Managed Services

user awareness program

6 Keys to Success for a User Awareness Training Program

It’s 22 years into the new millennium and cyberattacks are more prevalent, sophisticated and scarier than ever. It doesn’t matter how much a business invests in technologies and systems to protect its assets against threats if employees are incognizant of phishing emails and ransomware attacks. It’s time for businesses to get with the program. A user awareness training program.  

User awareness programs educate employees on the foundations of spam, phishing, spear phishing, malware, ransomware and social engineering so they can use this knowledge in their day-to-day job.  

Keys to a User Awareness Training Program

Below is a list of six keys that will help launch such a program for those businesses that have wisely considered such an investment. 

1. Gain Organizational Buy-In 
User awareness programs are company-wide and require the participation of every department to be effective. IT handles launch, management and maintenance. Executive leaders are responsible for the overall adaptation of the program. Then, HR is accountable for triggering onboarding and training. Support from these major players is essential for a trickle-down effect of getting the rest of the employees to opt-in and participate in the program. 

2. A Consistent Program 
Phishing emails are sent all day, every day. A once-a-year training course to keep employees on the lookout for attacks is not enough. An effective program that educates employees is both consistent and year-round to be vigilant and knowledgeable when it comes to cybersecurity.  

3. Go Above & Beyond the Minimum Requirements 
Many cybersecurity insurance companies and state regulations require user awareness training programs as a prerequisite for coverage or compliance. Too many companies see training programs as a way to check off a box to complete these mandates. Don’t fall into that slump. Wholesome programs are empowering, are a good investment and can provide years of bolstered defense when done on a consistent basis.  

4. Select the Right Approach 
Companies can choose from three main approaches to user awareness training programs: 

  • Content: A company can create its own content and run the program itself.  
  • Platform: A company leverages an outside organization’s program. Capture pre-created content and use templates.  
  • Managed Service: A company can completely outsource a user awareness training program for another company to manage.  

It is important for a business to analyze its internal resources when determining the right approach. Does it have the time to create its own content? Does it have the necessary technology for platform management? Does it have the funding to hire a managed service?  

A good program educates its users, is relevant to your organization and is customizable. It should instruct with its text and video content but also provide interactive tools such as quizzes. The best programs will truly engage its users rather than just deliver content.   

5. Utilize Complex Tactics 
Attackers are tricky and are using more sophisticated phishing emails every day. They’ll do thorough research to construct messages that are tempting for specific individuals and organizations. Employees are not getting real-world experience if generic templates are used during simulated training attacks. Complex tactics must be used during training so users can reap the most out of the experience and develop a deft eye.  

6. Have Dedicated Resources 
User awareness programs work best when they have a dedicated resource that can focus on its management. Initial setup is not long but implementing it requires more attention and effort. After that comes customizing the program, tracking progress and handling upkeep tasks. Don’t forget, the real key is not one single running but rather consistent, ongoing trainings.  

How Brite Can Help 

Brite offers a comprehensive user awareness training program that truly gives employees the experience they need to fight phishing. Our extensive process includes five steps: 

Baseline Testing 
We’ll gauge the percentage of your users who are at-risk through a simulated phishing, vishing or smishing attack. 

User Training 
Brite selects training content from the world’s largest library of security awareness training. We have access to interactive modules, videos, games, posters and newsletters. We’ll also remind users to complete the trainings. Take a look at some of our free resources here 

Phishing 
We craft carefully selected and company and industry specific templates to create realistic simulated phishing, vishing and smishing attacks to test your users.  

Results 
Detailed reports documenting progress on an organizational, teams and high-risk individual scale are provided monthly for tracking the success of your program.  

Repeat 
Brite will send a total of four simulated campaigns a year with each campaign consisting of at least ten emails. Year-round, consistent training is key to keeping employees trained and at the top of their game. 

Remember 

Humans are the targets of cyberattacks, not security tools or machines. User awareness training programs are essential for those technologies to work properly. Furthermore, if you’re paying for a training program, take the time to truly invest in it by properly educating users. Follow the 6 keys to success above and you’ll be off to a great start.  

As always, if you have any questions feel free to contact a member of the BriteProtect team. 

managed service provider

3 Critical Services Every MSP Should Offer

Managed security providers vary vastly with how they do business and what they offer. It is often challenging to compare providers if you are in the market for an MSP. On the surface, most MSPs offer a basic level of IT management and help desk. When you dig a little deeper, comparing providers is really more like comparing apples to oranges. The MSPs that rise to the top of the barrel are those that offer a comprehensive approach to managed services. These days, there is more to managed IT services than just the help desk. Cybersecurity must play a prominent role as well as business continuity for fast recovery should a breach occur. Services that every MSP should offer include ones that are holistic in approach, ensuring businesses stay up to date with changing technology, security and disaster preparedness. 

