Most organizations know the risk of security attacks and hence they usually have a IT disaster recovery (DR) plan to protect their businesses. Chances are, you are also following a DR plan for the safety of your business. How would you recognise that your DR plan is robust that it will stand a deadly ransomware attack?
Do you recall the Brisbane, BEC Scam 2016 where scammers targeted the Brisbane city council through series of fake invoices? In this scam, the city council lost close to $450,000. This is a clear case of a disaster that happened in terms of cyber-attacks. Business organisations should stay vigilant at all times. A strong DR plan is always recommended for businesses to prevent their data from any kind of security breach.
With over a decade of experience in handling Cloud and network security, I have seen a large number of disaster recovery plans falling flat. To check the reliability of your IT disaster recovery (DR) plan, first you need to examine your DR plan on some aspects that I have shared below in this article. Further, you need to check when the DR plan was last updated and tested? Is your DR plan following the latest security tools and technologies?
Check out these top 5 things your IT disaster recovery plan should include:
- Think Through All Potential Threats and Possible Reactions: According to Phil Goodwin, research director of data protection; a good DR plan should consider the complete spectrum of “potential interrupters” to your business. Along with that, it must spell out the recovery plan for each scenario. Unfortunately, cyber-attacks are becoming “a more likely scenario” in Australia. So, plan accordingly and give precedence over natural disruptors but make a provision for every disaster type like BEC scams. List out the priority clearly in your DR plan for every scam type like cyber attacks, natural disasters etc.
- Business Impact Analysis (BIA):BIA is something that identifies and evaluates the potential effects of natural and man-made events on business operations. According to Mark Testoni, president and CEO, SAP National Security Services, each organisation should put all major information through a business impact analysis. BIA helps to establish priorities for disaster recovery, business continuity, and operations continuity plans.
- People and Updates: Most of the organisations focus more on technology and less on people and process. It is equally important to get responsive behaviour from the user community. Always include the critical personnel’s: mail, cell and home numbers in your DR plan. As it is based on assumptions, so update it timely based on the latest security tools and process.
- Priority: Think out your priorities. “Not everything in your business is worth saving or needs to be protected”, according to Iannerelli. For example, your house is on fire. What will you grab at the time of running out of the door? Similarly, point out the important assets of your business.
- Regular Practice Drills: Getting a well-structured DR plan is not enough. It should be regularly tested under expert supervision. If not regularly drilled then there is no use of DR plan as it may be ineffective.Hopefully, you’ve made notes of the points you need to check in your current disaster recovery plan. Don’t wait for the disaster to happen! Let your business stand steady in any data breach. I will be happy to do a complimentary analysis of your existing DR plan and offer suggestions to strengthen you plan. You can also drop your query in the comment section for more information on data recovery. Please subscribe to our blog for access to articles and resources around IT Managed services. Stay tuned to our Facebook and LinkedIn pages to get updated with the latest information in the industry.