Data protection for manufacturers is not easy. With increased cyber-attacks, regulation changes, shrinking budgets, and a complicated political cross-border environment – data protection can feel like just another burden on the IT team.

Today’s growing manufacturing organizations face IT challenges that include increasing costs, evolving business requirements and aging technology. Finding new solutions focusing on ensuring the right processes and technology are in place are important to the growth of many manufacturing organizations. With these in place, attention can be turned to the important business of innovation and attracting/retaining top talent.


A manufacturer becomes much more agile through finding solutions that not only improve process but also bring together all the information needed to develop new products faster.  They also want to get them through the supply chain and on to the customer more quickly and cost-effectively.

With malicious insiders, external hackers and natural disasters on the rise, manufacturers must be proactive in protecting their data to avoid losing their competitive edge and credibility in the marketplace.

For many IT departments, dealing with sensitive information and increased regulation around how the data is used and stored has created increased pressure.  With structured and unstructured data – like CAD files, source code, business processes, proprietary systems and formulas being the most valuable intellectual property for manufacturers, finding systems to identify sensitive data is key to protect organizations before a disaster happens.  But for many manufacturers, the solutions are not cost-effective and don’t integrate well with legacy systems.


While finding new solutions can be hard for IT teams, the need to keep production running during an upgrade, paired with the uncertainty of what happens when you mix old and new systems together can be daunting.

The reality is that a large proportion of manufacturing organizations have some sort of legacy system to maintain. Machines of various vintages and conditions, a Manufacturing Execution System, or an aging AS/400 can create more complexity and the need for comprehensive heterogeneous options as departments try to implement new solutions.


In the past, manufacturers simply had to pass an occasional audit if regulations were in place. With increased data breaches and the government taking a regulated stance on cybersecurity, manufacturing organizations have had to increase education and implement new regulations and standards that they are required to follow.

With the implementation of GDPR, many organizations are having to find new ways to protect customer data along the supply chain but understanding how the data is used and processed can be complicated.


The EU General Data Protection Regulation (GDPR) was created to strengthen how organizations handle the valuable personal data they are responsible for, whether they collect and process the data or contract a third party. Below are seven tips to help you get started.

Communicate – Before collecting personal data, explain what data you’re collecting, how you’ll use it, where it will be housed and who it may be disclosed to. If there is a breach, ensure you have a process to let people know within the 72-hour window.

Know what personal data means – GDPR protects people’s personal data. Take extra care of data regarding address, race or ethnicity, age, marital status, political opinions, religion (beliefs or non-beliefs), physical or mental health (including disability), sexual orientation etc.

Uphold individuals’ rights – Individuals are entitled to see what personal data you hold, where and how it is being used. They can also request to be forgotten which means you only have a short period of time to remove their information. Ensure your data is easily found and erasable – even when archived.

Data minimization – Don’t keep personal data for longer than is necessary; make sure that personal data is destroyed securely and in full.

Store information securely – Create new company protocols to increase data security. Use strong passwords and encrypt all personal data held on portable devices (such as laptops, memory sticks, and tablets).

Education – Ensure all employees understand the importance of keeping data safe and secure and what the processes are in regards to sharing and communicating data.


IT departments looking for technology to support new solutions while navigating legacy systems have found that cloud computing offers some compelling options. Depending on your needs, cloud hosting can help you keep costs down by decreasing your IT spend while providing a more flexible, agile and scalable option.

Cloud services also help to share data securely across platforms and with all partners, contractors, and suppliers while complying with strict regulations. The right service can provide organizations with a detailed audit trail to support demonstrating compliance in minutes.

It’s also important to understand when data is at risk. With ever-more sophisticated hackers going after important data, cloud technology can increase visibility. Utilizing data cloud services provides an easy, flexible and safe way to control, detect and respond to threats – both insider and outsider.

Although cloud and data protection technologies cannot solve all of the manufacturer challenges, they can contribute to innovative solutions that deliver the right goods to the right place at the right time—as quickly, reliably, cost-effectively, and secure as possible.


At Storagepipe, we do the work so you can get back to business. Our data protection and disaster recovery services provide the safe, secure and flexible controls to protect your structured and unstructured data against insider and outsider threats. With Storagepipe, rest assured your data is secured wherever it resides and wherever it is shared – across networks, storage, endpoints or in the cloud – across any operating environment.

Don’t let any disaster or data loss interrupt your business – talk to a Storagepipe expert today.

