WhatsApp and Telegram media files aren’t so secure

A security flaw found in WhatsApp and Telegram on Android lets hackers mess with your photos, payments, and voice notes

  • Security firm Symantec has found a vulnerability in WhatsApp and Telegram’s Android apps which could let hackers intercept and alter files sent between users, such as photos, documents, or videos.
  • The security firm refers to the theoretical attack as “Media File Jacking.”
  • Although Symantec made recommendations to the developers to shore up their security, WhatsApp said the suggested changes would “create privacy complications” and “limit how photos and files could be shared.”

While they’re known for strongly encrypting messages in transit, apps like WhatsApp and Telegram may not always be able to keep files safe after they’re on your phone. Today, researchers from Symantec explain how hackers could use a malicious app to subtly alter media files sent through the services.

Security firm Symantec says it has found a security flaw in the Android apps for WhatsApp and Telegram, which could allow hackers to “manipulate” files transferred between users.

WHATSAPP STORES MEDIA THROUGH EXTERNAL STORAGE

On Android, apps can choose to save media, like images and audio files, through either internal storage that’s only accessible through the app, or external storage which is more widely available to other apps. WhatsApp, by default, stores media through external storage, and Telegram does so when the app’s “Save to Gallery” feature is enabled.

According to the researchers, the design means malware with external storage access could be used to access WhatsApp and Telegram media files, maybe even before the user sees them. If a user downloads a malicious app, for example, and then receives a photo on WhatsApp, a hacker could manipulate the image without the receiver ever noticing. A hacker could theoretically alter an outgoing multimedia message as well.

The researchers call the attack “Media File Jacking.” In many ways, it’s a known issue, and a trade-off between privacy and accessibility for messaging apps on Android. By using the external storage setting, which is widely used, apps are more compatible with others, allowing pictures and other data to move more freely. But that comes with a cost: last year, researchers pointed out similar issues.

Telegram did not immediately respond to a request for comment. A WhatsApp spokesperson said changing its storage system would limit the service’s ability to share media files, and even introduce new privacy issues. “WhatsApp has looked closely at this issue and it’s similar to previous questions about mobile device storage impacting the app ecosystem,” the spokesperson said in a statement. “WhatsApp follows current best practices provided by operating systems for media storage and looks forward to providing updates in line with Android’s ongoing development.”

Still, these aren’t just any messaging apps. As the researchers point out, users generally trust encrypted apps “to protect the integrity of both the identity of the sender and the message content itself.”

“However,” the researchers write, “as we’ve mentioned in the past, no code is immune to security vulnerabilities.”

Devices in Singapore were hit by malware which secretly replaces apps with malicious versions

A dangerous new mobile malware named after The Matrix’s main villain has infiltrated more than 25 million Android devices around the world – and more than 6,000 in Singapore, a report has revealed.

On Thursday (July 11), cybersecurity software company Check Point Software Technologies’ research arm (Check Point Research) said in a news release that the malware – dubbed “Agent Smith” – automatically replaces installed apps with “malicious” versions without the user’s knowledge.

The dubious software stealthily does this by disguising itself as a Google-related app and exploiting known Android operating system vulnerabilities.

Google Play Store apps which were reportedly found to be affected by Agent Smith malware.
Check Point Research

Singapore least affected in SEA, India worst-hit globally

Nearly one million devices in Southeast Asia fell victim to the trickery and were “quietly” infected, according to Check Point Research. Although 6,257 devices in Singapore were found to be hit with Agent Smith, this statistic was far from the worst.

Indonesia, which was the most affected country in the region, had 572,025 devices affected by the malware while India had more than 15 million infected devices and over 2 billion infection events – the highest in the world.

The top 10 countries with the most number of Agent Smith infections.
Check Point Research

Other Southeast Asian countries that were affected include The Philippines (226,701), Malaysia (55,647), Thailand (52,848) and Vietnam (32,916). Singapore was observed to have the least number of attacks in the region.

What does Agent Smith do?

Check Point Research noted that Agent Smith currently uses “broad access” to the devices’ resources to display fraudulent advertisements for financial gain. However, the team said the software “could easily be used for far more intrusive and harmful purposes”, such as stealing banking credentials and eavesdropping.

