Network Security – Why Security Awareness is Essential for Internal Threat Management?

Security awareness is often linked to anti-terrorism programs around the world but in the IT world we are referring to cybersecurity awareness. Many of you are already switching off, yawning and considering leaving this page but hang on a moment…

The subject may well have been harped on by management, consultants and IT teams and this instinctive reaction to tune out is down to poor implementation in the past. Advocates of security awareness are often condescending, are too technical or fail to link practical threat examples to real-world situations. Other failures include a lack of management buy-in. This “do as I say, not as I do” attitude has the opposite of the desired effect, no significant increase in security awareness and a growing employee resentment when management errors in this area are not penalized.

Be Aware of the Potential Threats

It’s not as simple as telling employees to stop clicking on links in emails and in social media, although this is part of it. Requests to reset passwords or requests to update online banking details are designed to gain logon info i.e. fishing for information. That’s why they call it phishing and there are many forms. Security awareness is not limited to computer usage but can extend to any form of social engineering – a term used to describe methods of hacking the user or company while avoiding technological countermeasures. Methods can include shoulder surfing (the ‘hacker’ simply gets required information by looking over an unsuspecting employee’s shoulder), dumpster diving (extracting printed documents from the rubbish bins outside) or indeed by gaining onsite network access (perhaps by joining employees who smoke outside and then entering the premises unobserved when they return). Employees who leave their phones or laptops unattended could unwittingly allow a hacker time to install a program that remains inactive until connected to the company network. There are many other examples of social engineering.

“Any security awareness training must include social engineering, as many of these threats do not require any IT or computer knowledge. The aim is the same, to gather information that can in turn be used to either hack the employees or the company network. For example, a discarded printout may contain names of senior employees that are then used to send convincing emails to all employees, perhaps requesting them to change their network logon credentials,” said Radosław Janowski, Product Manager.

Dispel the Myths

Hackers rarely have positive motives and are generally classed as cybercriminals, with their primary motives being either financial or disruptive. Ones that act on behalf of governments are after classified or proprietary data. Ethical hackers and security companies know their methods and produce countermeasures as new threats are identified.

Let’s start with some obvious facts that most industry experts agree on.

  1. Hackers will go after the easier targets and hacking the end user is a much easier prospect than hacking the technological barriers that are included in the modern network, whether it involves endpoint protection, AI-related analysis or any other security assets such as firewalls. In the same way, hackers will hack smaller companies as a means of eventually hacking their larger clients or suppliers. This means, YOUR COMPANY IS NOT TOO SMALL TO BE HACKED.
  2. Security awareness training takes take time and money and the potential benefits are sometimes ignored, especially by smaller companies.
  3. The age, sex or IT knowledge of the end user does not indicate an enhanced awareness of the potential threats or how they will be carried out. A BBC article focused on the on the results of a survey which indicated that British people aged 18-25 lacked cybersecurity awareness, using the same password for multiple services and sending sensitive data (including passport information) over email and messaging systems. detective inspector Mick Dodge, national cyber protect coordinator with the City of London police said: “Your email account is really a treasure trove of information that hackers won’t hesitate to exploit… You wouldn’t leave your door open for a burglar, so why give criminals an open invitation to your personal information?”
  4. Internal threats are much more difficult to handle than external ones, as most technological solutions are designed to block external network attacks.

As Przemysław Jarmużek, Technical Support Specialist at SMSEagle, pointed out: “Companies that ignore security awareness training are putting themselves at risk unnecessarily. Cost is not a barrier when free courses are available online. The inconvenience of losing an hour’s productivity each month is nothing compared to the time lost if data loss or network outage occurs. Not everyone is an IT expert and security awareness training must consider that. In addition, perhaps the most important aspect of security is that everyone who accesses the company network, whether on LAN or using Wi-Fi, needs to be aware of how hackers attack the user. In adopting a security-conscious culture, everyone at SMSEagle has mandatory awareness training and this includes senior management.”

In conclusion, if you take nothing else from this post, it is that security awareness is essential, a free course is available to all (I’m sure there are others) and that ongoing security awareness training is a must as new security threats are identified. It’s not necessary to spend hours per week on training. Instead make sure that all employees take the initial course for an hour or two then perhaps a half an hour each month will suffice, to advise everyone on new potential threats and to show the attempts that were made the previous month, even the common lottery winner alerts or other email scams. If you foster an “us vs. them” proactive attitude (against hackers) within your company, then every attack that is prevented will seem like a victory for all.