With the adoption of GDPR and the Canadian government providing regulatory support in combatting the threat of personal data protection, it’s a chance for organizations – both big and small – to create their own cybersecurity plan.

What can companies do to recognize and combat cybercrime and improve their cyber-education? Here are some tips and best practices that will help you and your company recognize cybercrime and combat the threats.

  1. Keep your team educated on cyber-awareness

Education and cyber-awareness is the best defense. Management and employees should be trained to understand IT governance issues and control solutions as well as recognize concerns, understand their relevance and respond accordingly. Firms should also invest in cybersecurity education programs for employees to learn how to protect their computer and personal information and how to be aware of the many hacktivists and cyber-criminals that scour the Web in search of targets and vulnerabilities.

  1. Collect and analyze security logs for suspicious or abnormal activities

Your IT team should be actively conducting security investigations, regular audits, log reviews, and easy monitoring.  Any seriously suspicious behaviour or critical events must generate an alert that is collected and analyzed on a regular basis.

  1. Keep systems and applications patched and up-to-date

Hackers, along with malicious programs or viruses, find vulnerabilities in software that they exploit to access your computer, smartphone or tablet. Installing updates fixes these vulnerabilities and helps keep you secure.

  1. Use strong passwords and keep privileged accounts protected

Reduce the risk of attacks using compromised privileged account credentials. Create an inventory of accounts, applying change management policies to passwords, and store passwords securely.

  1. Ensure strong encryption

Encryption keeps you safe. As the last and strongest line of defense in a multilayered data security strategy, encryption is used to safeguard customer data and help you maintain control over it. Encrypting your information makes it unreadable to unauthorized persons, even if they break through your firewalls, infiltrate your network, get physical access to your devices, or bypass the permissions on your local machine. Encryption transforms data so that only someone with the decryption key can access it.

  1. Third Party Management

Financial institutions should work with vendors to find tools that fit their requirements without the need to hire more IT personnel. Advanced data protection solutions can help to reduce the strain placed on the IT team and the security operations centre while keeping an organization’s sensitive information safely under lock and key.

We can help!

In the financial services industry, downtime can be detrimental to your reputation and businesses operations. Storagepipe’s backup and disaster recovery solutions can help. Our solutions seamlessly address your backup, recovery, compliance, security and archival requirements.

With many major financial institutions including credit unions, insurance, and financial services firms as clients, let us provide you with total peace of mind that your data is securely protected. Start your Storagepipe experience today.

Click here to read Part 1 and Part 2 of our series: Financial Services: Maintain control of your data in the face of an attack

In part one of our Financial Services series Maintain Control of your Data in the Face of an Attack, we discussed the different types of security threats you may face. In part two we will review the regulatory changes the GPDR has created for financial services firms and how the Canadian Government has responded to growing cybersecurity concerns.

General Data Protection Regulation (GDPR)

On May 25th, 2018, the GDPR came into effect providing EU residents with more control over how their personal data is used and stored. This new regulation has set the stage for companies across the globe to review their own data protection regulations.

Is the GDPR relevant for non-EU Financial Services firms?

For the financial services industry, the GDPR is very relevant to the client base. Major banks and financial services providers deal with the EU for various purposes, such as facilitating foreign direct investment, managing local investors and managing transactions between EU citizens/businesses and their counterparts. In each of these cases, the personal data of EU citizens is being collected and processed by a non-EU financial services provider

Data Breach

From a GDPR perspective, personal data breaches must be notified to the relevant supervisory authority no later than 72 hours after the data controller becomes aware of the breach. The Regulation distinguishes between the services being offered by the organization, meaning, essential services such as financial service providers must report cybersecurity breaches to the relevant authority at a national level (Article 33).

Want to understand the rules of GDPR? Click here to download our GDPR white papers.

GDPR also provides guidance on how to handle data breaches. For example, an infection by ransomware could lead to a temporary loss of accessibility if the data can even be restored from a data backup. However, a network intrusion still occurred, and notification could be required if the incident is qualified as a confidentiality breach (i.e. personal data is accessed by the attacker) and this presents a risk to the rights and freedoms of individuals.

If you’re in the process of aligning your financial services firm with the GDPR, especially in terms of data collection, storage and management, contact us for support with GDPR compliance across your systems.

Canadian National Security Concern

Recently, BMO and CIBC-owned Simplii, were both hit by a hacker who threatened to release 90,000 Canadians account information. Although the cause of the attack has not yet been released, it has raised several questions regarding server security and third-party contracts. If two of the largest banks in Canada were hit, how will small to midsized businesses stay attack free?

