The security climate has evolved over the past decade; and organisations must adapt to remain secure. While UK businesses are improving at security breach prevention, a recent study by Beaming suggests that four million still risk losing valuable data each year. A reactive mentality – addressing a breach as or after it happens – is not enough to avoid irreparable disaster. Organisations now need to be proactive and operating as if there’s a very real possibility of a cyberattack of technical disaster.
While businesses should not skimp on modern prevention methods, implementing a proactive disaster recovery (DR) plan will reduce downtime and protect against hardware failure and loss as a result of natural disaster. Adapting a business’ security culture can be difficult, so in order to help you develop a proactive plan, we’ve outlined four activities to start with:
Running regular audits of your security inventory and data points will reveal which assets are most critical and what hardware or software infrastructure they rely on. You should also be looking for issues that might affect your external partners and vendors, as weakness here could lead to catastrophe.
To ensure longevity, your DR strategy should cover as many scenarios as possible. It’s useful to categorise breaches into levels of severity and develop contingency and recovery plans for the short, mid and long term. This can be laid out as simply as bullet points, making it easy to review on a regular basis.
For a DR plan to be truly useful, it also needs to be kept public and actively distributed. Share it with all of the relevant stakeholders and employees and be sure that they understand its meaning and purpose. Outline each step of the recovery plan in plain English (or other language if applicable) and list the responsibilities of each relevant party.
It’s useful to adopt a similar approach to a fire drill; test routinely and periodically to trial each process in your DR plan. Make sure everybody knows what to do should a breach occur, so they don’t have to frantically search for guidance.
This applies if you have current disaster recovery technology in place – if you don’t, we can guide you on the most effective and cost-efficient options. If you do have one, here are a few questions to ask as an IT team:
Anti-virus and firewall software are typically evaluated and updated by vendors regularly, but some can get lazy and leave it up to the customers to chase for updates and new features. You should be asking yourself the above four questions on a quarterly basis to ensure your business remains resilient.
If you don’t already invest in one, it may be worth considering a cloud-based solution to increase flexibility and reduce capital investment. Acronis’ Disaster Recovery solution is one example of DRaaS that can get a business back up and running in minutes (sometimes quicker). Automation is available for key disaster recovery scenarios, while a web-based control panel allows for easy fail-testing.
Though it may not be an exciting subject, the ability to prevent or recover well from a security disaster is vital to businesses. While you can’t prevent every disaster, you can at least ensure you have the processes and tools in place to get back online quickly and with minimal short- and long-term damage. Keeping your threat evaluations, plans, training, and software up to date will maintain customer confidence and likely save money in the long run.