Agent Smith’s flow of attack as portrayed by Check Point Research.
Check Point Research

It added that the activity resembles previous malware campaigns like Gooligan, Hummingbad and CopyCat.

Check Point Software Technologies’ head of mobile threat detection research, Jonathan Shimonovich, said: “The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own.

He added that the best protection against invasive mobile malware attacks from the likes of Agent Smith would be to combine advanced threat prevention and threat intelligence while adopting a “hygiene first” approach to safeguard digital assets.

Users are also advised to only perform downloads on trusted app stores to lower their exposure to infection as third party stores would typically lack the necessary security measures to block adware-loaded apps, Shimonovich said.

Indiscriminate infections

According to Check Point Research’s online blog, Agent Smith started proliferating through widely-used third party app store “9Apps”, and targeted mainly Hindi, Arabic, Russian and Indonesian speaking users.

Although primary victims were observed to be mostly based in India (59 per cent), the research team said that unlike previously seen malware campaigns that did not involve Google Play and affected mostly developing countries, Agent Smith had a “significant impact” on developed nations – where Google Play is “readily available” – as well.

These include the US which saw approximately 303,000 infections, Saudi Arabia (245,000), Australia (141,000) and the UK (137,000).

A world infection heat map showing the hotspots of Agent Smith attacks. The most number of infections were observed in India.
Check Point Research

Check Point added that it has submitted data to Google and law enforcement units to facilitate further investigation. At the time of publishing the report, no malicious apps were found to remain on the Google Play Store, it said.

Laptop Infected With 6 of History’s Most Dangerous Viruses Sold For $1.3 Million

  • A laptop that’s utterly infested with six of the worst computer viruses and malware known to man was sold at auction for $1.345 million on Monday.
  • The types of viruses on the laptop are said to have caused $95 billion in financial damages worldwide.
  • The laptop has had its internet connectivity and ports disabled, which hopefully means the malware within has no way to spread…hopefully.

A 2008 Samsung NC10 laptop running Windows XP just sold at auction for a whopping $1.345 million.

Although the 11-year-old machine may have nostalgic value to some, what makes this one so special (and expensive) is that it comes with live specimens of six of the most dangerous computer viruses in existence.

In a livestream on Twitch, the laptop can be seen turned on and running the viruses and malware. But the laptop wasn’t sold as a cyber weapon on a darkweb black market. It was sold as art.

The virus-infected laptop is an art installation called “The Persistence of Chaos” by artist Guo O Dong.

persistence of chaos malware laptop

According to a website promoting the piece, Dong is a “contemporary internet artist whose work critiques modern day extremely-online culture. The Persistence of Chaos was created as a collaboration between the artist and cybersecurity company Deep Instinct, which provided the malware and technical expertise to execute the work in a safe environment.”

Dong said the viruses in the laptop have caused $95 billion in financial damages. It’s unlikely that the laptop itself was the cause of the $95 billion in damages. It’s more likely that the viruses it contains are the same that are known to have caused damages worldwide.

“The sale of malware for operational purposes is illegal in the United States”

Dong’s laptop is “airgapped,” which means its ability to connect to the internet has been disabled. Its ports have also been disabled, so USB sticks can’t be used to transfer its threats.

The terms of the auction also state that “The sale of malware for operational purposes is illegal in the United States. As a buyer you recognize that this work represents a potential security hazard. By submitting a bid you agree and acknowledge that you’re purchasing this work as a piece of art or for academic reasons, and have no intention of disseminating any malware.”

Of course, anyone with an intermediate knowledge of computers would have no trouble figuring out a way to extract the viruses from the hard drive, despite the fact that the laptop itself is airgapped.

The details of the auction, including the selling price, were reported by Dong himself on his website. So it’s worth taking the claims with a grain of salt until the sale can be verified. Deep Instinct, the firm that Dong partnered with, did not immediately return a request for comment.

The buyer of The Persistence of Chaos is anonymous. Here’s hoping Dong’s dangerous art didn’t fall into the wrong hands.

 

Check out the infamous computer viruses running on the most dangerous laptop in the world:

Malware:

ILOVEYOU

The ILOVEYOU virus, distributed via email and file sharing, affected 500,000+ systems and caused $15B in damages total, with $5.5B in damages being caused in the first week.

MyDoom

MyDoom, potentially commissioned by Russian e-mail spammers, was one of the fastest spreading worms. It’s projected that this virus caused $38B in damages.

