Planning for that moment...
Updated: Jun 6
That moment, when you realize your network has been locked up with ransomware. Or your office gets flooded and your computer servers are underwater. These are examples of real-life events that commonly occur every year, and with increasing frequency.
Last month I talked about ‘how much is enough’ security in this day and age of increasing data breaches, ransomware and other nefarious cybercrime events. We discussed the hidden costs of being a victim of a ransomware or data loss event and the enormous costs in financial, reputation, productivity and recovery, PLUS legal fees and potential litigation expenses.
If that got your attention, then you are hopefully starting to develop a plan to prevent, and what to do if one of these cybercrime events hits you. This plan and the accompanying technologies are key to what is commonly referred to as “business continuity planning” or “business continuity/disaster recovery (BC/DR)” or “business resiliency”. All describe a plan for keeping your business up and running in the event of a cyber-attack, natural disaster, ransomware, pandemic or other event that could cripple your business.
While there are some very sophisticated and broad ways to go about developing this plan, most small business owners are able to take a more streamlined approach. This is a good way to begin establishing the processes and technology needed to protect your business.
What should the key elements of this business continuity plan contain? Begin with these three questions:
How long can your business survive without access to your technology and key software? This is commonly referred to as recovery time objective, or RTO. Is your company ‘IT dependent’ and would there be a complete work stoppage if your network or IT was not available?
How much data can the business tolerate losing in a data loss incident? Can it lose 1 hour of data, 4 hours or none? This is commonly referred to as recovery point objective, or RPO. Is your data backed up with paper forms, or is it entered real-time on-line with no other documentation?
When is the last time you tested your data backup? How long did it take? Was it successful? Can you rely on it?
The answer to these questions will be a key determinant of the costs and investments in technology and IT; some being new while others upgraded. Naturally, a quicker RTO and smaller RPO will increase cost of solution. Another key cost factor is the storage of data; how much, where it is stored, how quickly can it be accessed and recovered.
The third question related to testing your data backup, provides you a good point of reference for the degree of vulnerability, and therefore, sense of urgency to take action. If you have confidence in your current ability to restore data, and you’ve actually tested, then you’re a step ahead. Remember, your backup is only as good as its ability to restore, and it is core to your business continuity plan, so testing is critical.
And while backup solutions are key; security, processes and education are just as important.
Regarding security solutions, my last blog digs deeper into what you need and what you may need to spend. This includes considering upgrades to your firewalls, anti-virus and web filtering. Security today requires a layered approach so budget and plan accordingly.
Beyond spending and investing in technology, it’s mostly developing simple processes and checklists. These processes ensure that your security and data protection measures are enforced and regularly inspected.
A good example is the Incident Response Plan. This provides the information to every employee for knowing who to call when a data breach, ransomware or data leak event occurs. Time is of essence when it comes to these cyber events and you will need to move quickly in order to mitigate the damage. Reference this document from the SANS Institute for a framework that is adaptable for small business. Contact RIATA if you need help.
Lastly, security awareness training for your staff has become one of the better investments for thwarting some of the many malicious cyber-attacks. Here is a list of shocking phishing statistics of 2020 that can be prevented with proper training.
If you need help with developing a Business Continuity plan, Email us or call 737-249-9696 and we’ll be glad to help. RIATA also specializes in Azure cloud migration, cybersecurity consulting and IT support services.