What is your disaster recovery plan? 5 fundamental practices to guarantee business continuity
Although interest today is mainly aimed at blocking cyber-attacks, threats come in different ways and in different forms. Being prepared for the unexpected – or even for the impossible – must lead organizations to define, review and implement a valid recovery plan in the event of disaster and business continuity.
Apparently, the idea seems simple: to prepare for disasters (eg, hurricanes, earthquakes, fires, snowstorms, floods etc.) before they happen. Most small and medium-sized enterprises (SMEs) do not spend enough time predicting disaster recovery (and the same applies to some large companies), but the “we’ll take care of it when it happens” attitude can lead to the end of companies, even successful ones.
This level of preparation is neither quick nor easy, which may unfortunately lead us to postpone things irresponsibly. To start a disaster recovery plan or to be sure that the current approach is optimized, consider five best practices that can help set up SMEs for the worst-case scenarios.
Equip yourself with an experienced plan
It seems fairly obvious, but the first element to ensure business continuity in the event of disasters is the fact that you have a plan and carry out training based on it. After all the most serious disasters, people find themselves in conditions of extreme stress and do not think clearly.
Therefore it is essential to have a well thought out plan that defines the procedures and instructions to be followed in the event of a disaster. In the business world, this tool is usually referred to as a business continuity plan.
The business continuity plans coordinate the activities of all sectors (eg, communications, security, IT, human resources, finances, engineering, supply chain etc.) and contribute to identifying the managers, managing the assets and continuing to satisfy the customer expectations. Training and simulations are required to implement a plan successfully; otherwise, it simply remains a piece of paper.
Ensure data accessibility
After a disaster, access to the network may not be available. All the effort can be thwarted if the disaster recovery plan is on a network drive or a company computer that is no longer reachable.
The same applies to e-mail access. If a company manages an internal secure e-mail server and the connection is interrupted, communications are compromised. A very common solution is to store email and data in the cloud.
Another possible scenario is that the connection has only fallen at the main site, but that a secondary site remains available that the staff does not know how to reach. For example: SonicWall’s Secure Mobile Access (SMA) equipment provides transparent remote access by automatically setting a VPN to the nearest online site and redirecting access if necessary.
Provide communication options
The ability to communicate effectively with colleagues, managers, customers, suppliers and partners has a direct correlation on how quickly a disaster can be restored.
E-mail is the main form of communication for all companies, but may not be available. As a back-up system, use social media to coordinate activities. Applications like Teams, Slack and WhatsApp are a valid option to coordinate with internal groups. Twitter and the company website can also be used for public communications.
Maintain awareness of cyber-attacks
Although there must always be an awareness of cyber-attacks it is essential to be even more vigilant in the event of a disaster.
Cyber criminals are opportunists and launch targeted attacks (eg, phishing campaigns, ransomware attacks) against areas, regions, companies or organizations to exploit those who try to make themselves useful or hoping that chaos has let their guard down.
Unfortunately, many non-profit organizations, including the Red Cross , FEMA (Federal Agency for Emergency Management), the FCC (Federal Communications Commission) and others, are forced to issue repeated scam alerts in case of disasters. Should one of these attacks compromise an employee or a partner, this could turn into an access route to the corporate network. If the appropriate network security firewalls and e-mail security controls have not already been activated , one click is enough to break into a network or infect a machine.
Some of the best fundamental practices are able to protect users in the event of a disaster and to ensure that networks and emergency accesses are protected, including through two-factor authentication (2FA) or multifactor (MFA) and next-generation antivirus ( NGAV) or endpoint protection , such as SonicWall Capture Client .
Together, these tools help to validate the identity of the user, even if his credentials have been compromised and make it possible to prevent the execution and installation of malicious files on company machines in the event of infection.
Prepare yourself immediately
A successful disaster recovery and business continuity recovery plan should not be delayed. A catastrophic event or a natural disaster could cause much greater damage to companies, customers, employees and brands than responsible and far-sighted investments in valid cyber-security systems, redundant networks and relapse controls.
Preparing for disasters not only helps protect yourself in times of crisis, but the same controls will probably protect networks and data against daily cyber-attacks against organizations (eg, ransomware , e-mail attacks , encrypted threats, internal threats and others harmful threats).