Digital Business Don’t Work Without the Internet: What’s your Plan?
It seems obvious, but digital businesses require the internet. Therefore, they are more at risk than more traditional businesses. These risks include:
The recent DDos attach on DNS outage took down sites including Amazon, Twitter, Netflix, Etsy, Github, and Spotify. Dyn said on Friday that it suffered a DDoS attack, or a distributed denial of service. That basically means hackers are overwhelming Dyn's servers with useless data and repeated load requests, preventing useful data. Dyn, one of the biggest DNS companies. Domain Name Servers are a core part of the internet's backbone. They translate what you type into your browser —www.pexnetwork.com, for example — into IP addresses that computers can understand. Dyn says that the attacks are "well planned and executed, coming from tens of millions of IP addresses at the same time." Below is a map of the affected areas in the US.
Loss of customer data
Information from at least 500 million Yahoo accounts was stolen from the company in 2014, the company said Thursday, indicating it believes a state-sponsored actor was behind the hack. The theft may have included names, email addresses, telephone numbers, dates of birth, and in some cases, encrypted or unencrypted security questions and answers, Yahoo said.
Ashley Madison is the other high profile site that lost data; high profile for all the wrong reasons. In July 2015, a group calling itself "The Impact Team" stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The group copied personal information about the site's user base and leaked more than 25 gigabytes of company data, including user details.
Winters are starting to be more extreme and whilst we don’t suffer the power cuts I remember as a child, snow often takes down power lines and closes offices. An office without power is a very quiet and unproductive. But the cloud gives a level of resilience. If the office is closed staff can stay at home and still be effective, but only if there are policies and plans in place to make the transition seamless. There is a long list, and only a few of the considerations are below:
- Is it everyone or just key staff?
- Have they the right infrastructure at home to be effective?
- Do the company HR policies allow for home working and what costs can be charged back to the office?
- Can the corporate VPN cope with the additional loading?
- Are there security and credentials management issues that prevent it working?
- How do we communicate with staff that the “stay at home plan” is in operation?
- And what is the plan for returning to normal.
What is your plan?
In this new digital world, it is not “if” but “when”. But companies do not seem to have clearly documented and accessible processes or plans that anticipate such problems. These are plans which can be quickly picked up and applied – even if the network is down. Think of these plans rather like a fire drill or earthquake drill (if you live in California).
Companies practice fire drills regularly – “a planned response to a known threat”. But the chance of a fire is way lower than the chance of a power outage or website down. So why don’t companies have a set of processes that have been planned and documented? Here are some reasons:
- It won’t happen to us: REALLY?
- Not important enough: It is not life threatening, like a fire. But surely it is certainly a big enough risk to want to mitigate it
- No one is clearly responsible for it: It falls between CEO, CIO and VP Operations.
- Priorities: We are too busy and other things are more important
- Too hard to think about: A fire drill is easy in comparison. Check the bell works. Check there are fire extinguishers. Pick a meeting point. A properly planned and coordinated response to an outage is more complex… but not impossible.
The processes need to be in enough detail which define how to respond to the issue when everyone is panicking. With all these things, it is not hard to do when everyone is calm and people are thinking straight. So why not do it before the sh!t hits the fan. Because if it hasn’t hit it yet – it probably will do at some point soon.
So get it written down, and practice it. NOW.
Luckily the app for mapping those processes and linking to the supporting documents is FREE. https://Elements.cloud. In less than an hour in live (and remote) workshop you could have a pretty good 1st cut of your “Outage Plan”.