Michael O’Dwyer is a Hong Kong-based business and technology journalist, independent consultant and writer whose stories have appeared on Forbes.com, The Street, IBM’s Midsize Insider, HP’S Pulse of IT, Dell’s Tech Page One and other IT portals, typically covering areas where business and technology intersect. He writes for both US and UK audiences and acts as a technology and open source advocate. Twitter: @MJODWYERHK

What Every Disaster Recovery Plan Must Include

Business continuity (BC) and disaster recovery (DR) are not the same thing, although there are some common characteristics. A BC plan is designed to include all departments in a company, but a DR plan is often focused on restoring the IT infrastructure and related data.

“A disaster recovery plan is an essential IT function and if not in place could result in company bankruptcy or severe reputational damage when data cannot be restored”, Przemysław Jarmużek, technical support specialist at SMSEagle. The financial costs involved are just another factor, he added.

What elements of a disaster recovery plan cannot be omitted? What’s the purpose?

Few company owners are psychics but things like insurance and DR plans reduce company risk, providing a framework for companies that allows rapid recovery of data and/or replacement of key hardware/software components.

Know your Network

Your company network administrator must have more than a fair idea of the software and hardware that are currently part of your network. Therefore, an ongoing inventory list is essential, most of which can be achieved by using network monitoring and auditing tools. These will allow a comprehensive list of computers connected to your network and the software on each. Note that license management is another part of this inventory control process and additional hardware is also added where appropriate. This additional hardware could include multifunction printers, hubs or routers and anything else that is needed for network functionality. Consider this inventory as your shopping list when disaster strikes. It is also worth noting which items have a long lead time (servers, for example). Creating an inventory of spare parts is a good idea and could save the day when disaster strikes.

Know your Disasters

It is pointless to instil fear in company owners about impending disasters. They are as aware of the risks as we are. Each company will have its own risks. Many of these risks are directly linked to its location, whether extreme weather conditions, risks of flooding, forest fires or loss of essential services and equipment. These are the most obvious, but to lapse into management-speak briefly, why not think outside the box?

Even the Pentagon has used a hypothetical zombie apocalypse to test their response methods and maintain a working government under these conditions. Consider alien invasions and any other scenario that could conceivably or inconceivably shut down company operations. How long would it take to resume work if each scenario happened?

If your company can continue operating during a zombie apocalypse (when essential services are down) then yours is truly a robust DR plan.

Now What?

What actions will you take for each disaster type? Obviously, if there is a flood scenario, the aim is to protect equipment again water damage. Perhaps placing all equipment high above the floor is a solution but how high is necessary? Given that you have drafted a list of possible and impossible scenarios, make sure that your solutions to each one is well documented, logical and possible at short notice. Bite the bullet and purchase or modify the equipment necessary to protect your IT infrastructure.

Unfortunately, not all water damage is caused by flooding, perhaps a water tank leaks through the ceiling of your server room and casually destroys the server, firewall and 24-port hub before you can move the server rack. How long will it take you to restore the server and network? Do you have a spare server, firewall and hub? In this scenario, a company is caught unprepared, unaware that water is stored above their equipment. Know where all water is stored and dispersed throughout your building and avoid such problems.

From this simple example, you must focus on minimising risk in as many areas as possible.

Tactical Teams

When a disaster happens, the priority is to make sure that all employees are safe and to inform them of current events.  Once this task is completed, who leads the disaster response? When a disaster occurs, it is too late to leap into action, assigning responsibilities on the spot. Responsibilities and tactical team members must be assigned as part of the DR plan. In addition, if zombies eat your designated team leader, then the backup must take over. Define employee responsibilities and have backups in place in case they are delayed or incapacitated. This last item is perhaps the most important. However, to be most effective, any interruption in network service should generate an alert to multiple DR team members. This is often achieved by cost-effective (and self-powered) network monitoring devices that utilise a GSM/3G network to send SMS messages and emails as soon as network traffic stops.

In conclusion, while the above lists the key elements of any successful disaster recovery plan, it is also worth noting that an untested plan is less than useless. Test your DR plan during off-peak hours to ensure it will work when needed. Test how long it takes to restore all your data from backup. Such activities will ensure that if the worst happens, you and your company will emerge unscathed to resume your company operations.

Michael O’Dwyer is a Hong Kong-based business and technology journalist, independent consultant and writer whose stories have appeared on Forbes.com, The Street, IBM’s Midsize Insider, HP’S Pulse of IT, Dell’s Tech Page One and other IT portals, typically covering areas where business and technology intersect. He writes for both US and UK audiences and acts as a technology and open source advocate. Twitter: @MJODWYERHK

Is your Disaster Recovery Plan Designed to Reduce Downtime?