SoBig

SoBig was a worm and trojan that circulated through emails as viral spam. This piece of malware could copy files, email itself to others, and could damage computer software/hardware. This piece of malware caused $37B in damages and affected hundreds of thousands of PCs.

WannaCry

WannaCry was an extremely virulent ransomware cryptoworm that also set up backdoors on systems. The attack affected 200,000+ computers across 150 countries, and caused the NHS $100M in damages with further totals accumulating close to $4B.

DarkTequila

A sophisticated and evasive piece of malware that targeted users mainly in Latin America, DarkTequila stole bank credentials and corporate data even while offline. DarkTequila costed millions in damages across many users.

BlackEnergy

BlackEnergy 2 uses sophisticated rootkit/process-injection techniques, robust encryption, and a modular architecture known as a “dropper”. BlackEnergy was used in a cyberattack that prompted a large-scale blackout in Ukraine in December 2015.

Google kept unencrypted, plaintext copies of some G suite business customer passwords on its servers for more than ten years

  • Google accidentally kept un-encrypted user passwords belonging to its enterprise customers on its internal servers for a period of more than a decade, the company revealed in a corporate blog post on Tuesday.
  • “We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” Suzanne Frey, Google Cloud VP of Engineering wrote.
  • The implementation error causing the issue happened 2005 and according to TechCrunch, wasn’t discovered until April of this year.
  • Google did not estimate how many user accounts were impacted, nor did the company answer Business Insider’s question regarding the number of improperly stored passwords.
  • The company said “we have seen no evidence of improper access to or misuse of the affected passwords.”

An undisclosed number of Google enterprise users have had their passwords stored in plaintext on the tech giant’s internal systems for over a decade, according to a corporate blog post on Tuesday.

“We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” Suzanne Frey, Google Cloud VP of Engineering wrote.

Google said the issue stemmed from giving account administrators – for instance, a company’s head of IT – the ability to manually set passwords for employees – say, on an someone’s first day. But back in 2005, an error was made, Google said, and the admin portal ended up storing unhashed copies of passwords on the tech giant’s encrypted servers. In other words, for the past 14 years, some G Suite users have had their corporate passwords stored in such a way that would have been readable by authorized personnel, like account administrators or certain Google employees.

Google first found the issue this April and said it has since been fixed. In its blog post Tuesday, Google did not estimate how many user accounts were impacted, nor did the company answer Business Insider’s question regarding that number.

This February, Google announced that its G Suite platform – which includes apps like Gmail, Docs, and Hangouts – has over 5 million paying businesses.

“To be clear, these passwords remained in our secure encrypted infrastructure,” Frey wrote. “This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”

Google said G Suite administrators have been notified and that it will update passwords that have not already been changed. It also said that none of its free consumer accounts were included in the mishap.

Cloud Security: Is the Cloud Ready for Your Confidential Data?

Cloud Security: Is the Cloud Ready for Your Confidential Data?

What is Cloud Computing?

You can’t look at any technical section of a newspaper or website these days without reading about “cloud computing.” The term seems to be popping up everywhere. So, what exactly is cloud computing? A simplistic definition is computing on the Internet. It allows users the ability to access everything on the Internet, from software to their stored data, without having to store anything on their actual computer. The user only needs a computer with a web browser in order to access the cloud.

What is So Great About Cloud Computing?

Cloud computing has the potential to allow small businesses or businesses on a budget the ability to have high quality computing at a lower cost. Business owners no longer need to invest in expensive IT equipment or pay an entire IT staff that would normally be required in order to keep a computer system running. Storing data on the cloud would help reduce IT costs while still allowing businesses to grow.

What Security Problems Does Cloud Computing Needs to Address?

Cloud computing is such a new technology that many of the kinks have not even been completely realized much less worked out to a satisfactory level. The Federal Trade Commission (FTC) is looking into what potential security and privacy concerns cloud computing could have for consumers. Some of these concerns are:

  • If you store your valuable business documents on the cloud and the cloud goes down, will it be coming back up with all of your important documents in tact.
  • It is also important to know that the company with whom you are storing your important information is financially stable and will not suddenly disappear taking all of your valuable information with it.
  • Where is your company located and where will your data physically be stored? If your data is stored in another country, is that country required to comply with the same security standards that you would expect from your home country.
  • Who is in charge of storing and managing your data? It is important to know that the people managing your data have the proper security clearance and credentials, and that they are handling it securely and not using it improperly for their own financial gain.
  • How secure is the login? Would hackers be able to easily gain access to your data?
  • Is your data encrypted so that others cannot easily view it?
  • Is the cloud storage company willing to undergo a certification process and willing to comply with certain security standards?