Services That Every MSP Should Offer

Be on the lookout for the three MSP categories of services below and the details of what each entail. If the business doesn’t provide all three, you probably want to keep searching to maximize the return on a MSP relationship.  

Service 1: Proactive IT Services 

Information technology (IT) services used to be reactive, using a break/fix methodology. It was simple: something would break, and the IT provider would fix it in a reactive way. Using this defensive strategy leaves organizations vulnerable in our technology dense world. It is often too late to easily fix a problem by the time it has been observed by the user.  

Modern businesses must be aggressive in their approach to IT if they want to avoid detrimental security risks, hardware failures, employee downtime and unplanned costs. To avoid these crippling effects, partner with an MSP that goes on the offense with a dedicated team that works to find those “breaks” before it can negatively impact the business.  

World-class MSPs know that business happens around the clock and that companies require 24/7 monitoring of the network, servers and devices to ensure uptime and security. As for the help desk, make sure they offer 24/7 support – do not settle for anything less because when you need help, help needs to be there. 

Key Offerings to Look for:  

  • 24/7 help desk support 
  • 24/7 infrastructure monitoring & alerting 
  • Server health management 
  • Active asset management 
  • Patch management 
  • Network performance monitoring 
  • Managed email (i.e. Microsoft 365) 
  • Active directory & group policy administration 
  • New PC refreshes 
  • Dedicated network administrator 

Service 2: Essential Cyber Defense 

You may be tired of hearing it, but it cannot be said enough. The need for cybersecurity is more important now than ever. The reality is that cyberattacks have become more sophisticated and increasingly widespread.  

Take the example of spray-and-pray attacks which occur at alarming rates. Spray-and-pray attacks are random cyber assaults in which the aggressors do not target specific businesses. Rather, they set up widespread, automated onslaughts and exploit the vulnerabilities unsuspecting companies have. 

The good news is that Fort Knox level security is not needed to protect against this kind of attack. Good tools that are properly managed will do the trick. In your search for an MSP, look for one that provides enterprise-level security tools along with a skilled team of experts monitoring and managing them. Don’t be afraid to ask what tools are behind the service!  

Key Offerings to Look for:  

  • Email security 
  • Web content filtering 
  • Endpoint protection 
  • WiFi security 
  • NextGen firewall 
  • Patch management 
  • Role-based data access 
  • Multifactor authentication 
  • User behavior analytics 
  • Enhanced data security 
  • Vulnerability scanning
  • Advanced security operations

Service 3: Backup & Recovery 

Q: When is an appropriate time to figure out how to respond to an attack? 

A: Not when the attack is happening. 

The best time to prepare for an attack is before the attack occurs. There are plenty of reasons why a business needs backup and recovery including systems failure, natural disasters, human errors and of course, cyberattacks like ransomware. All of these can wreak havoc on a business and are reasons to have a well-documented disaster recovery plan to quickly recover from a disaster or attack.  

Be sure your plan includes both infrastructure as well as workspace backup, and then give your plan a test run and confirm your strategy. It needs to be flawless in scrimmage if it is going to work during game time. 

Key Offerings to Look for: 

  • On-premises & cloud backup 
  • Unlimited cloud retention (for at least a certain time period) 
  • On-site failover 
  • Continuous snapshots 
  • Screenshot verifications 
  • Disaster recovery testing 

Remember!  

All MSPs are not built equally. Partner with one that is well-rounded and includes not only help desk services, but also proactive IT, cybersecurity and business continuity plans. After all, you need to stay ahead of the game to remain competitive when the digital backbone of a company is in question.  

How Brite Can Help 

When you partner with Brite, you partner with experience, proven success and world class managed services. We believe in providing a service that includes everything from 24/7/365 help desk support and infrastructure monitoring and alerting to proactive maintenance of hardware and networks. 

What truly sets us apart is our critical cybersecurity which utilizes enterprise-grade tools that are expertly managed to keep your data safe. Then we cover all our bases with a backup and recovery plan to be prepared in the event that anything happens. These three services combined make up what we call BriteStar, our comprehensive managed IT service. 

Learn About BriteStar and its world class MSP approach! 

