[BreachExchange] Disaster recovery plans are key to keeping business afloat
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Aug 1 18:41:33 EDT 2016
http://www.itbusinessnet.com/article/Disaster-recovery-plans-are-key-to-keeping-business-afloat-4539060
Disaster is not exclusive to one industry. Across the board, there are a
number of foreseeable incidents that threaten to stop business; whether
it's a ransomware attack or internal threat, storms or power outages, the
impact of downtime can have serious consequences. In 2016, more than 30
percent of businesses faced 50 or more cyber security incidents. Not only
can these attacks rack up an expensive bill, significant downtime can
damage a company's reputation and compromise stakeholders.
A good and up-to-date disaster recovery plan can be the difference between
a company that stays in business and one that goes under.
It costs - Not to have a disaster recovery plan
By simply looking at the costs associated with downtime, it is obvious why
a solid and updated disaster recovery plan is critical to business
operations. According to a 2013 study carried out by the Ponemon Institute,
downtime costs the average business $7,900 a minute-a figure that quickly
grows considering that the average downtime incident is just under 90
minutes. For smaller organizations, extensive downtime can even shut down
the business altogether. After a week of downtime, there's a 90 percent
chance an organization will be out of business within a year, according to
National Archives and Records Administration figures.
Although a strong disaster recovery strategy is the best way to combat
foreseeable business setbacks caused by a disaster situation, not enough
companies are rethinking their recovery approach. More ransomware attacks
threaten the healthcare industry, and hospitals are being forced into
Electronic Healthcare Record (EHR) downtime. Alongside ransomware attacks,
internal sabotage and power outages have become major causes of perilous
downtime. With an increasing number of digital-driven threats and severe
weather patterns, like Storm Jonas that shut down New York City subway
operations, disaster recovery solutions are more integral to a business'
bottom line.
Piecing together a strategic disaster recovery plan
By creating a more strategic and built-out disaster recovery plan,
companies have a higher chance of quickly bouncing back from a disaster.
Despite these simple proactive steps, many companies neglect to invest the
time necessary to create a robust plan of action. To begin, companies need
to develop and put in place a forward-thinking approach that considers a
few key elements:
- Don't put all your eggs in one basket: A good disaster recovery plan
shares one key characteristic with a good investment
portfolio-diversification. Businesses shouldn't back up their data in a
single location, there should be multiple recovery points for all files.
While backing up computers to an external hard drive is good practice, a
hurricane can wipe out both the enterprise network and physical backup.
- Know what matters the most: As companies sit down and develop disaster
recovery plans, they must assess what elements of the business are
absolutely necessary to function. A local elections board, for example, may
not be able to function without registrant records and phone systems but
can manage for a week without payroll services. Developing a hierarchy of
data importance can ensure mission-critical data is given the highest
priority in recoverability efforts.
- Keep everyone in the loop: Communication is a vital element to a good
disaster recovery solution and often the biggest hurdle in the event of a
disaster. The plan should be known and shared with every employee at a
business, and not be restricted to IT staff and company leaders, so the
plan can function optimally and meet expectations for all stakeholders.
Whether it's a phone triage, text alert or email notification,
communication is crucial to a quick recovery period.
- Give it a practice run: Companies don't launch new software without
testing it first, and the same should hold true for a disaster recovery
plan. Similar to a software application before it hits the market, a
disaster recovery plan should be tested by individuals who weren't in the
room when it was developed. The main purpose of testing is to ensure that
mission-critical business components will be functioning in the predicted
timeframe.
Getting back to business
No matter the industry, a top-notch and comprehensive disaster recovery
plan is critical to avoiding costly downtime. A good disaster recovery
solution cannot remain untouched on a shelf or be stored on a company's
hard drive. The plan needs to be strategically developed to allow
organizations to resume work in our digitally driven business world. Today,
no company should try to respond to a disaster by tackling it as it
happens. By having an agile disaster recovery plan on hand, companies can
handle any storm that comes their way.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160801/2f27fb80/attachment.html>
More information about the BreachExchange
mailing list