people doing this don’t realize is that the information the site is collecting is likely being complied into a package for advertisers, which also includes any other public information they can find about the person filling out the survey.

Keep in mind that it is not just the pages for people looking for information on unemployment that we are talking about. It can really be anything similar, like “unemployment insurance.” Some of these searches can even lead you to sites that can hijack your browser. Other sites simply collect as much data as they can, and then sell the information to marketers.

Everyone who is out there scared and unemployed are still considered to be consumers to these companies, and they still are seen as people who have money to spend. So, Google is still pushing sites like these to the top of search results, and still making a pretty penny from clicks. So, do yourself a favor and start being aware of the ads you are clicking, and better yet…don’t click them at all.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Keeping Your Zoom Event Secure and Private

There are many public forums out there, and wherever you are or whatever you are using, anyone with some smarts can disrupt an event that is meant for bringing people together. Here are some tips on keeping your next Zoom meeting secure and private:

You definitely don’t want anyone taking control of your screen or sharing information with the group. Thankfully, you can restrict this by controlling screen sharing. Preventing participants in your meeting from sharing is done by using the host controls before starting the meeting.

You also might want to familiarize yourself with the features and settings available from Zoom. The Waiting Room, for instance, has a number of controls available, and is a setting you should always be using. It essentially allows you to control who comes in. As a host, you can customize all of these settings, and even create a message for people waiting for the meeting to start, such as meeting rules.

You shouldn’t use your PMI, or Personal Meeting ID for hosting public events. You also only want to allow users who are signed in to join your meeting. You can also lock the Zoom meeting. This means that no new participants can join, even if they have the meeting ID and the password.

Another thing you can do is set up your own version of two-factor authentication. With this, you can generate a random Meeting ID, and then share that with participants, but then only send the password via a direct message.

If there are disruptive or unwanted participants in your meeting, you can also remove them via the Participants menu. Is a removed participant wants to rejoin, you can also do that by toggling the settings that you did in the first place. This is helpful if you remove the wrong person.

You can also put anyone in the Zoom meeting on hold. This means that the video and audio connections of the attendees are disables. To do this, you can click on a video thumbnail and select “Start Attendee On Hold.” Totally disabling the video is also possible. This will allow you, as the host, to turn off someone’s video. You can also block things like inappropriate gestures or distracting behavior.

Muting participants is also a possibility during a Zoom meeting. This allows you to stop the sounds of barking dogs and crying kids during these meetings. If you have a large meeting, you can also choose to mute everyone by choosing Mute Upon Entry.

File transfers are a possibility during Zoom meetings, but you might not want to allow this. In this case, you can turn off the file transfer capabilities before starting the meeting. Additionally, you can turn off annotation, which allows people to markup shared documents or doodle. Finally, you can also disable private chat. This will stop people in the meeting form talking to each other, which helps to cut back on any distractions that they might have during the course of the meeting.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Vault Apps Facilitate Lying Kids and Cheating Spouses

If you have a kid who uses a smartphone, or even a spouse who might not be totally honest with you, they might be using apps to keep things hidden from you. Basically, these apps offer space where people can hide things like photos, videos, and other files, and you would never know by looking at their phone.

appsKnown as vault apps, since they serve as a vault for storage, some examples are Ky-Calc, Calculator Percent, and Calculator Vault. When you open any of these, it looks like a calculator…you can even use them as a calculator. However, when a secret code is entered, the user can store “secrets.” Consider Ky-Calc. it has a folder for image storage, a secret internet browser, and even keeps a separate contact list.

Though you probably don’t want your kid hiding things from you, at the end of the day, that’s child’s play compared to the real danger that is hiding behind these apps. Yes, they are popular among teens and cheating spouses, but they are also popular among predators. These bad people will engage with teens or even younger children, online, and then ask them to download an app like this. They can easily communicate without you ever noticing.