At this point, it is unknown how providers plan to resolve these issues, but whatever the solutions they will be critical to the future of cloud computing. Cloud computing has so much to offer businesses from flexibility to growth potential to tremendous cost savings. If the confidential data stored in the cloud isn’t secure, the only thing cloud computing will be able to offer businesses is a giant headache.

Eight Ways To Keep Your Small Business Secure

Eight Ways To Keep Your Small Business Secure

If you own and operate a small business, lowering costs is an important part of keeping your company in the black. Cutting costs on your IT budget could inadvertently compromise your company’s security. Even though small businesses may not have all of the resources that large corporations do, they are still just as vulnerable to the same security threats. Here are ways to help secure your small business:

Purchase Anti-virus Software

Every computer is vulnerable to the wide variety of viruses, trojans, and worms that are on the Internet. These malicious software programs can do anything from damage your computer and files to steal your password and other important information stored on your computer. Purchase a good anti-virus software program and make sure that it is always up to date. Also, check to see that your anti-virus software checks for spyware, adware, and any other type of malware that could be hiding on your computer.

Avoid Phishing Emails

It is important to discuss with your employees the importance of not opening spam email, attachments or forwards that could possibly contain viruses. Make sure that your email has a filtering system that helps to filter out spam and other malicious email. Responding to phishing emails can be another costly mistake. Phishing emails are disguised as legitimate emails that then request login and password information. Changing passwords monthly can help to lessen the damage should an employee accidentally respond to a phishing email.

Minimize Damage From Dishonest or Disgruntled Employees

It is often difficult to predict if one of your employees will become disgruntled or dishonest, but you can put some safeguards in place to help minimize the damage should you find that you have one. Thoroughly screen your employees before hiring them, especially if they will have access to any confidential or financial company information. Limiting the number of employees that have access to this confidential information and changing your company passwords often can help to prevent former employees from accessing company computers.

Secure Your Wireless Network

Make sure that your wireless router is encrypted, and that your business is using WPA2 wireless security. A firewall is another important key to protecting the security of your small business. A firewall will allow access only to authorized users while blocking unauthorized access to the computer.

Have An Internet Use Policy

Aside from the obvious lack of productivity that personal Internet use can cause for your business, it can often be too easy to click on websites that contain malicious software that could easily infect your company computer and shut your system down temporarily or even permanently.

Avoid Having Everything on One Computer

Purchasing computer equipment is costly, so many small businesses will try to get away with fewer computers in order to save money. If you have your financial information on the same computer that your employees are accessing their company emails, you could risk losing everything that is vital to running your business should an infected email slip through.

Have a Data Backup System

Be sure to have some type of data storage and backup system in place in the event that your current system goes down. Having all of your files readily available to you in case of an emergency can ensure that your business will retain customers and continue to run smoothly no matter what the disaster.

Minimize Damage From Stolen Equipment

It difficult to prevent break-ins or equipment from being stolen from your home or office building, but you can have some security by ensuring that all of the information on your computer is encrypted and password protected.

Trying to scrimp when it comes to your small business’s computer security can be a costly mistake. Arm yourself with the knowledge of what your business could be up against and take steps towards prevention. The investment will give your company the security necessary to keep your information secure

When Is Your Business Ready For Managed Services?

When Is Your Business Ready For Managed Services?

If you are a small business owner and considering whether or not managed services will benefit your company, the answer is almost always- yes. There is little doubt that most small businesses can benefit from managed services, yet that in itself does not always justify the cost of bringing on a third party provider. Accepting that managed services providers can offer solutions to common problems found in small business operation, the real question is when does it make sense to switch from in house IT solutions to the next level which includes managed services.

