Silicon Halton Meetup #35 Slide Deck

1,163 views

Published on

What would you do if you were locked out of your office for 5-days?

If your business is unable to service its clients for 5 consecutive days or more, (e.g. have to abandon / surrender your facilities), the FEMA statistic says 80% of these businesses will be out of business within two years. Large corporations are able to fund, plan, build and test disaster recovery & business continuity plans.But what about the rest of us mere mortals? What is realistic preparation for Small & Medium businesses?

Meetup 35 in Oakville saw three presenters and a panel Q&A session with 4 panelist.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,163
On SlideShare
0
From Embeds
0
Number of Embeds
211
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Point people to blog to hear full story.
  • Our most important assets are our People, Business and Data.
  • To Protect our People we have an ERP, BCP for Business and DRP for Data.
  • This structure has three levels Tactical , Operational and Strategic. The Tactical level is yellow and represents the tactical level or front line response teams and include the emergency response teams, business recovery teams and disaster or data recovery teams. These groups manage all the Stage One incidents.The Operational or Orange level represents the Incident Management Team that will oversee and direct all stage two and three incidents.The Strategic is red and represents our strategic or executive level. The executive team will assist in some key decisions in terms of approvals on spending, operational issues as required and communications with internal and external groups.
  • I always like to put in this slide known as the designated worrier slide. This is to point to the person who is responsible for worrying about the fact that these issues are getting handled in a timely and effective manner. When we have an incident it is our tactical level teams that spend 90% of their time worrying about how manage or clean-up the incident and 10% on maintainingoperations. The incident Management team spends 50% of their time worrying about the incident and the other half worrying about restoring and maintaining operations. The Executive team knows the incident is being managed and therefore spends 90% of their time thinking about is how to meeting operations, reputation, communications and how these may impact the organization.
  • Once the incident stage level has been determined, switchboard will then know what teams or individuals will need to be activated and who needs to be notified. An activation is an alert to someone who is going to participate directly in the event.A notification is really just FYI and someone who needs to be aware of the incident but not have any direct participation or actions. You can see on this scale a stage one incident with activate the ERT and only notify the IMT. At stage two both the ERT in the IMT of the would be activated in the executive on-call would be notified. For a stage three incident, all levels of our incident management structure would be to activated.
  • This structure has three levels Tactical , Operational and Strategic. The Tactical level is yellow and represents the tactical level or front line response teams and include the emergency response teams, business recovery teams and disaster or data recovery teams. These groups manage all the Stage One incidents.The Operational or Orange level represents the Incident Management Team that will oversee and direct all stage two and three incidents.The Strategic is red and represents our strategic or executive level. The executive team will assist in some key decisions in terms of approvals on spending, operational issues as required and communications with internal and external groups.
  • Decision #1 :determine your “level of paranoia”, i.e. how much can you really afford to worry about and prepare for.
  • Decision #2: decide what really matters
  • Regardless of organization size, what’s urgent takes precedence over what’s important.Preparedness has to be built-into routine processes, or it will be forgotten until September 12.
  • Influenza ‘A’ Pandemics are to humans what fires are to forests: just a part of life.
  • Large organizations and emergency responders can afford to have sophisticated Incident Management processes.
  • Tenet’s mobile app
  • Source: Data Leakage Worldwide: Common Risks and MistakesEmployeesMake - Cisco 2008• Unauthorized application use: 70 percent of IT professionals believe the use of unauthorized programs resulted in as many as half of their companies' data loss incidents.• Misuse of corporate computers: 44 percent of employees share work devices with others without supervision.• Unauthorized physical and network access: 39 percent of IT professionals said they have dealt with an employee accessing unauthorized parts of a company's network or facility.• Remote worker security: 46 percent of employees admitted to transferring files between work and personal computers when working from home.• Misuse of passwords: 18 percent of employees share passwords with co-workers. That rate jumps to 25 percent in China, India, and ItalyHttp://boss.blogs.nytimes.com/2012/08/29/starting-over-after-a-cyberattack-shuts-down-the-business/Train Derailments: http://news.nationalpost.com/2012/02/26/burlington-train-derailed/Meth Labs: http://www.mississauga.com/article/17484 http://www.rkiinstruments.com/pages/application_briefs/Methamphetamine_Laboratories_Gas_Detection.htmData leakage: http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns895/white_paper_c11-499060.html http://humanresources.about.com/od/whenemploymentends/a/end_employment.htm
  • What are the risks to your critical business processes and procedures? What would happen in you could not access your clients, issues invoices, pay employees and suppliers. How long would they wait while you figured things out? What is your process to resume communications & coordinate notifications and recovery procedures?What if an ex-employee accessed one or more of your social media accounts and posted obscene or embarrassing information about you or your company? Do you have an employee exit policy and checklist in place to protect your critical communication and social media properties, client and staff lists? Are you subject to government or industry governance & compliance requirements? What are the penalties and publicity risks associated with non compliance?Do you have just in time inventory or response sensitive SLA’s in place with any of your customer’s and clients?You’ve invested time, money, heart & soul into building your business. If your business is generating a 6 figure income for you, is it not worth investing in the protection of that income and asset stream?How much you spend on promotional items, gift baskets, and staff events relative to the ongoing resiliency of your business?
  • Panelists
  • Silicon Halton Meetup #35 Slide Deck