Here is some more information about vault apps that every parent, or of course spouse, should know:

  • Vault apps aren’t as safe as someone using them might think. You can still take a screen shot and share it with someone else.
  • These apps look and act just like any similar app. Generally, they are calculators, and even work like calculators, but are ultimately unlocked with a secret code.
  • If you look at someone’s phone and you see more than one calculator app on it, there is probably something funny going on. All mobile smart phones come with a calculator.
  • These apps are very easy to find, and they are generally free. You can find them by searching “photo vault,” “ghost apps,” “hidden apps,” or more, in the App Store or Google Play Store.
  • You also might be surprised to hear that teens often compete amongst their peers to see what type of content they can hide on these apps.
  • Almost all teens who use mobile phones know about these apps. You shouldn’t be surprised if kids as young as 12, and sometimes even younger, are using them.

As a parent, and even as a spouse, you should be digging into your family’s phones. There should be open and honest discussions about this, and it should not be considered taboo, especially when it comes to a loved one. With children, they should not expect any privacy until the age of 18. With a spouse, trust is a fundamental requirement. And if there’s a lack of trust, it is generally because something is going on wrong.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Covid-19 Remote Desktop Has Significant Risks

Are you newly working from home? Or are you an old pro? Either way, it is likely you are using some form of remote desktop protocol. Those of us who have been working home as our primary means of earning a living, know these tools very well and are accustomed to eliminating the various distractions in our home environment in order to get the job done. There are some precautions to be aware of.

None of us think that we are going to get hacked, even though we have seen time and time again that it is very possible. Even the largest companies in existence have been hacked, and small businesses are even more at risk. You can add even more to this risk if you use a software called Remote Desktop.

Basically, Remote Desktop allows you to access computers remotely in your home or office and give network access to employees who are working remotely. However, when you give or have this access, you are opening up your network to hackers. Thousands of companies and individuals have fallen victim to this, and just one successful hack can be devastating to a small business.

Remote Desktop: What is It?

Remote Desktop, or RDP, is a very common software. In fact, if you have Microsoft Windows, you probably have this software and don’t even realize it. Though it is a very powerful tool for businesses, it is also not very secure.

Criminals know this, of course, and they have created a huge variety of tools to hack into this software. When they get access to the network, criminals can access company information and then take things like log-ins and passwords. Once they have this, they can buy and sell them so that other criminals can use them to access your network. Once they are in, they can do almost anything.

Are You at Risk?

There are estimates that there are over three million companies that theoretically have access to Remote Desktop. Most of them are small businesses and many manage their own IT services in house. If you are a small business and you have an in-house IT department, you could definitely fit into this category. What’s more is that hackers tend to target these businesses, too. Any company that has RDP access enabled is a target of hackers.

What Can You Do About It?

Hopefully at this point you are wondering what you can do to protect your business from hackers who like to access networks through RDP.

  • If you aren’t using remote desktop, then the first thing you should do is to remove Remote Desktop from your network.
  • Make sure to update your operating systems critical security patches which will inevitably update any software around remote desktop protocol.
  • Update all software that could allow remote desktop to be vulnerable
  • Make sure your wireless connections are encrypted which generally means password-protected.
  • If you have a good reason for keeping it, you can also choose to restrict access by setting up a virtual private network, or VPN.
  • Additionally, you can create a firewall to restrict its access
  • Setting up multi-factor authentication is also a good idea if you want to keep this software.
  • Just be aware that none of these solutions are fool proof except totally deleting the software.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Creating an Effective Business Continuity Plan

Most of us have no idea when a disaster is about to strike, and even if we do have a little warning, it’s very possible that things can go very wrong.

This is where you can put a business continuity plan to good use. What does this do? It gives your business the best odds of success during any disaster.

What Exactly is Business Continuity?

Business continuity, or BC, generally refers to the act of maintaining the function of a business as quickly as possible after a disaster. This might be a fire, a flood, or even a cyber-attack. With this plan in place, you can refer to it for specific instructions and procedures that need to be done following these disasters.

Some people believe that a disaster recovery, or DR, plan is the same as a BC plan, but that’s not the case. A DR plan focuses specifically on the IT side of things. In fact, the DR plan is one part of a full BC plan.