There is a good chance if you are already considering managed services the time might be near when you are ready to make the switch. Small business owners do not have the luxury of a never ending IT budget, therefore it is very important to recognize when your current IT management is no longer cost effective. For most small businesses this occurs when the business grows to the point of needing either a contract with a local service provider who is “on call” for IT needs or hiring a full time IT person to remain on staff. There is of course another option for small business owners to consider and that is hiring a managed services provider to oversee their IT needs.

If you are still unsure that your business is ready for the switch, ask yourself the following questions;

  • Network or system keep going down, failing on you ?
  • Recurring IT Issues ?
  • Taking a long time to resolve and recover from IT Issues ?
  • Your current IT cant support your company operations ?
  • IT employee issues with retraining or rehiring ?
  • Your IT employee or provider doesnt seem to know what to do ?
  • Dont feel you are getting the value for what you are paying for ?
  • Slow and unresponsive IT Provider ?
  • Your Company failed your IT Audit ?
  • Unable to focus on your company’s core competencies due to ongoing IT issues ?
  • There’s no IT Strategy Plan to achieve your business goals ?

If you answered yes to one or more of the above questions, then your business is ready for managed services.

Now that you have determined managed services are right for your business, the next challenge is finding the right provider of these services. This is a decision that should not be made lightly or rushed as the wrong provider can end up costing your company more money than your current situation. Before you begin the search for a managed services provider you should first consider your IT budget as well as issues or problems you want to be addressed. It is important to remember that managed services are not a one-size-fits-all type of solution to business problems. Each business and industry has their own issues to contend with and a qualified managed services provider will work with you to find the solutions that will benefit your company the most. If a potential provider is more intent on selling you services and not listening to the needs of your business, move on to another provider who is willing to listen to your concerns and offer customized solutions that address these needs. The point of outsourcing your IT management is to save money while freeing up time to focus on other business operations. For this reason it pays to put forth the effort to find the best managed services provider to oversee your technology needs.

Technology Increases Small Business Profitability

Technology Increases Small Business Profitability

During times of economic struggle, most small businesses end up making cuts and changes to keep their businesses in the green. From laying off staff to decreasing business travel, reducing marketing efforts and ending bonuses and raises temporarily – there are a variety of ways small businesses look to cut their expenses. At the same time, they look for ways to increase profitability – especially when operating with reduced staff. Technology becomes even more useful as small businesses strive to increase productivity and efficiency.

There are so many gadgets and technology solutions out there that it can be easy to buy more than you need, or to buy the wrong types of products that just don’t deliver the solutions your business needs. When deciding what types of technologies can help your business reach its goals, here are a few things to look for:

Communications – technology is well known for its capability to improve the ability for people to communicate with one another. Whether you’ve got employees on the road or down the hall, virtual phone systems can route calls to cell phones and keep everyone in touch regardless of location. Instant messaging and email provide quick ways to communicate with the written word and keep documentation of these conversations for future reference. Social media and networking sites provide a way to keep in touch with co-workers, customers, and the competition at a glance.

Data Storage, Warehousing and Search – If you find employees are spending a lot of time looking for certain reports, forms or other data that they need to perform their job responsibilities, investing in network hardware and software to keep track of the whereabouts of your data can be useful.

Telecommuting – many small businesses also find that there isn’t a need for all employees to work in the same office building in order to get their work done. Having employees who telecommute requires the technology to make that happen (a secure network for employees to access data they require to do their job; improved communication systems to receive incoming phone calls at their homes or on their cell phones and the ability to keep in touch with co-workers in different locations). Having employees telecommute can save you from needing a larger office space, which keeps your overhead costs lower, too.

Customer Relationship Management – having some sort of CRM software to help you manage your database of clients and prospects is well worth the investment. Many businesses will tell you the “money is in the list”; meaning the amount of money a company earns is directly proportional to the number of people on their mailing list. Some companies use software like ACT, Goldmine or SalesForce to track their clients and leads. Others have custom-built software developed to handle unique needs that can’t be addressed with existing software.

Technology makes it possible for small business to increase productivity and compete with larger businesses on a smaller budget, thereby increasing profitability. Efficiency and organization is improved through the use of appropriate data storage, search and mining, customers are better managed through customer relationship management systems, and it is possible for money to be saved when employees telecommute from home. Before investing in any new technology, identify the unique needs of your business and determine which technology will best meet your needs.

