" business continuity Archives - LuxSci

Posts Tagged ‘business continuity’

LuxSci Tips and Tricks: WebAides Password Manager

Thursday, October 20th, 2022

We are starting a new blog series to help you understand some of the more advanced LuxSci features. First, did you know that LuxSci has a password manager tool? We designed this tool to make it easy to securely share passwords across your organization.

What is a Password Manager?

Password managers are software applications designed to store passwords securely. They require the use of one primary password to access an encrypted vault where passwords for other accounts are stored. There are many different password managers out there, with varying features and levels of security.

LuxSci’s WebAides Password Manager

WebAides Password Manager allows LuxSci users to create and securely store lists of passwords. It was designed to suit the needs of businesses and IT administrators.

With just a single primary password to remember, it’s easier to protect and store unique, complex passwords. This offers both security and convenience. WebAides Password Manager uses PGP encryption to safely store passwords for individual users or groups. This setup means that LuxSci employees cannot access the password data of our customers.

The tool is flexible, allowing administrators to control access to shared passwords. If someone is not a group member, they cannot decrypt the password. Administrators can easily add or remove users from groups to tightly control access to sensitive accounts.

Why Use WebAides Password Manager

The granular level of access control makes it extremely easy to share passwords among designated individuals from a central, secure location. Administrators can create multiple password folders to tightly control access to sensitive credentials. For example, when an employee is promoted, they may need to access different accounts. The administrator can add the employee as a member of a management password group and provide them with the primary password to access those account logins.

The tool also includes an export feature for business continuity and disaster recovery. Administrators can decrypt and backup the entire password web archive for offline storage. An offline backup of company passwords protects the organization in case of a catastrophe that brings standard systems down.

LuxSci’s WebAides Password Manager also includes a notes section for each entry. This is a great place to securely document account numbers, previously used passwords, and the security question and answers used to reset passwords or verify identity.

These features are useful for organizations with complex security and compliance needs.

How to Set Up WebAides Password Manager

Detailed instructions can be found in our Help documentation. To access your WebAides Password Manager, log in to your WebMail account and look under Apps -> Passwords. Before creating a new entry, you’ll need to generate a PGP certificate to encrypt the password. This can be done by going to the Account Settings –> Security -> Security Certificates settings.

Our support team is also available and ready to help. Contact us today to learn more.

Business Continuity Planning: RTO vs RPO

Tuesday, August 30th, 2022

When working in a critical sector like healthcare, business continuity planning is an essential task. In fact, organizations subject to HIPAA regulations must create a risk assessment that identifies the systems that contain sensitive data and plan for what happens to that data in case of an emergency. Once you understand what data is at risk, you can begin to understand your tolerance level and plan for the worst-case scenario. Two key factors to consider are RTO and RPO. This article explains the difference between RTO and RPO and how to account for each in business continuity planning.

 

rto vs rpo

Recovery Time Objective (RTO)

RTO stands for Recovery Time Objective. This term refers to the length of time it takes to restore operations from the start of an issue to when the system is again fully functional. Essentially, it refers to how much unplanned downtime can be tolerated before it leads to significant business impacts.

Unplanned downtime of critical systems can be extremely damaging to business operations. For example, if a hospital system’s electronic medical records go down because of a ransomware attack, patient care may need to be stopped or diverted until systems are back online. This could have not only devastating financial impacts but could also lead to loss of life.

Every system will have a different tolerance level for downtime. The Recovery Time Objective will vary based on the importance of various systems and the costs to your business. For example, maybe the EHR can be down for 15 minutes without causing severe business impacts. On the other hand, a less crucial system, like the hospital phone system, could be down from three to six hours without causing significant impacts on the business. Each system requires its own disaster recovery plan and has a different RTO.

Recovery Point Objective (RPO)

RPO stands for Recovery Point Objective. This term refers to how much data could be lost due to an unplanned outage. Organizations must know how frequently to backup data so it can be restored without data loss in an emergency.

Once again, this will vary based on the business and the importance of the data. Some organizations may find that daily backups are sufficient for less critical systems, while others may prefer to employ more frequent backups. Take our last example of a ransomware attack on an EHR. In this scenario, the time of the last backup is crucial. If the attack occurred at noon, and the system is only backed up once a day at 10pm, all the patient data added to the EHR that morning will be missing. For a critical system like an EHR, more frequent backups are appropriate.

The Difference Between RTO and RPO

Both RTO and RPO are vital to creating a business continuity plan. If backups of data are readily available, there will be less downtime. Taking our ransomware example from the previous paragraph, if data is backed up and stored separately from the EHR system, a well-trained and prepared IT team can restore the data onto new servers without severely impacting business operations. Frequent backups will allow the IT team to restore the system with zero data loss and limited downtime.

Business Continuity Planning RTO vs RPO

Every organization addresses business continuity planning differently, depending on the data and systems they utilize. Budget limitations, compliance risk, and data sensitivity are three factors that prominently affect how disaster recovery plans are created.

An easy solution would be to make every system as resilient as possible to avoid system downtime or data loss. However, this is often unrealistic. For most organizations, implementing highly available solutions for every system is too expensive and is somewhat nonsensical.

Conducting a risk analysis helps identify the most significant risks to the business. This information makes it easier to allocate resources efficiently. Extremely frequent backups of minor systems are unnecessary at best and can be outright wasteful. It’s better to focus business continuity efforts on the most sensitive systems and data, especially if a breach has regulatory consequences. In practice, this means creating highly redundant and available configurations for the most vital systems to business operations.

Reduce RTO and RPO with High Availability Solutions

Once you understand your tolerance for downtime and data loss, it is possible to create infrastructure solutions that minimize (or practically eliminate) RTO and RPO. LuxSci’s high availability solutions offer practically zero downtime and data loss. One way to achieve this is by using load balancers to redirect traffic away from unavailable servers. To reduce downtime and data loss, it’s a good idea to use geographically redundant MySQL databases.

To learn more about LuxSci’s high availability solutions, check out our other blog articles or contact our sales team.

Are you Prepared for Disaster? Business Continuity Planning for Email Outages

Friday, February 9th, 2018

Unexpected email outages happen to every email user. It is not a big deal if it is just for a few minutes or some scheduled time at night. However, if it is in the middle of a workday and employees rely on email, it may be a big problem.

planning for email outages

What do you do if your email stays offline for five minutes, ten minutes, or an hour, and you don’t know when it is coming back?

Read the rest of this post »