    1. 1. Meetup #35: SMB Disaster Planning -Whats Realistic?www.siliconhalton.comlinkedin/siliconhalton@siliconhalton
    2. 2. • Welcome • AnnouncementsAgenda • Keynote: SMB Disaster Planning Presentation + Panel Q&A • G2KYM – Open. You? • Open Floor
    3. 3. Show of Hands
    4. 4. Announcements
    5. 5. Silicon Halton & HalTech Demo Night• Held Aug 22/12 in Milton• Demo’s from 6 companies• Need volunteer to run for 1-year. You?
    6. 6. • Professionally Developed Silicon Halton promo• Produced my member @ClickRyan• http://vimeo.com/45332409• Sponsor a promo video?
    7. 7. Technology Shared Office Space• 555 Industrial Drive, Milton• 14,000 sqft ground floor space• Shared boardrooms, meeting rooms, kitchen, more..• Jan 2013 Occupancy• $5B company previously started here• Contact Rick Stomphorst• Aug blog: http://bit.ly/MH02K2• Related, “Find a workspace”: bit.ly/Ig8ieB
    8. 8. AngleOne 12-month report
    9. 9. SMB Disaster Planning
    10. 10. Incident Management • Situational Awareness and Performance
    11. 11. Our Assets
    12. 12. Plans to Protect
    13. 13. Incident Management Structure Situational AwarenessExecutivesManagersSupervisor/Staff 13
    14. 14. Designated Worriers Incident / Big picture 14
    15. 15. Incident Level CommunicationCritical – Fatality Activation – Action requiredMajor – EMS Notification – FYI, no action requiredMinor – Treat and return to work All Clear – Incident resolved 15
    16. 16. IMS ResponseStage Three Incident  ExecutivesStage Two Incident  MangersStage One Incident  Supervisors/ staff 16
    17. 17. Job Action Sheets (JAS)Emergency CodeResponder Level and StagePhase 1Phase 2Phase 3Phase 4Contact ListsRequired Documents 17
    18. 18. Performance Situational Awareness Competence Confidence Scott Ashley www.get-ready.ca scott.ashley@get-ready.ca
    19. 19. Emergency Continuum Inconvenience Problem Emergency Crisis Disaster Cataclysm• Degree of impact on – Organization – Staff – Community – Government – Infrastructure 19
    20. 20. Business Continuity• Controlled degradation – Like a body going into shock• What functions are really critical? – You may be surprised – Criticality is tied to how long the function is not available• Reallocate resources, build-in redundancy 20
    21. 21. Mitigate & Prepare• Reality check: – People will forget to prepare – Readiness processes will fade away – Plans won’t be tested and will get obsolete• Best hope: – Leverage existing processes – Get your information close to the source – Use “emergency” processes routinely – Create a 1-page Emergency Plan 21
    22. 22. Pandemic Planning Extras• Planning assumptions – 15% to 35% of workforce is affected – First 8 weeks are bad, then it really hits you – Ubiquitous: you’re on your own• Well defined phases to pace response• Ethical & business considerations – e.g. pay for antivirals? for whole family?• Pandemic fatigue 22
    23. 23. Typical ICS/IMS Organization• MaHIM 23
    24. 24. PINpoint automatically generates and distributes aMobile Emergency Manual Carlos Paz-Soldan, Tenet ComputerGroup Inc. @Tenet_com
    25. 25. Silicon Halton Meetup #35 – SMB Business Disaster Planning© 2012 Modular Data Protection Services Inc. All rights reserved. Confidential.