Numerous reports, surveys and statistics confirm that commercial entities of all sizes are woefully unprepared for unexpected events. Ivenio IT stated that 54% of companies with less than 500 employees have a disaster recovery (DR) plan in place while 74% of larger companies had one. For smaller companies in the U.S., the figures are even worse with a Nationwide 2015 press release indicating that just 25% of companies with 50 or less employees had an active DR plan. Given the cost of downtime, surely we can do better?

We must as, according to Zetta’s infographic and online survey, there is much to improve, not least of which includes usage of the hybrid cloud and the fact that only 45% who experienced downtime issues bothered to make changes to their DR plans after the event.

Before delving into the benefits of a logical DR plan, an understanding of its meaning is necessary. Firstly, business continuity (BC) and DR are not the same thing, although there is an obvious overlap in business goals. BC reflects the efforts to avoid loss of service or downtime while DR reflects the response required to resume activities after the worst has already happened.

Disasters can include cyber events, extreme weather conditions, fire, flooding, loss of a key staff member, service interruptions from third parties (most commonly electricity or broadband), hardware failure and human error.

“This list is not exhaustive, and the formulation of any disaster recovery plan must include a risk analysis step in the early stages to identify potential risks that apply to your company or industry. Once risks are identified, you can brainstorm on ways to solve them immediately or at least initiative a process that will solve them in the fastest possible time”, said Radosław Janowski, product manager at SMSEagle.

Sounds reasonable, but how about an example?

Disaster Recovery in Action

Okay, let’s take a simple example to demonstrate DR in the real world. Company X is located in a commercial district and their primary data server goes down due to water damage from a leak in the ceiling. As the smoke indicates, the server is out of commission and business activities grind to a halt along with the company network.

Fortunately, Company X has a DR plan in place. The risk of server loss was correctly identified and the solution proposed was an offsite real-time backup in the cloud (in a data center that is not impacted by local power or service outages). This means that all Company X clients are unaware of a technical issue and business continues uninterrupted. Company X employees are not connected to their local server but they can also continue working using a mobile broadband option. It’s not ideal but gives the IT team (and a plumber to fix the leak) the time necessary to repair the damaged hardware and restore everything from cloud backups.

There you have it. DR in action. The disaster occurs, the DR team (usually IT) are notified automatically and the backup solution is in play while the cause and effect of the disaster is fixed.

“Automatic notification is key as any delays only increase costs. In this example, if equipment is not moved from under the leak, then instead of a single server, perhaps an entire rack (with hubs, routers, firewalls etc.) is compromised”, said Przemysław Jarmużek, technical support specialist at SMSEagle.

Automating alerts is certainly necessary, given that disasters need not occur during office or support hours.

Strategise then Plan

When designing a DR plan, brainstorming is necessary. Think about every aspect of your business and the infrastructure that supports it. Think about your service and utility providers. Think of the unexpected. Even discussing a zombie apocalypse has implications that are of benefit in a disaster recovery process, even if it relates to building security. Once you have exhausted ‘what if…’ scenarios, you are ready to offer strategies to solve them.

“Preparing for the unexpected is not a wasted exercise but makes excellent business sense.”, said Radosław Janowski, product manager at SMSEagle.

Once you define potential threats, you can then create a prevention strategy that includes response and recovery options that evolve as needed.

In conclusion, ISO/IEC 27031, the global standard for IT disaster recovery, states that “Strategies should define the approaches to implement the required resilience so that the principles of incident prevention, detection, response, recovery and restoration are put in place.”

Do your DR (for IT disasters and others) strategies follow this approach? They should.

Michael O’Dwyer is a Hong Kong-based business and technology journalist, independent consultant and writer whose stories have appeared on Forbes.com, The Street, IBM’s Midsize Insider, HP’S Pulse of IT, Dell’s Tech Page One and other IT portals, typically covering areas where business and technology intersect. He writes for both US and UK audiences and acts as a technology and open source advocate. Twitter: @MJODWYERHK

Stats and Surveys Confirm Rising Downtime Costs for Data Centres, SMBs and Enterprises

Whatever the size of your business or its activities, network downtime has an impact. An obvious observation, it’s true, but have you ever tried to quantify it in terms of actual monetary damage? Have you considered the fickle nature of customers? Reputational damage? Does your disaster recovery plan include the time taken for hardware replacement in the event of a catastrophic failure?

If you have, well done. If not, then there are several surveys that demonstrate the real damage caused by unexpected downtime, whether you run a data centre or your internet activities are limited to an internal network.