For this reason, the Canadian Federal Government is rolling out a new cybersecurity strategy designed to better protect the country and its citizens from the growing threat of online attacks and crime. The plan, $500 million over five years, includes a range of initiatives aimed at the public as well as businesses.

“Small and medium-sized Canadian businesses are the backbone of our economy but are also the most vulnerable.” Commented Byron Holland, president and CEO of the Canadian Internet Registration Authority. “Providing these businesses with cybersecurity strategies and resources is essential to holding back the tide of cyber threats.”

We can help!

In the financial services industry, downtime can be detrimental to your reputation and businesses operations. Storagepipe’s backup and disaster recovery solutions can help. Our solutions seamlessly address your backup, recovery, compliance, security and archival requirements.

With many major financial institutions including credit unions, insurance, and financial services firms as clients, let us provide you with total peace of mind that your data is securely protected. Start your Storagepipe experience today.

Sources include:

The financial services industry is a routine target for cybercriminals, more so than any other industry. From ransomware to phishing attacks, the first half of 2018 has seen a surge in cybersecurity activity with a significant breach in two of the largest Canadian banks. Cyberattacks may be unavoidable but, in an industry as crucial as financial services, firms must constantly be improving security efforts and ensure employees are armed with the best solutions to instantly respond in the event of the breach before important information is lost.

In part one of this series, we will discuss the different types of security threats you may face.  In part two, we’ll review the compliance and regulatory issues you may face when dealing with cybersecurity. Finally, in part three, we will learn the six steps to avoid cybersecurity risks.

What Are the Most Common IT Security Threats?

  1. Ransomware – Hackers sneak into computers and restrict the access to your system and files. Then they ask for a payment in exchange for regaining access to your system.
  2. Malware Infections – This is the common name given to several security threats that infiltrate and damage your computer.
  3. Pharming – Its objective is to convince you to visit a malicious and illegitimate website by redirecting the legitimate URL.
  4. Phishing – It consists of fake emails or messages that look exactly like emails from legitimate companies. You are deluded into thinking it’s the legitimate company and you may enter your personal and financial information.
  5. Computer Worm – A worm works on its own, lives in your computer, and propagates by sending itself to other computers.
  6. Spam – Spam occurs when you receive several unsolicited emails that will phish for your information by tricking you into following links.
  7. Distributed Denial-of-Service Attack – The attack strategy is to contact a specific website or server over and over again. It increases the volume of traffic and shuts down the website/server. The malicious user usually uses a network of zombie computers.
  8. Network of Zombie Computers – The malicious user takes control of several computers and controls them remotely.

Want to learn how to stop Ransomware and Malware Infections?
Learn how in our blogs.

Let Storagepipe help: 

In the financial services industry, downtime can be detrimental to your reputation and businesses operations. Storagepipe’s backup and disaster recovery solutions can help. Our solutions seamlessly address your backup and recovery, disaster recoverycompliance, security and archival requirements.

With many major financial institutions including credit unions, insurance, and financial services firms as clients, let us provide you with total peace of mind that your data is securely protected. Start your Storagepipe experience today.

When I was a young boy, I saw a sign on our street that said “free puppies”, with an adorable picture. Excited, I went to see my father and said “daddy daddy”, the puppies are free. Can I have one, pleeeeas?

My father reminded me that a puppy is a lot of responsibility. It’s not the cost of the puppy that matters. I also have to factor in things like food, vet bills, and the time and effort I would spend raising this pet.

This reminds me a lot of the current trend towards the commoditization of IT.

At an accelerating pace, business technology is becoming more accessible. And although this has done a great deal to make sophisticated IT systems easier to implement and manage, this convenience also brings its own challenges.

Today, many best-of-breed disaster recovery solutions are inexpensive and contain exciting, powerful and easy-to-use features. But you can’t just think of software licenses when evaluating disaster recovery solutions. You also have to factor in things like hardware, datacenter space, professional services, capital expenditures, vendor lock-in, lost productivity, security issues, and management overhead.

When you take all of the costs and hassles into consideration, the total cost of implementing and managing your own disaster recovery system can be much higher than the price of the price.

Also, the free puppy might be lacking some essential capabilities. Maybe it’s too friendly to guard your house, or maybe it can’t catch a frisbee. This is time and effort that you’ll need to invest in training.

Likewise, as your needs evolve, you’ll often find that there are some capabilities lacking in your DR plan. You’ll need to invest heavily in upgrades and training.