    26. 26. What is realistic preparation forSmall & Medium businesses?
    27. 27. What Other Threats is Your Business Exposed to?Meth lab building remains closed to workers – Three killed in Via Rail train derailment inMississauga News 05/05/2008 Burlington, Ont. – National Post 02/26/2012 Starting over after a cyberattack shuts down the business –The New York Times – 08/29/2012
    28. 28. Business Risk Impact Assessment Consider Rationally & Honestly: • Business (AR/AP, Access to clients, Staff, & Suppliers) • Corporate & Professional Reputation (Internal/External) • Intellectual Property and Intangible Assets (Loss of Competitive Advantage) • Personal Investment (Retirement, Succession Planning) Determine which risks you can control and mitigate and those you cannot!
    29. 29. Drive ROI from Your Readiness Plan • Leverage to Drive New Business , Competitive Advantage & Enhanced Reputation • Share Your Plan with Insurance Providers, Lenders, and Potential Shareholders for Improved Terms and Market Access • Cloud Technologies Presents a Unique SWOT • Improve Operational Understanding & Efficiency - Best Practices • Embrace New Technologies but Extend Your Preparations Beyond the Server Room
    30. 30. What Choices Do You Have To GetReady?You can find templates on the Internet $0 to $1,000You can buy a software package Starting at $30,000You can hire someone Starting at $100,000/yearYou can hire expensive consultants Starting at $50,000 30
    31. 31. About Modular DPSWho We Partner With? Modular DPS has carefully chosen to work with industry leading organizations who bring innovative and dynamic services and solutions to market. The ReadySmith Advisers Limited. organization has been a long standing partnership spanning more than 6 years and several organizations. They bring unparalleled capabilities and experience to address this critical business planning requirement. 31
    32. 32.  Email: danny.deganis@modulardps.com Skype: danny.deganis1 Office: (905) 813-7777 Check out our web site at www.modulardps.com Thank You 32
    33. 33. Scott Ashley, BCP/EM practitioner at Get Ready EmergencyTraining Inc. Twenty-five years experience in emergencymanagement in Canada & US.get-ready.caCarlos Paz-Soldan, Founder & CEO at Tenet ComputerGroup Inc.Emergency Planning , BCP and DR planning@Tenet_comDanny Deganis, Co-founder & COO at Modular Data ProtectionServices Inc. Enables organizations to Plug in Cloud Services.modulardps.comMauro Lollo, is a recognized technology business leader andtechnical futurist. Former cofounder and CTO of Unis Lumin.@maurololloSylvain Rollin – President, ERMS CorporationProvider of a comprehensive and enterprise-class emergency andincident mass notification system.@ERMSCorporation
    34. 34. G2KYM
    35. 35. Meetup 30Javelin Realityhttp://www.youtube.com/watch?v=h_fKj7Lyx4o Meetup 31 Events on Hand http://www.youtube.com/watch?v=v5K3BYvPZqEMeetup 32ERMScorporation.comhttp://www.youtube.com/watch?v=cqa0C1Yxues
    36. 36. Mark Your Calendars
    37. 37. Next Meetup – Oct 9 Windows 8Bit.ly/shmeetup36
    38. 38. November Meetup – Nov 13 Pitch Night with Preceding HalTech Pitch Camp Workshops in OctoberBit.ly/shmeetup37
    39. 39. Open Floor

    ×