Why Monitoring and Management is Needed

“Monitoring and management” is a common phrase in the IT and cybersecurity space. And while it is vague, it is an incredibly important component in a strong cybersecurity plan. Between maximizing tool investments, detecting attacks and optimizing setups, here’s why you need monitoring and management.

Monitoring

The first half of this duo is monitoring. This simply refers to watching security tools to detect abnormalities such as a compromised device or asset going down. In the most severe of cases, this is when a cyberattack would first be detected. And when it comes to attacks, time is everything. There have been notable data breaches in which the environment was compromised for months because it was not being properly monitored.

Successful monitoring occurs when people and tools are combined to maximize features. Tools are how anomalies are detected; however, it is critical to also have eyes on the tool to respond to notifications.

Management

To round out monitoring of tools and environments comes the overall management. We alluded to this a bit when discussing monitoring. Management is a huge factor in a truly proactive cybersecurity plan. A proactive approach allows for teams to plan and get ahead for prevention, versus a reactive scramble when there’s an incident.

One common issue is investing in a security tool and set it up – and then not doing anything with it. That’s on the list of “What not to do: Cybersecurity edition.” Let’s be real, not only is that a waste of money, but also not productive or a secure method. Cybersecurity is ever-evolving and changing. Tools, processes and approaches need to reflect that and be frequently optimized for best performance.

Monitoring and Management

At the end of the day, you can’t have monitoring or management without the other. To truly leverage your tool investment for proactive security defense, tools must be optimized according to monitored behavior that is observed through management. Adding true monitoring and management allows for better utilization of tools for stronger cybersecurity.

Now, we should mention that monitoring and management is a 24/7/365 task. Unfortunately, attackers do not respect the 8-5 work schedule. Luckily, that is where a managed service can help. Even luckier, Brite’s BriteStar managed IT service is a fixed-per-user cost that is more than happy to work with you to monitor and manage your environment.

 

Explore BriteStar here.

Brite Spotlight: Meet Jaime and Brian (Security Co-op Edition)

Happy Cybersecurity Awareness Month! While we spend the month empowering all individuals with the tips and skills to #BeCyberSmart, this week’s theme is Explore. Experience. Share. The theme highlights cybersecurity careers and builds awareness around what they do. Today, we want to introduce you to two of Brite’s security co-ops to share their experience and entrance into the world of cybersecurity.

Jaime and Brian were part of the Summer ’21 co-op group in Brite’s Security Operations Center (SOC) working on a team with security analysts actively monitoring and managing clients’ security environments. Since Brian accepted a full-time role as a security analyst and Jaime is continuing her co-op through the fall semester as she continues her studies at RIT.

They can tell you about it better than we can, so let’s hear from Jaime and Brian…

What is your favorite part about being a security analyst at Brite?

Jaime Campanelli

Jaime: The resources and projects I have been working on are very interesting and cool.

Brian: I get to be a part of a program that’s growing at a fast pace and be a part of the process for creating new capabilities and security features. I also get to work with the best people at the best company every day!

What is the top takeaway that you learned during your co-op?

Jaime: “Good Enough is Never Enough” and how important it is to collaborate with others to ensure security and privacy.

Brian: I got to learn the ins and outs of our services and develop playbooks for responding to security events that I got to build on in new client relationships when I

moved into a full-time role on the SOC team.

Did anything surprise you?

Jaime: How attackers can disguise any malicious activity as many different things. In addition to how in-depth everything needs to be analyzed to make sure it is not malicious.

Brian: The many ways in which attacks can start and how quickly everything changes in tactics and techniques. Taking these changes and creating new detections and monitoring is a constant thing that being in the thick of it shows you.

The coolest project you worked on?

Brian Bullis

Jaime: Setting up honey users and deploying a deception sensor.

Brian: Our ongoing automation efforts and improvements allow me to work on cool scripting projects that improve the efficiency of our processes and allow us to spend more time looking at real security events and fewer false positives.

How have your studies translated into your work?

Jaime: My studies have translated into my work greatly. A good amount of information I learned at RIT in lectures or projects has been directly related to the work I have been doing here.

Brian: My classes at RIT prepared me for the real-world SOC work we do every day. I learned a lot about cyberattacks and defense, networking and forensics that come in handy everyday investigations of security events.

What’s your dream cybersecurity job?

Jaime: Working as a Security Director or a related position in a government agency or contractor.

Brian: I’d love to learn more about penetration testing and ethical hacking so that I can look at things from an attacker’s perspective and improve defense capabilities for the good guys.