Do-it-yourself disaster recovery is a bit like a free puppy. It comes with lots of responsibility. If you’d like more peace of mind around your data protection, consider working with a backup and disaster recovery provider that can take on all of these responsibilities for you while providing you with all the benefits.

GDPR, a set of new rules for data collection and storage, took effect on May 25th, 2018. The purpose of the regulation is to provide individuals with more control over their own data and communicate how that data is collected, stored, processed and used – no matter the location.

For the first time, monetary sanctions of up to 4% of global annual turnover will apply to breaches of the regulation. It also includes additional measures to protect the personal data of EU citizens.

At Storagepipe, we understand the value of data to your organization and the serious implications of a data breach. Download our white papers now to learn about GDPR compliance and how we can help.

Imagine that 3 people want to each open a sandwich shop. One man is a butcher, another is a farmer, and the third is a baker.

The butcher is an expert with meats. The farmer is an expert with produce. And the baker is an expert at making bread. Each is the master of their specific domain.

Of course, each of these could learn the other’s trades. With a bit of effort, the butcher could learn to grow vegetables and make his own bread. But this would not be the best use of his talents. If all three shops operated this way, they would all be overworked and under-productive.

Instead, it would make more sense for all three of these experts to focus on their strengths, and team up with other experts to make up where they lack.

• The butcher could produce all the meats for everyone.
• The farmer could supply all the produce.
• And the baker could supply all of the bread.

By creating partnering up and relying on each other’s comparative advantages, all three businesses could collectively operate much more efficiently and profitably. When there’s synergy, everyone wins!

Most IT managers are fast learners with versatile skill sets. However, there are some projects and capabilities that might provide more business value than others or be better-aligned with their specific talents.

According to the theory of comparative advantage, the key to maximizing your effectiveness as an IT leader is to focus exclusively on those high-value activities that are best-aligned with your talents. Any other work should be outsourced or delegated.

For example, if your strengths are best-aligned around things such as infrastructure management, then it might make sense to outsource non-core activities such as backup and disaster recovery to a trusted partner that specializes in this domain.

By focusing on your comparative advantage, you can be more productive, free up more time, and achieve total peace of mind.

What would happen if the fire alarm in your office went off at this very moment? Would there be a mad rush for the doors, or would most people just ignore it and keep working until they smelled smoke?

As indicated by the Institute for Research in Construction, only about 25% of occupants react to fire alarms as if they were potential indicators of a real emergency. Instead, most people assume that the alarm is merely a drill.

In other words, fire drills DECREASE the life-saving effectiveness of fire alarms.

Here’s another example to consider.

In 2010, an 89-year-old patient died of heart failure at Massachusetts General Hospital. For 20 minutes, a series of alarms, beeps, and messages had been sending urgent warnings to the hospital staff. It was so distracting that an employee had to manually shut off the crisis alarm on the patient’s bedside monitor. Instead of taking appropriate action, these signals were ignored entirely.

These nurses weren’t evil or cold-blooded. Instead, they had become desensitized by years of constant false-alarms from oversensitive and malfunctioning medical devices. When an actual crisis was detected, everyone assumed it was simply a false alarm.

This phenomenon is called “Alarm Fatigue”, and it can easily lead to accidental data loss and failure of critical business systems.

As an IT administrator, you are constantly juggling priorities, multi-tasking and keeping up with unplanned work. Alarms are constantly going off; also, your job is to choose which fires are generally imperative.

In most cases, if you miss a legitimate alarm, the outcomes are generally minor. But there’s one area where the results can be very severe.

Compared to other conflicting responsibilities, backup and disaster recovery rarely feel like an urgent priority. But when they do become a priority, it’s usually too late to do anything about it.

To be an active IT leader, and respond more efficiently, you need to manage your signal-to-noise ration. Before you’re notified of an alarm, it helps to have someone that will verify and triage for you. You should only be notified of actual emergencies that require your immediate attention.

Specialization and delegation are an effective way to deal with alarm fatigue. When you delegate backup to a specialist, you can eliminate all of the distractions and conflicting priorities that might lead to alarm fatigue. Instead, you establish a consistent, repetitive process where every potential problem is proactively investigated and fixed. At that point, you can execute additional layers of auditing and monitoring to get any issues that might fall through the cracks.

By making this a dedicated and focused role within your IT function, you can significantly reduce the chances of alarm fatigue creeping into your backup and disaster recovery process.