“In most cases, network outage causes business disruption. In some cases, where redundant services are not in place, your business effectively grinds to a halt”, said Przemysław Jarmużek, Technical Support Specialist at SMSEagle.

You don’t have to be in a technical industry to be impacted by downtime.

“Take your typical professional service provider, such as those in a legal or accountancy area. When their network goes down, they must resolve it as quickly as any other company, given that technology is ubiquitous when communicating with clients. Many have industry-specific solutions for case or client management to facilitate regulatory requirements that are inoperable when the broadband connection is lost. Clearly, in such situations, an emergency alert system must include a means of detecting a lost connection and informing those who can fix it, whether an inhouse IT team or a contracted external company,” said Radosław Janowski, Product Manager at SMSEagle.

Costs Are Rising?

Okay, we know that downtime is to be avoided but what are the costs and are they rising or reasonably constant? Several surveys provide the answers we seek. Let’s consider data centres as they are key to cloud services, e-commerce stores and access for remote or travelling employees.

A 2016 Ponemon Institute survey demonstrates the rise in downtime costs for U.S. data centres from 2010 to 2013 and in turn to 2016. While the cost varied, the low, average and highest costs increased each year. For example, in 2010, the average downtime cost per minute was $5,617. In 2013, this increased to $7,908 and in 2016, rose to $8,851.

Other important conclusions from this survey include:

  1. Companies that depend on data centres have downtime costs that are rising faster than their counterparts who are not dependent on data centres.
  2. Uninterruptible power supplies (UPS) is the number one cause of unplanned outages, affecting 25 per cent of those surveyed.
  3. Cybercrime is the fastest growing cause, causing 2 per cent of outages in 2010 but 22 per cent in 2016.

“UPS and cybercrime can both bring down a network, preventing traditional network alerts. I recommend a solution that can alert those responsible for the network in a timely manner, one that has its own battery and can use mobile networks as a communication option. In fact, we make those solutions”, joked Janowski.

Other Relevant Surveys

Downtime costs will vary by company, size, industry and reliance on third-party data centres but one thing is clear. Downtime is bad and prompt response times by IT teams reduce costs…

Let’s look at some other surveys that show downtime costs, a useful reference for those seeking to justify a robust disaster recovery plan, regardless of whether the outage is caused by hardware failure, ransomware or service failure.

2017

  1. An Imperva survey of 170 security pros at RSA focused on ransomware with those impacted indicating that downtime caused ranged from less than 8 hours to more than 2-3 days. In fact, 59 per cent of those surveyed were more worried about the cost of downtime compared to 11 per cent for paying the ransom. On the positive side, for ransomware related downtime, the costs were less than $5,000 for 44 per cent of respondents.
  2. CloudEndure’s survey focused on disaster recovery and, as it was in 2016, human error is the biggest risk to service availability and responsible for 23 per cent of downtime. Network failures were in second place at 17 per cent and in third, external threats.

“Human error is a common problem but can be reduced by regular in-house training by the IT team”, said Jarmużek.

  1. ITIC’s annual survey of 709 global companies covered small and medium business, SMEs and large enterprises and offered some interesting insights. 79 per cent of all companies, regardless of size, expect 99.99 per cent uptime. This equates to 52 minutes of downtime per year…

2016

  1. IHS Inc’s 2016 press release and related survey claimed that downtime is costing North American organisation $700 billion each year.

In conclusion, downtime is possible and costly. The only way to combat it effectively is to build redundancy into as many systems as possible and by ensuring those tasked with fixing any technical issues are promptly informed to reduce the costs associated with prolonged outage. A robust disaster and response plan will allow your company to prepare for almost any eventuality. Is yours up-to-date? What’s your hourly downtime cost?

Michael O’Dwyer is a Hong Kong-based business and technology journalist, independent consultant and writer whose stories have appeared on Forbes.com, The Street, IBM’s Midsize Insider, HP’S Pulse of IT, Dell’s Tech Page One and other IT portals, typically covering areas where business and technology intersect. He writes for both US and UK audiences and acts as a technology and open source advocate. Twitter: @MJODWYERHK

Why Digital Marketers Embrace SMS Campaigns

Digital marketers are constantly looking for new ways to present their products and services to existing and potential customers. While this attitude to adopt the latest and greatest innovations, whether it is big data, machine learning or virtual reality, is to be applauded, the reality is that older yet effective methods or technologies are often neglected. One example of this is SMS (Short Messaging Service). Readers of this post should bear in mind that is not a self-serving statement for SMSEagle (who incorporate SMS features into their products as a means of reducing network downtime by ensuring alerts are made when local area networks (LANs) go down) but instead a means of pointing out that SMS is not yet dead and offers advantages over other methods of communication.