Thanks to Jaime and Brian for giving us a BTS look into their experience as security co-ops. We wish you the best of luck in your studies and careers. If you want to learn more about security analyst roles, Nick and Sean also shared their insight here.

5 Mistakes to Avoid with a New User Awareness Program

All the security tools in the world are incomplete without trained users. User awareness training programs exist to educate users and equip them with the skills to be the last line of defense against cyberattacks. Even with the best intentions, user awareness training programs can fall flat. To make the most out of your investment and truly increase security, here are five mistakes to avoid when launching a program.

1. Lack of organizational buy-in

Developing a true, company-wide program means that multiple departments need to have involvement: IT will be responsible for deployment and management, HR for ensuring all employees are involved and executive leadership to manage adaptation.  Therefore, it is important that as a first step there is inter-departmental buy-in with key players. The major players must be on board and understand the value of a program. This support is critical for a trickle-down effect of getting company buy-in and participation.

2. Inconsistent program

Three billion phishing emails are sent every day. Is one, 30-minute training a year enough to keep employees vigilant and educated on such attacks? A truly effective program is consistent and year-round to keep it top of mind for all users.

3. Only checking a requirement box​

Cybersecurity insurance companies are now requiring user awareness training programs as a prerequisite to coverage. State regulations and mandates also require security protections and training. Regardless of your reason for implementing a program, simply checking the requirement is not enough. To be frank, it is a waste of money and resources. User awareness programs are empowering and reap years of defense while deploying a single simulated phishing attack does little.

4. Utilizing generic tactics​

Attackers are sneaky. When the payday is big enough, attackers will do their research and due diligence into crafting appropriate messages for an individual and organization. If obvious, generic templates are used during simulated training attacks, users are not getting the most beneficial experience or developing a keen eye.

5. Lack of a dedicated resource​

Not having a dedicated resource to implement, track and customize your program puts the organization at a disadvantage. User awareness programs require a fairly heavy lift to implement and a variety of upkeep tasks. We’ll be honest, the initial setup is not incredibly long. However, the value is not in a single running, but rather how organizations create custom, ongoing trainings.

At the end of the day remember: people, users, employees are the targets of cyberattacks – not security tools and machines. If you’re spending the money on a user awareness training program, then move the needle and properly educate users by avoiding common mistakes.

Now that you know what not to do, learn how to start a cybersecurity awareness program today!

 

3 Steps If You Receive a Business Fraud Email

Business email fraud is a highly specific and targeted tactic used in phishing emails for monetary gain. Would you rather learn how to spot one, or cost your company thousands? Hopefully, it’s the former because this blog shares insights into:

  • What is business email fraud?
  • How to spot it.
  • 3 steps if you receive a business fraud email

What is business email fraud?

We hinted at it above yet let’s dive into what business fraud is. Business fraud (also known as CEO fraud or business email compromise) is when a business leader or executive sends an urgent request for an exchange of money with a third party. These requests often correlate to strategic events taking place in their personal or professional lives. Common requests include:

  • Pay unexpected invoice immediately
  • Wire a large sum of money to third party
  • Buy 100 Apple gift cards from a specific link

In any case, large amounts of money are lost – and not retrievable. Since the monetary value is high, attackers spend time researching targets to create accurate asks that are relevant to operations or correspond to life events.

3 steps if you receive a business fraud email

There are three best practices to do when you suspect business email compromise.

  1. Use common sense. If it smells like a fish, it is probably a fish.
  2. Do not reply or share any information.
  3. Call the sender directly or start a new email chain to confirm the requested action. It is better to follow up with the individual than to cost the company thousands of dollars.

Remember the theme of business fraud emails is financial requests. Those in accounting, HR and management should be aware and educated on business fraud to prevent detrimental attacks. People are the last line of defense, let’s #BeCyberSmart.

5 Ways to Spot Phishing Emails

Scam artists – sneaky, deceitful, intentional – whether it’s someone on the street, the phone or online. We’ve all been exposed, or worst have been a victim of a scam. Today, modern pickpocketers have carefully orchestrated phishing emails designed to manipulate and target people’s instincts. That leaves us to be educated on how to spot phishing emails.

The right inbox mentality

How many unread emails do you have right now? Our inboxes are consistently bombarded with new messages. With that, you must open your inbox with an attentive mentality. A successful phishing email has the victim complete an action – enter login information, wire money, purchase gift cards, etc. When you’re not focused and vigilant your risk greatly increases.

