A cybersecurity disaster doesn’t always involve a named storm or a catastrophic data breach; sometimes, business as usual is interrupted by something as seemingly innocuous as a phishing email or worse, an untrusted opened attachment. The very slight but markedly important difference between an incident and a breach can often make or break a business’s operations and determine how that business responds to or recovers from the security event:
To ensure all data, infrastructure, and systems continue to operate in the event of a full-blown data breach or natural disaster, you need to have a comprehensive, effective disaster response and business continuity plan in place. In order to respond effectively to security incidents at both ends of the spectrum, follow the tips below to create a response plan that will allow a quick recovery:
1. Maintain a hardware and software inventory.
Keep a record of all hardware and software along with the appropriate IT services contact for each application or system, and make sure it is accessible in multiple backed-up formats if disaster strikes.
2. Define how much downtime your business can deal with.
This is where a business should start its disaster response budgeting and planning. Conduct an honest assessment of how much downtime your business can afford to have in the event that all IT and data-related services are cut off. Would you be okay without your data and connectivity for a few hours? How about five days?
Critically evaluating your business’ data dependency is a good place to start when deciding upon how much to invest in your disaster recovery plan.
3. Establish a disaster response team, and define the key roles of responsibility.
Form a disaster response team and delegate certain tasks to the appropriate individuals. Include roles for everyone from C-level executives to administrative personnel, and be sure to involve members from all departments. Make sure everyone knows exactly who to contact when disaster strikes, and put a backup personnel in place in case key members are out sick or on vacation.
4. Implement an alternative communication plan with multiple forms of access including landline, email, and mobile.
Establish an alternative communication process so that employees know how to reach the appropriate parties in the event of a particular disaster. Recommend a specific form of communication—whether it is an online presence or via SMS—as the go-to method for employees to retrieve important workplace information and updates.
5. Establish a backup location—and not just for your data.
Many businesses make the mistake of planning for a secondary data center, but they don’t plan ahead in case the human element of their workforce needs to take up residence in the backup location. When planning your data center backup location, be sure to include modifications that will allow for personnel to work on-site if necessary.
6. Vet your Service Level Agreements (SLA).
You want everyone to be on the same page during a stressful post-disaster scenario. If you outsource your IT, be sure to have a comprehensive SLA in place so all parties know who is responsible for what in the event of an emergency. This way, you’ll have a clearer idea of the process and timeline involved in getting your systems back up and running after a disaster.
7. Test the plan regularly.
Perhaps one of the most overlooked elements of any effective disaster response plan is the regular testing and evaluating of the process. You need to know how all elements, people, and systems will respond in a worst-case scenario so that you can establish which parts of the plan, if any, need fine-tuning.
Be sure to involve employees in your scheduled disaster response planning, too. They need to be well-versed in all aspects of the plan to be able to assist when necessary—but also to become part of the proactive security fabric of your organization. When an employee understands how a post-disaster scenario can affect a company from the ground-up, they will be better equipped to help prevent that disaster from occurring in the first place.