When it comes to mobile marketing, would it surprise you to learn that SMS is one of the top four tactics used? However, despite this fact, according to Gartner’s 2016 Digital Channel Survey, 61 per cent of digital marketers don’t use it and just a third plan to invest in SMS in the next year. Strange, when Gartner’s own research director, Charles Golvin, stated that, “SMS remains an effective, yet underutilized, mobile tactic among marketing leaders and is particularly valuable when used in conjunction with mobile techniques such as wallet, web and native applications to orchestrate a deepening level of customer engagement.” Considering Gartner’s global position in the technology and research advisory field, perhaps he is worth listening to?

Let’s look at some of the advantages SMS offers digital marketers who target a mobile audience:

Reach

Social media is of practical benefit in mobile marketing but can only target those with Internet-ready smartphones, tablets or laptops. SMS caters for everyone with a mobile phone. If you can make a call, you can receive an SMS. This is the reason many TV shows allow public voting by SMS, to maximise the available audience and ensure that everyone can vote. Companies dealing with developing countries know only too well that they cannot assume everyone has a smartphone and usually have several ways to connect with their audience, with SMS a primary method.

Engagement

One of the primary aims of marketing is engagement and without it marketing is pointless. How many of us ignore banner ads, install ad blockers and actively avoid unwanted marketing messages on social media and by email? In comparison, how many of us will ignore an SMS? With opening rates of 98 per cent claimed in various surveys, SMS messaging ensures that the message is read and for the most part each message is opened within three minutes after an alert is received. If the message is of value (the subject of another story) then the likelihood of additional interaction is increased.

Eco-Friendly

Obvious but still worth stating, SMS has no carbon footprint. While this may also be true of other online methods, with SMS there are no design elements involved. In addition, the same cannot be said for direct mailing campaigns, brochures, flyers and other offline methods that are not eco-friendly, at least without recycling programs etc.

Convenience for All

A pertinent text message with a maximum of 140 characters takes far less time to create than launch pages, popups and other methods that require graphic design expertise. As for the recipient, it’s easy to subscribe to an SMS list using a shortcode and most jurisdictions will enforce convenient opt-out methods for users that wish to unsubscribe.

Out of Office?

How can marketers ensure their message is delivered to the recipient quickly? As we all know, most of us are glued to our mobile devices. The same is not true of other methods, emails can go unread for days and mail is classified as junk, often ending up in the bin unopened.

Just like our keys, we notice if our mobile phone is not to hand, making SMS the best way to ensure that each user received the message promptly. Even when charging our phones are within reach and we rarely ignore an SMS alert but social alerts don’t create the same sense of urgency.

Personal?

SMS feels more personal as it’s linked to your phone number, which is not widely dispersed. Marketers know the message will be read and will attempt to personal each message accordingly as it is assumed that each recipient is willing to receive information from their chosen companies. Loyalty programs and special offers are often managed through SMS, for example.

Cost

While email and social is free, SMS does incur a charge of a few cents in some areas but many carrier plans offer free SMS or the ability to purchase SMS credits in bulk. Your selection of an SMS plan will depend on the size of your target audience but given the potential return in active engagement, can you really afford to ignore SMS based on some deeply held conviction that the technology is obsolete?

In conclusion, while SMS has indeed been around for more than 20 years, it is still a valuable addition to the marketer’s toolkit. No one can claim SMS alone will be sufficient for all your marketing needs but perceptive marketers will understand that it can indeed be a valuable addition to a targeted marketing strategy, especially when timing is key (sending early morning or lunchtime updates for example). By incorporating SMS, digital marketers have nothing to lose and everything to gain. What do you think? Is SMS marketing adoption worth it or do you have an alternative that caters for those who may not own a smartphone?

Michael O’Dwyer is a Hong Kong-based business and technology journalist, independent consultant and writer whose stories have appeared on Forbes.com, The Street, IBM’s Midsize Insider, HP’S Pulse of IT, Dell’s Tech Page One and other IT portals, typically covering areas where business and technology intersect. He writes for both US and UK audiences and acts as a technology and open source advocate. Twitter: @MJODWYERHK

Network Monitoring — How SMS can Reduce Risk and Improve Response Time

As a network administrator, your role is a complex one but your primary task is to keep the network active and ensure that all users have smooth access to all network assets. You may have to conduct performance tests, hardware and software inventory audits (including virtual machines) and monitor areas from UPS battery status to current website connections. Configuration and maintenance take up more of your time. A variety of monitoring tasks are necessary and you perform all of them using a combination of enterprise solutions, third-party software and open source tools.