After a quick scroll through hundreds of emails, it is easy to glance over one and think it is legitimate. Especially when you think it’s from a trusted source – Amazon, your boss or even the CEO.

Bottom line is that you need to minimize distraction when you decide to tackle your inbox strategically and safely.

How to spot phishing emails

There’s a checklist of criteria to evaluate each email to determine if it is legitimate once you’re in your inbox. Some are more obvious than others, but you should always check:

  1. Inconsistent domains, links and email addresses.
    Look for slight changes in well-known domains and see if link URLs are consistent with the sender domain.
  2. Poor spelling and grammar.
    Bad actors often strategically use poor grammar and misspellings to filter out the more critical people, leaving those who act more likely to complete the desired action.
  3. Suspicious demand for action.
    Think it is odd that your password is being requested via email link, or that your boss wants you to buy 10 gift cards from a website? It probably is.
  4. Request from a vendor to an unassociated email address.
    Know which email address is associated with each account. Be wary of requests to non-associated addresses.
  5. Unexpected attachments or email.
    Not expecting to hear from someone or to see an attachment? Follow your instincts and be suspicious.

And tactics are ever-evolving. Stay up-to-date on the latest methods to always be prepared. Attackers prey on and manipulate human instinct and emotion. The more exposure you have to evolving tactics, the more prepared you will be to spot them. Also, consider having your organization implement anti-phishing and user awareness training programs to collectively educate all users.

Password Fails.

Ah, passwords. The annoying gate to access every digital account. And since it’s 2021 and everything is online – the accounts and passwords add up. Just like we pay taxes and wear seatbelts, it feels as if we need to make an account just to do simple browsing. Nonetheless, passwords are a necessary evil of the world. They exist to keep your data and information protected. It is important to talk about how to avoid common password fails that jeopardize your identity.

Password fails: What not to do

We’re sorry to say that 123465789 is not a strong, secure password. Attackers can research targets and piece together information. When using an easily guessable password, they can not only access the account but use that information to access multiple accounts.

How can you avoid that from happening? Stop using these common password fails:

  • Significant other’s name
  • Kids’ names
  • Pet names
  • 123
  • 123456789
  • qwerty
  • Your house number
  • Birthday
  • Anniversary

Not only are those bad but saving your passwords on post-it notes out in the open (like on your keyboard or a Word doc on your desktop) is asking for identity theft.

Taking the time to create strong passwords habits now will save you bigger headaches in the future.

How to create a strong password

Long and complex is the key to a strong password. Passwords have those lists of requirements for a reason. Use that as a guide along with:

  1. Use a mix of characters (capitalization, symbols, numbers)
  2. Avoid common substitutions (0 for O, or 1 for I, etc.)
  3. Again, make it loooooooooooooooooong (12 or more characters)
  4. A different password for every account. Never repeat.

Password management

Look we get it. Just the thought of a different, complex password for every account is dreadful. Luckily, there are several solutions out there to help. Password managers are a lifesaver and incredibly easy to use. For example, LastPass, or simply the built-in password vaults from Apple and Google, are a starting point for managing and protecting passwords. Be sure to do your own due diligence and research into the security features and reputations of each.

At the end of the day, we each have the responsibility of protecting our identity and passwords. Good habits start today. Go update your accounts and passwords with the guide above.

The Sensible Approach to IT

Case Study | Accounting firm sought support for IT, regulations and cybersecurity

The increasing potential of a breach and pressures from cybersecurity regulations paired with a hectic busy season led accounting and CPA firm RDG+Partners to seek a managed IT provider for its support.

RDG+Partners recognized that its expertise is in accounting, not cybersecurity and IT. With their prudent approach to finance, it looked for a provider to cost-effectively meet all its IT needs. As a result, the firm selected BriteStar for a comprehensive managed IT services offering. The offering from Brite extends beyond basic IT and helpdesk services to include advanced cybersecurity protections.

“Between day-to-day support and ongoing security services, we knew that selecting BriteStar was the sensible decision,” John Rizzo, CPA and Managing Partner at RDG+Partners said. “Our industry and access to client information make us easy targets for attacks. With the reliance on technology, we can’t afford downtime during the busy season or throughout the year! Our technology cannot impede our services.”

The BriteStar Solution

A three-phase, comprehensive approach makes tackling IT and security easy for any organization.

