When you think of a cybersecurity crisis, the image that springs to mind is probably similar to a hooded criminal in a dark room trying to hack into a network or systems to gain unauthorised access to data. While this image may be correct some of the time, there are many other worst-case scenarios that a business needs to be prepared for.
Disasters, be it man-made or natural, can strike at any moment and severely disrupt the normal operations of a business. As a Managed Service Provider, you already know that cybersecurity threats such as ransomware, malware, phishing and BEC attacks aren’t going anywhere, and you no doubt continue to remind your customers of this. However, catastrophes such as earthquakes, hurricanes and wildfires also have the potential to destroy businesses and eradicate vital information. And they’re on the rise. The 2020 Ecological Threat Register (ETR) showed that natural disasters worldwide have jumped from 39 incidents in 1960 to just under 400 in 2019. And the number of natural disasters that cost over one billion dollars in the US alone has increased from three per year in the 1980s to an enormous 13 per year in the 2010s.
According to the World Economic Forum’s 2023 Global Risk Report, natural disasters and extreme weather pose the 2nd greatest risk to businesses in the next two years, and widespread cybercrime and cyber insecurity poses the 4th biggest risk. Yet, despite constant warnings from media and governing bodies about the threats businesses face, in 2021, only 54% of organisations had a disaster recovery plan in place. Disasters, or high-severity critical incidents, come in many shapes and forms, from the more mundane like a business break-in or building fire to large-scale catastrophes. Companies need to learn to expect the unexpected, and while nobody likes to focus on the negatives, this involves planning for the worst.
This article will explore the critical elements of a disaster recovery plan and provide a comprehensive guide to ensure businesses are fully prepared in any event. We primarily focus on securing data and systems access for business continuity, however of course there are other considerations that a business needs to contemplate and prioritise, like the well-being of its people. Share this post with your customers, so they're ready to act when disaster strikes.
1. Establish an incident response team
Your first step should be to define who ‘owns’ the plan. Who will be in charge of keeping the plan up to date, and who will the team turn to if there is a disaster? This person needs to be level-headed, organised, and able to communicate with everyone in the business. For big organisations, this may be the head of IT or HR. For smaller businesses, it may make sense for the owner or manager to take responsibility for the plan. After you have elected an owner of the plan, it's crucial that you choose a representative from each department so that they can provide input into which data and systems are critical to the operation of the business. Then, in the event of a disaster, they will be in charge of mitigating the risks for their area of the business.
2. Identify Critical Data
Every department should determine what data is vital to its function and prioritise it for recovery. This could include data such as customer information, financial records, code, or other sensitive information that's critical to the operation of your business. Of course, you can't fix everything at once, so data needs to be ranked by importance ahead of time. It's also imperative that the 'owner' of the plan is aware of who will be responsible for restoring each piece of critical data.
3. Take inventory of physical and digital assets
To adequately plan for disaster response, you need to have an updated list of all software and hardware that the business uses and update this once or twice a year. Companies often find it helpful to take pictures of physical assets, such as computers, servers, printers, network hardware, office furniture, and more. It may be beneficial for you to categorise hardware and software by what you use daily, and will therefore be critical to either restore or replace in an emergency, use regularly, and rarely use, so that you can prioritise.
In this list, you can include support numbers for software vendors so that they can help get you back up and running quicker when you need it.
4. Choose a disaster recovery site
A disaster recovery site is where an organisation's critical IT data and systems are replicated and stored in case of an event that renders the primary systems unavailable. It's a secondary backup location that allows a business to temporarily relocate, operate and maintain the continuity of essential functions and services, which will minimise the impact of a disaster.
While disaster recovery sites have traditionally been on-site premises, smaller businesses may prefer to look into cloud-based services for a more cost-effective and flexible option. This means that they can operate remotely as long as their team has the hardware required. However, it's important to remember that just like any cloud-based service provider, they can be vulnerable to DDoS and ransomware
attacks, which may lead to your data being compromised. Businesses should make sure to speak with you, their MSP, to assess the risk before proceeding.
5. Create a communication plan
If your systems are down, how will you notify employees and customers? In case of a security incident or natural disaster, develop a plan to communicate with employees, customers, and stakeholders. This plan should include who will be responsible for communication (most likely the plan owner), a timeline for each group, and, if necessary, a strategy for addressing any public relations issues. Keeping customers, stakeholders, and the public informed gives you control of the situation and prevents the spread of misinformation, which is the last thing you need when dealing with a disaster!
6. Outline disaster recovery procedures
We can never guarantee how our brains will respond in high-stress situations. No matter how much training you do, it may go out the window when faced with an actual incident. Therefore, you must provide detailed, step-by-step procedures that every staff member can understand. Make sure to include in-depth details about the order of response, critical assets, the communication plan, and an inventory list.
Members of the incident response team should ideally have their own copies of the plan, which can be easily accessed and leave no room for guesswork. You should also have physical and digital copies stored in secure locations so that your team is ready no matter what the incident is.
7. Practice!
Don't leave room for any uncertainty that your plan will work in your time of need. You should regularly test your procedures (annually or bi-annually) to ensure they are effective. This will help you identify potential weaknesses or flaws, such as failed backups or outdated processes. It will also help your incident response team understand their role so that everyone is cool, calm, and collected when you need the plan for a real-world incident.
Although they can't prevent natural disasters, businesses can prepare for the worst. For further assistance, Business Victoria offers "disaster resilience" advice here, which includes in-depth information, as well as a checklist for "Leading your business during disasters" and a "Disaster resilience toolkit". The US government's Ready Business also offers resources to help organisations develop a thorough IT Disaster Recovery Plan for when cybersecurity incidents hit. However, one of the best ways for businesses to minimise the risks of a cyber incident is by investing in email security.
Keeping businesses safe and secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365 or Google Workspace, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.
MailGuard provides a range of solutions to assist businesses in the event of a critical incident or disaster, from email filtering to prevent threats, to email continuity and archiving solutions to help companies maintain ongoing operations and to recover if a critical incident or disaster does occur. Speak to your customers today to ensure they’re prepared for the worst or get in touch with our team to discuss strengthening your customer’s cyber position.
Talk to us
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 282 2
UK partners call 0 800 404 8993
We’re on Facebook, Twitter and LinkedIn.