Where does SMS fit into this high-tech environment? In technology terms, SMS has been around a long time (since 1992) and many falsely believe that it is no longer of value today. This is not the case as the technology is still used in many practical applications, in emergency alert systems, in marketing and, of course, it also has valuable applications in network monitoring.

Network Downtime

Sometimes technology fails, an unfortunate fact of life, but true nonetheless. When your network goes down, your business will grind to a halt in most cases. A power outage, for example, will typically mean that all network communication will cease from that moment on. Uninterruptible power supplies (UPS’) may delay the inevitable for a few hours and generators will ensure local access continues. However, if the power loss is not confined to your building but instead a blackout affecting your neighbourhood, city or county, then you can assume your broadband connection has been lost.

If this occurs during office hours, when IT staff are onsite, then normal service will resume as soon as the power returns. However, what happens if the outage occurs outside office hours and you have an e-commerce store that relies on your servers and a high-speed broadband connection? You may have scheduled backups or support sites that have been interrupted. In such a setting, it is important that service is resumed quickly.

In most cases, you will be unaware of the outage until the start of the next working day. Can your company afford such a delay? Consider the financial and reputational impact of this downtime.

Citing a 2015 IHS report, Network Computing’s Joe Strangelli estimated “ a cost to North American companies of $700 billion a year for ICT outages. This includes lost employee productivity (78%), lost revenue (17%), and actual costs to fix the downtime issues (5%).”

Of the 400 mid to large U.S. companies surveyed, an average of five downtime incidents take place each year, with costs for each incident ranging from $1 million to $60 million.

Luckily, it is possible to eliminate some of the risk.

SMS Benefits

If your network goes down, response time is the most important factor as solving the problem quickly reduces downtime costs.  Sending an alert to your IT admin may seem an obvious solution but how is this achieved?

An SMS gateway is a way to build in some form of redundancy to your network alerts. If your network is down, a standard email or network alert will not work as… the network is not operational due to loss of power or loss of connection. An SMS gateway has its own power source, a SIM card to allow cellular network access and preconfigured alert messages. Once the gateway detects connectivity loss, it sends an SMS to the network administrator. It can also send emails if a 2G+ data connection is available. 2G is slow but functional. SMS is effective for several reasons – it works on all mobile networks (from GSM to 4G) and on all mobile phones.

In addition, the recipient is more likely to respond quickly to an SMS alert than any other form of electronic communication. Given the number of tweets, beeps, pings and other audio notifications on smartphones, it is surprising that SMS still retains top status in terms of response rates, but marketers confirm that SMS creates a genuine sense of urgency for each received message.

Therefore, your network administrator is sure to act quickly after receiving an SMS alert, and with any luck, can get your network operational as soon as possible.

Other considerations

Companies with SMS gateways in place can relax, secure in the knowledge that essential connections are monitored and that once inactive, an alert is sent out to the responsible parties.

However, alerts alone are not enough to ensure network uptime. As mentioned previously, technology will fail and a comprehensive inventory of spare parts is necessary to mimimise network downtime. Human error and cybersecurity threats are other issues that alerts will not solve–but IT and security awareness training for all employees will not only mitigate these threats but also reduce the risk of network downtime.

In conclusion, when network downtime occurs, you need a rapid response team. Given the cost of downtime to your company, it is worth ensuring your network administrator receives immediate alerts when the network fails. This not only makes financial sense but is a no-brainer for maximising business continuity and preventing reputational damage.

Michael O’Dwyer is a Hong Kong-based business and technology journalist, independent consultant and writer whose stories have appeared on Forbes.com, The Street, IBM’s Midsize Insider, HP’S Pulse of IT, Dell’s Tech Page One and other IT portals, typically covering areas where business and technology intersect. He writes for both US and UK audiences and acts as a technology and open source advocate. Twitter: @MJODWYERHK

Redundancy and Automated Alerts Ensure Business Continuity?

In the UK and Ireland, you are made redundant when you lose your job. When something is redundant, it means that it is unnecessary, a duplicate of the existing. However, in networking and indeed business terms, having redundant options is a positive concept, as it refers to backup solutions that take over when the primary fails.

In a perfect world, where hardware often has a predetermined or estimated lifespan, companies will ensure that business continuity is possible for a wide range of ‘disasters’ whether these include loss of services, hardware failure, data loss or other unexpected events such as fire, flooding and severe weather conditions. These secondary solutions are known as redundant, backup or ‘failover’ solutions as their function is to assume control or allow the means to restore services when the primary goes down.

How important is redundancy for the average company? Is it feasible to guarantee 100 per cent uptime? What steps can companies take to minimise risk or downtime?