Making The Switch To Managed Services

Making The Switch To Managed Services

When the time comes to make the switch to managed services, it is important to know what you are looking for from a provider. As most business owners have or are beginning to realize, there are plenty of benefits that can be realized by bringing on a managed services provider to address IT and other needs. In order to get the most from your managed services contract you must carefully compare all potential providers to ensure they are willing and able to provide the services you need to keep your business moving forward in the future. If your managed services provider cannot supply the following three things (at minimum) keep looking until you find a company that addresses these issues.

  • Security- The managed services provider that you choose should work with vendors that guarantee security. This is imperative when trusting an outside party to handle and maintain private and confidential data that is crucial to the running of your business. Service providers should provide detailed proof of security procedures as well as how they intend to keep abreast of changes in the industry.
  • Recovery- Managed services providers are not only contracted to help keep the day-to-day running of your business going smoothly. They are also an important part of any recovery situation that follows a natural or man made disaster. It is important to discuss with potential providers what procedures they have in place to guarantee your downtown will be minimal and that you will be up and running as soon as possible after an emergency. These precious minutes and hours can make or break the recovery of your business.
  • Customer Service- As with any other business, if there is no customer support backing up the products or services, there isn’t much of a commitment from the provider.

Why are these three things important? To understand you must consider the managed services model. Managed services providers are hired by a company to provide any or all of the following services:

  • website hosting
  • network monitoring
  • network security
  • remote data backup
  • recovery services

Originally these services were provided to large corporations while small to medium size companies struggled to maintain an IT budget that was often more expensive then beneficial. Managed services providers charge a flat, or monthly fee, making it possible for smaller businesses to reap the benefits offered at a much lower price than in-house IT staff or outsourcing on an as needed basis.

The managed services platform continues to grow as many businesses look for ways to reduce costs in this tough economy. By offering technological services that might otherwise be beyond the reach of a small business budget, managed services make it possible for smaller businesses to remain competitive with others in their industry. Small business owners must take the time to carefully review and research each provider before signing on the bottom line. A good managed services provider can change the way you do business- in a positive direction, whereas the wrong choice could be a costly mistake that does more harm than good to your business.

5 tips for Creating a business continuity plan for your small business

Is your business prepared for any type of disaster? Even though small businesses may not have as many employees or as much equipment, they are still as vulnerable to disaster as a large corporation. If your business office were to be destroyed by a fire, you could lose valuable business if you don’t plan ahead. Many businesses don’t want to take the time and the expense to prepare a business continuity plan, but can you really afford not to make one?

Make a List of All Possible Disasters

The best place to start is to list different types of disasters and try to determine what could be lost in each case, and what you can do to prevent that loss. In Singapore, we don’t have natural disaster however we still need to prepare for man made disasters such as fire, office flooding etc. Next, try to estimate how long it would take, and how much it would cost, for you to get your business up and running again.

Communication

The middle of a crisis is not the time to frantically search for phone numbers. Even small businesses need emergency contact numbers. Have all emergency contact numbers posted or programmed into every phone. Do you have an alternate mode of communication should your main phone lines shut down? Could your clients seamlessly contact you without ever knowing that your office was in the middle of disaster recovery? The same principal applies to email and fax. Making arrangements regarding communication are critical to keeping your business running smoothly. Communicating with staff and clients can mean the difference between complete shutdown, or minimal a business interruption.

Preserving Your Data

In the event of a disaster, it is important to know that everything you need to function as a business is available. Identify all vital systems, documents, and data. While it is important for every business to back up their data on a regular basis, what if a fire destroyed your office? For this reason, offsite storage is critical to preserving your business’ valuable information. Offsite data storage allows to access to all of your stored data from any computer and from anywhere in the world.

A Temporary Work Site

It is also important to plan for a temporary work site. Depending on the goods or services your business offers, can you continue smooth operation if your office is shut down? Storing products in a second location can allow you to maintain your regular business schedule.

Test Your Plan

One of the keys to successful disaster recovery is testing your business continuity plan on a regular basis. It is important that you and your staff know exactly what to do, where to go, and how to access the necessary items you need to keep your business running smoothly to the outside world, even if you are standing in the middle of a disaster. Schedule regular plan tests to ensure that everyone in your office is on the same page and ready should disaster strike. Hopefully, you will never have to use your business continuity plan, but it is smart business to be prepared for any emergency should one arise.