Of course, this might not be a feasible option for most organizations. If you can’t afford to have a dedicated internal data protection and business continuity team, then outsourcing your backups to a dedicated provider can give you the same benefits as a fraction of the cost.

By outsourcing your data protection and business continuity to a specialized service provider, you can guarantee exhaustive protection and total peace of mind.

In 1992, the Royal Majesty cruise ship ran aground because of an electrical problem with their GPS system. Despite the fact that it should have been clear to any experienced crewmember that the ship had been veering off-course, most simply assumed that the GPS system would correct itself or someone else would take on the responsibility of fixing the problem.

Humans have a bias to trust computers over humans. And this bias grows over time, as computers continue to prove their accuracy and trustworthiness. When a human operator notices something wrong with an automated system, they are often likely to disregard reality and go with what the computer is saying.

This is an excellent example of the “Automation Paradox”.

As automation becomes more effective, the role of the human operator turns out to be more vital. In the same way that automation can create exponential benefits and efficiencies, it can also scale out the harm caused by human error and poor implementation.

In the early days of computing, mainframes were very expensive and difficult to use. Administrators took great care in their maintenance & implementation, and hacking was very unlikely. The process of provisioning a new machine could take months and required approval from many different departments. If these mainframes ever crashed, the company could still maintain some level of operations through their paper-based processes.

Today, virtualization makes it easy to launch new servers with default security settings quickly. IT departments must deal with virtualization sprawl, shadow IT, and employees working on unauthorized systems. Provisioning has become so easy that IT administrators are struggling to prevent new systems from getting added to the network. And as a result, tolerances for data loss, security breaches, and unplanned downtime have virtually dropped to zero.

A day in the life of the average IT manager often resembles the broom scene from Disney’s Fantasia.

Thankfully, the tools have also improved. Today’s IT administrators have access to backup and disaster recovery systems that are both – potent and elementary to use. But the automation paradox also applies to backup and disaster recovery systems.

If you can protect all of your virtualized systems from a single application, that’s great. But this also means that human error has the potential to cause much more damage. As your data protection and business continuity tools become more powerful, you likewise have a duty to be extra-cautious with their management, monitoring, and implementation.

This is why we recommend delegating your data protection and business continuity to a dedicated specialist that exclusively does this kind of work, and nothing else. When you outsource your backup and disaster recovery to a specialist, you know that this work is being done by dedicated experts who have the training, experience, and resources to ensure that your systems are always protected.
When disaster strikes, you can take comfort in the fact that these specialists perform real-world recoveries every day. They know how to take care of business right, inevitably, without fail.

You need the best automation tools. But they have to be managed by the best-trained and most skilled technicians. The more efficient the automation, the more crucial the role of the human operator. If you want total peace of mind, make sure that you have the best people implementing, managing and monitoring your backups.

Imagine the following scenario:

  • You’re the IT administrator for your company.
  • To eliminate human error and physical media failure, you’ve implemented a fully-automated network backup solution that creates redundant backup copies across multiple physical sites.
  • You’re following the greater part of the best practices. In any case, at that point something terrible happens.
  • One of your trusted internal systems gets hacked, and this system becomes a gateway for the hacker to install malware on all of your production servers. You log in to assess the situation but are met with a ransom note stating that you must pay $10,000 in Bitcoin to decrypt your files.
  • You check your other copies but find that your backup servers have also been compromised. Despite your best backup plans, all of your data is gone.
  • Reluctantly, you pay the fine. But instead of the decryption key, the blackmailers now demand another $50,000. What would you do?

Ransomware has become a nightmarish epidemic that’s wreaking havoc on the IT industry.

Today’s ransomware attacks have evolved in sophistication to become incredibly aggressive, destructive and resilient. Worst of all, Bitcoin and other cryptocurrencies have become a practical and anonymous means for criminals to extort money from helpless victims.

How can you protect yourself? One solution might be to augment your existing backup and disaster recovery plan with additional precautionary Air-Gap backup copies.

With Air-Gap backups, copies of your data are kept completely isolated… physically disconnected from any networks. Thusly, they’re protected from even the most forceful hackers.

Of course, as you adapt your tactics to threats, the threats will continue adapting to your tactics. It’s a constant war to protect your company’s most valuable assets.

That’s why you need to surround yourself with the most highly-trained, well-equipped and experienced experts you can find. By allowing Storagepipe to assist in your backup and disaster recovery plan, you’ll have more peace of mind when facing potential future ransomware attacks.