Obviously, due to budgetary constraints common to many companies, it is not possible to simply clone an entire IT infrastructure to ensure uptime in all areas. In any case, even if budgets are available, it does not make business or financial sense to do so. However, companies can take steps to protect themselves and reduce downtime risk.

Essential Services

In terms of business continuity, all companies are at the mercy of power companies and loss of power is a problem that faces everyone. It is solved by the use of uninterruptible power supplies (UPS) for every network device. Unfortunately, they are expensive and are not a long-term solution if power loss lasts more than a few hours. Generators will solve the problem and allow internal tasks to resume.

Given the likelihood that any blackout is not limited to your premises, you have also lost internet access, apart from internet-enabled mobile devices, of course.

It is for this reason that many companies utilise cloud services, with managed service providers for key customer-facing elements of the business, such as e-commerce websites, for example. The adoption of a hybrid IT infrastructure makes perfect sense and allows companies to continue working in the cloud until the on-premise network is back online.

In fact, according to a SolarWinds survey, 92 per cent of U.S. IT professionals claim that cloud adoption is important to their organisation. In addition, it is application, database and storage requirements that that drive increasing adoption. When only 6 per cent of have not migrated anything to the cloud, can you afford to ignore the benefits?

However, bear in mind that cloud migration does not eliminate on-premise network concerns as, in the same report, 60 per cent of respondents believe it’s unlikely that everything will be cloud-based, with security and compliance of the greatest concern. Therefore, downtime remains a tangible risk and automated network monitoring can certainly help.

Prompt Response is Key

How will you know if your network goes down? During the working day, it may well be blatantly obvious, as users will immediately contact IT when they can no longer access services. But what happens when IT are offsite or it’s after working hours?

Power loss is admittedly rare in developed countries but loss of broadband or network access is more regular and companies need immediate alerts if this happens, given that key business activities, both internal and external rely on them.

One option is a hardware SMS gateway, which alerts the parties responsible for network monitoring, whether these are on-premise or outsourced from a local IT company. Most importantly, as each gateway contains a SIM Card, alerts are sent even when an internet connection is not present. With a 3G option to facilitate communication, automated email alerts (in addition to SMS) are also possible due to inbuilt modems and watchdog mechanisms.

With such an alert mechanism in place, response time is reduced and your chosen IT professionals can solve the root cause faster, reducing downtime and loss of productivity.

How Much does Downtime Cost?

In many situations, reactive support is necessary, hence the requirement for an automated alert system. With power loss and internet connection issues solved, companies can take additional steps to maintain business continuity.

The big one is, of course, data loss due to hardware failure. Hard drives fail regularly and few companies operate without protecting their data by using real-time backups and regular offsite archiving. However, this is only a small part of the network redundancy options available and each companies needs to evaluate their redundancy strategy. Ask yourself how much it will cost if your internal network goes down for an hour. How about an entire day?

In factory production, for example, an hour could be very costly. In a small office, perhaps not so much. Therefore, weigh the costs of employing network redundancy at all points in the data path against the cost and perceived risk of failure.

Increase Redundancy?

Reducing risk factors is a key objective in business but is generally considered in budgetary terms. If the risk is low and the cost for a redundant feature far exceeds the possible costs of failure then it is not worth implementing.

For example, redundant measures could include but are not limited to:

  • Network cabling setup that facilities redundancy — ring protocols or redundant coupling, for example.
  • Managed switches that reroute connections if one path fails.
  • Redundant dedicated broadband connections from another service provider.
  • Multiple backup plans for servers and desktops.
  • Use of colocation servers and failover technology.
  • Backups for cooling, power, fire and water detection

In conclusion, 100 per cent network redundancy comes with a hefty price tag, requiring ongoing maintenance and management from professionals with a variety of skill sets. Even then, 100 per cent uptime is not guaranteed.

Large enterprises with dedicated data centres can handle these requirements but smaller companies simply do not have the budget or staff to support a fully redundant network. While theoretically, it is indeed better to be proactive, it is more cost-effective to put a preventative maintenance process in place and react to hardware problems as they occur, in accordance with a defined disaster recovery plan. When alerts are automated, what more is needed to reduce downtime?