Think of your own organization. Do you have a plan in place to get sales up and running immediately? What about HR? Manufacturing? Customer service? If your physical business was leveled in a tornado, how would your CS reps handle calls from customers? If you have no idea, you probably need to think about a BC plan.

Why Having a BC Plan Matters

It doesn’t matter if you have a small business or large corporation, it’s very important that you remain competitive. It is imperative that you keep your current customers while also bringing in new ones…and there is no better test for you than a disaster.

Making sure that your IT capabilities are restored is critical, and there are a number of solutions available. You can certainly rely on your IT team to do this, but what about the rest of the company functions? The future of your company depends on you getting back on track quickly. If not, you can see your value plummet and customer confidence tumble.

Your company can also experience losses. These include financial losses, but also legal losses, and, of course, your company’s reputation.

The Parts of a BC Plan

If your business doesn’t have any type of BC plan in place, you should start by assessing all of your business processes. Take a look at and point out all of the vulnerable areas, and what your losses might be if you lose function in those areas for a day…a couple of days…a week, or even more.

Next, you want to start developing a course of action. There are six steps here, in general, including:

  • Step #1 – Identify what you need to do with this plan
  • Step #2 –Choose your key areas to focus on
  • Step #3 – Pick what functions are critical
  • Step #4 – Look for dependencies between different areas and functions of your business
  • Step #5 – Calculate how much downtime is acceptable for all critical functions
  • Step #6 – Make a plan to keep your company going

One of the best tools that you can have for a BC plan is a checklist that includes all of your equipment and supplies, the location of all of your backups, who should have the plan, and any contact information regarding emergency contacts, important personnel, and backup providers.

Remember, a disaster recovery plan is only one part of the BC plan, so if you don’t have a DR plan, this is a perfect time to do it. If you already have a DR plan, don’t assume that it’s going to work in with your BC plan. You need to make sure that all parts align together.

As you work to create this plan, think about meeting with people who have successfully gone through a disaster with success. They can give you some great insight and valuable information.

You Need to Test Your BC Plan

It is very important that you make sure your plan works before a disaster strikes, and the only way to do that is to test it. The best test, of course, is a real incident, but you can also create a controlled environment and test your plan.

You want to make sure that your BC plan is totally complete and that it will meet your needs in the event of a disaster. You don’t want to take the easy way out, either. Any testing you do should be a challenge for the plan. You also have to make sure that the objectives you have are able to be measured. If you just try to “get away with it,” you will have a weak plan and no success when a disaster strikes.

It is recommended that you test your BC plan a few times a year, especially if there have been any changes, such as a change in key personnel or new equipment. Doing things like walk-throughs and simulations can help everyone on your team practice, and make sure you are all ready should a disaster hit.

Always Review and Improve Your BC Plan

The efforts your put into testing your BC plan cannot be stressed enough. Once that is done, some organizations leave it and focus on other tasks. However, this is when things get stale.

Evolution is happening all of the time with both your personnel and your technology, so it’s imperative that your plan is updated to reflect that. So, you should, at least annually, bring your key personnel together to review the plan and point out any areas that might need modification. You also might want to get some feedback from your staff, too, which you can add to your plan. If you have different branches, make sure to include them in this, too.

Ensuring Your BC Plan is Supported

Having a casual attitude towards your BC plan is a sure-fire way to have it fail. Every BC plan must have the support of all staff from the CEO on down. Senior management, especially, must take a role in supporting the plan, as they can delegate to their teams. Additionally, the plan has better odds of staying fresh in the mid of everyone when it is a priority for management.

Finally, it is also very important that senior management promotes user awareness of the BC plan. After all, if your staff doesn’t know about it, how can they act during a disaster when every second of action counts? Plan distribution and training can help here, too, so consider some type of HR-led initiative to bring all employees onboard with it. This way, your staff will know how important a plan like this is, plus you make sure that they see it as a credible part of the business.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.