“Implementing our comprehensive service within three phases helps customers like RDG+Partners digest the capabilities and accurately understand the support and coverage they’re receiving,” Steve Wilmarth, Brite’s Sales Director of Managed Services. “This benefits the fast-paced RDG+Partners. The internal IT team can be confident in exactly what’s taken off their plate.”

Proactively Maintain Business Operations

A proactive IT approach was necessary to keep RDG+Partners operational, especially during the busy season. Long hours and critical timelines emphasize the need to minimize technology troubles.

The team gained confidence through BriteStar’s proactive planning and management: all individuals receive properly imaged PCs with appropriate access to programs, patches are done in a timely manner and servers are continuously monitored and managed. Once the proactive approach was implemented, ticket volumes and frustrations dramatically decreased.

When issues do arise, BriteStar’s 24/7 unlimited helpdesk jumps into action. From simple password resets to facilitating third-party software support, RDG+Partners knows that Brite is always there to resolve their technology problems.

“Having a dedicated team that we can trust and rely on at any time eases the burden. Our entire team knows to contact the helpdesk for any issues,” Rizzo recalled. “As Managing Partner, it’s a peace of mind to know the entire Brite team has our back to keep us up and running.”

The Pressure for Security

Accounting and CPA firms have inherent security risks that require proper management, monitoring and protection of client data and systems. The recent focus on protecting personal, sensitive data required RDG+Partners to adhere to complex cybersecurity regulations like NYS DFS 23 NYCRR 500 and the New York SHIELD Act.

The regulations require network, data, email and endpoint protections along with 24/7 monitoring and management of those tools.

The ability to generate compliance reports quickly and easily was also critical. Brite was able to easily meet all needed requirements and provide detailed documentation, which is reviewed at Quarterly Business Review meetings.

A Good Plan Always Has Backup

We all know that even with the tightest security and proactive planning, there will be a failure at some point – it is inevitable. To protect against natural disasters, systems failures or cyberattacks like ransomware, BriteVault’s Disaster Recovery and Business Continuity solution was deployed.

RDG+Partners quickly realized the benefit of BriteVault when it lost the backbone of the IT infrastructure during a server failure. As the failure was detected, the systems automatically switched over to the backup environment, eliminating any disruptions. Because of the well-executed business continuity plan, employees did not experience downtime and no company data was lost. Upon Brite’s investigation, it was determined to be a server failure and not a cyberattack. The server was repaired, and operations continued.

Rizzo reflected, “The strategic foresight to partner with a provider is invaluable. Again, just the peace of mind that I know we’re protected; and that the entire Brite team is there for anything is a huge burden off of our team.”

Why is Disaster Recovery Important?

Disasters are unpredictable and devasting. Whether it is a natural disaster or a cyberattack, the damage to businesses and IT infrastructure is unavoidable. While we don’t have much construction experience, we can certainly help the recovery process by sharing our tips and insight to answer the question: Why is disaster recovery important (and why every company needs it).

What is a disaster recovery plan?

From NIST, a disaster recovery plan is “A written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities.”

Essentially, a disaster recovery plan enables IT infrastructure to be recovered in seconds after a disaster or downtime. That includes business-critical data, systems, desktops, servers and all other components within the infrastructure.

The main goal of a disaster recovery plan is to minimize downtime in the event of a disruption. Did you know that downtime is costly for businesses? An hour of downtime costs $8,000 for a small company, $74,000 for a medium company and $700,000 for a large enterprise.

Explore how easy a disaster recovery plan is with BriteVault, Brite’s managed service.

Do you really need disaster recovery?

A disaster recovery plan is a form of insurance for everything that falls under the IT umbrella. Just as you would insure your house, employees and business, it’s best to protect the crown jewels of the business (IT and the data). Let’s explore how a disaster recovery plan paid off for our BriteStar customers:

Lupton Associate’s Ransomware Attack: An attack locked all users out and held systems hostage and demanded a ransom. Instead of paying, systems were restored from a backup and operations were back up and running with only 15 minutes of downtime. Read the whole story here: “Small Business. Big IT Problems.”

Fire at Shadow Lake Golf and Racquet Club: After a kitchen fire destroyed the club’s office and physical IT setup, the BriteStar team jumped into action to set the team up with a temporary office and computers. Thanks to the disaster recovery plan and cloud backups, no data was lost, and Shadow Lake resumed operations the same day. Read how the proactive plan avoided more headaches on an already stressful day: “Proactively Mitigating the Effect of Disaster

No company can anticipate a cyberattack or fire (or any natural disaster). However, the responsibility is on the company to be prepared if one does occur.

Scroll to Top