Michael O’Dwyer is a Hong Kong-based business and technology journalist, independent consultant and writer whose stories have appeared on Forbes.com, The Street, IBM’s Midsize Insider, HP’S Pulse of IT, Dell’s Tech Page One and other IT portals, typically covering areas where business and technology intersect. He writes for both US and UK audiences and acts as a technology and open source advocate. Twitter: @MJODWYERHK

How SMS Remains Relevant in Spite of Emerging Tech

In 1992, the first Short Message Service (SMS) simply read “Merry Christmas”. More than 20 years later, texting via SMS has lost none of its purpose, despite the rise of multimedia messaging service (MMS), the smartphone in 2010, subsequent over the top (OTT) messaging apps and of course, social media solutions such as Facebook. Whether for personal or business use, SMS usage has continued unabated, which is impressive for such ‘outdated technology’ that was originally designed for Global System for Mobile Communications (GSM) networks. As 5G approaches, SMS remains.

When technology moves so fast, how has SMS remained so popular? How can companies capitalise on it to improve internal processes, customer services and other activities?

Trivial Update or Important?

Today, if dining in a local restaurant, we’re treated to a variety of repetitive whistles, chirps and other alerts from smartphones in the vicinity, most of which are ignored by their owners. The reason for this is simple; these alerts typically originate from messaging apps, which cost the sender nothing and as a result rarely require an instant response. An SMS alert is quite different and, while costs vary according to monthly subscription tariffs, there’s a cost involved. The result? Most will quickly read the message and send a response if necessary. In fact, marketing professionals are well aware of this fact, that SMS has the highest engagement rate of all messaging options, with 90 per cent of all SMS messages read within three minutes.

You’re probably wondering, why SMS? Why not call the person directly? Of course, that’s an option but if a group of people are involved, or you’re simply sending a short greeting or confirmation that you’ll arrive soon, isn’t SMS more convenient?

SMS vs. OTP Apps

When compared with Skype, Facebook or other messaging solutions, SMS has several other advantages. SMS bundles are typically included as part of a service plan and are directly linked to your mobile phone. In other words, if you use a mobile, you have SMS functionality without having to subscribe or join another service. You don’t have to invite contacts or accept invitations to communicate.

Not everyone has a smartphone so use of SMS ensures that your contact will receive your message regardless of phone type. The same isn’t true of OTP apps, which relies on high-speed internet to work. If you lose your 3G signal, voice and indeed SMS are still possible.

In fact, in an emergency situation such as a blackout, or during times where mobile traffic is very high (New Year’s Eve, for example), an SMS is typically the best solution as it’s queued in the short message service centre (SMSC) and will be delivered as soon as the bandwidth is available. An SMS text, being limited to 160 characters, takes much less bandwidth than a voice call so is more likely to be processed quicker. Compare that with the frustration of repeatedly dialing and receiving no response.

P2P and A2P

SMS is broken into two distinct types, namely person to person (P2P) and application to person (A2P). P2P is self-explanatory and can include voting  for reality TV shows and entering competitions but A2P is primarily used in the business world and is a growing market, having been adopted by many industry areas and repurposed to aid several business processes including but not limited to:

  1. Customer Security – A2P is used by companies as part of a two-step or two-factor authentication (2FA) process when accessing services that are considered a viable target for hackers. The process typically involved a standard login to a service. Then, as the second step, a passcode is sent to the user’s phone by SMS. The user then enters the passcode and is able to access the service. Banks, other financial service providers and organisations such as Google, Facebook and Hootsuite also protect their customer accounts by combining geolocation detection with SMS transmission, alerting users that their account has been accessed from a suspicious location.
  2. IT and risk management – IT teams may not work 24 hours a day but your business network may well rely on services that require 100 per cent uptime, such as support ticket management or e-commerce solutions. Devices that incorporate a mobile SIM card can alert you when internet connectivity has failed and reduce required response times considerably.
  3. Marketing – Due the high engagement rate mentioned previously, digital marketers with a ‘mobile first’ strategy will include SMS as a vital part of their communication with customers.
  4. Emergency alerts – Emergency services are considering the addition of SMS and in hospitals, paging systems based on SMS technology are commonly employed. The reason is of course based on redundancy, when all else fails, SMS is an excellent and affordable solution.

In conclusion, advancing technology has made smartphones and global collaboration over broadband a reality but despite all this progress, SMS still has a viable role to play in connecting them. While email, OTP apps, VoIP are all useful, they rely on the internet. Without it, SMS and standard voice communication are the only options and are extremely unlikely to become obsolete in the foreseeable future.

 

Michael O’Dwyer is a Hong Kong-based business and technology journalist, independent consultant and writer whose stories have appeared on Forbes.com, The Street, IBM’s Midsize Insider, HP’S Pulse of IT, Dell’s Tech Page One and other IT portals, typically covering areas where business and technology intersect. He writes for both US and UK audiences and acts as a technology and open source advocate. Twitter: @MJODWYERHK