CYBER SECURITY | 5 MIN READ
When natural disasters and cyber attacks strike, the consequences can extend far beyond just physical damage. Your network functionality may be crippled and severe downtime can cost your business more money than you think. Business Continuity and Disaster Recovery (BCDR) plans are an effective way to mitigate the risks associated with network downtime and natural disasters. Keep reading to learn what a BCDR plan is and why it's imperative that every business has one.
Not enough time? Jump to:
Why Should Businesses Have BCDR Plans?
Other Ways That Businesses Can Protect Their Data
What is a BCDR Plan?
Business Continuity and Disaster Recovery (BCDR) plans are utilized by businesses to ensure that there are minimal interruptions to operations and your network due to outages or natural disasters.
Business Continuity plans re-direct resources, establish chains of command, and coordinate shifts in employees.
For instance, if a company was struck by ransomware and their entire network went down, how would they continue to ensure that all employees have web access and know how to continue working?
In this scenario, maybe all employees would be instructed to work remotely, or maybe some business functions would temporarily be put on pause to direct resources to more critical business tasks.
Disaster Recovery plans focus on how to utilize IT to quickly recover one's network with minimal downtime and data loss. A few main tenants of Disaster Recovery plans include server and network restoration and backup recovery.
These plans involve coordination with either an in-house IT department or a third-party provider to ensure that they know the immediate steps to take when a company's network goes down.
Why Should Businesses Have BCDR Plans?
When your office is struck by a tornado or hit with ransomware, there's no telling how long your network may be down.
While your network is down, every department is affected. Salespeople may not be able to prospect. Billing may not be able to process payments. The longer the downtime is, the bigger the productivity and financial losses are.
Businesses underestimate how much downtime costs. While it negatively affects productivity, it also directly impacts your bottom line. According to a 2016 IBM report, on average, every minute of unplanned downtime can cost a business $7,003.
Small businesses in particular are at a disadvantage when it comes to downtime costs. Many have razor-thin margins, which means that they really cannot afford extensive downtime.
Having a BCDR plan maximizes network uptime, which in turn allows business operations to quickly resume.
Keep Businesses Prepared
As a business, the only thing worse than being struck with a disaster that impacts operations is being ill-prepared to remedy the consequences.
Many businesses assume that they are already prepared enough in the event of an emergency and that their IT knows what to do.
However, they should never assume that anybody is perfectly prepared for an emergency scenario, especially when so many variables can determine how badly a business will be affected.
While creating a BCDR plan won't prevent natural disasters, cyber attacks, or network outages from occurring, it will minimize the amount of time that your business operations are negatively impacted.
Regularly testing and updating your BCDR plan keeps all employees in the loop on protocol to follow when disaster strikes. When testing your BCDR plan, bring together all key personnel and have them go over their roles in the event of a catastrophe.
For Disaster Recovery plans specifically, the entire IT department should meet to ensure that every employee knows what to do to recover your business' network.
While BCDR plans mainly bring in IT departments and company executives, every employee is, in some way, affected by network outages and impacts to business operations.
Consider having a company-wide meeting so all employees know how to adapt their day-to-day routine if business operations are interrupted.
Protect Sensitive Data
Imagine how many important or sensitive files your business could lose if company data wasn't regularly backed up. How would your business be impacted if it permanently lost access to financial documents or client files?
There are too many important documents stored on a business' network to warrant a lackluster approach to network protection. When your network goes down, your IT department may have to access previous network backups to restore network functionality.
If your network isn't backed up as often as possible, your IT may have to resort to a backup from a week ago, a month ago, or longer. This means that most documents created and stored in your network since that last backup may be permanently lost.
When companies create BCDR plans, data is automatically backed up as often as possible, sometimes multiple times a day. This can help businesses avoid severe data loss in the event of a network outage or cyber attack.
Other Ways That Businesses Can Protect Their Data
While you can't fully prevent network outages, you can take steps to reduce the chances of one occurring due to a cyber attack. Keep reading for a few quick tips.
Create a Password Policy
When you have a weak password, a hacker can break into your personal accounts in a matter of seconds. Some dedicated hackers looking to break into corporate networks even code specific programs whose only function is to try millions of passwords around the clock in an attempt to gain access to a specific account or program.
Password policies, when implemented company-wide, educate employees on cyber security best practices and instill a sense of personal accountability.
A main focus of any password policy should be to limit how much passwords are written down, whether they're on a sticky note or in an Excel spreadsheet. Writing a password down anywhere leaves it susceptible to being found by hackers.
If employees have too many passwords to remember, they can consider a secure password-storing program such as MyGlue. These programs securely store all passwords in one place and autofill login forms, which keeps people from having to remember all their password.
To maintain strong passwords, consider creating passwords that don't use easy-to-find information such as last names or birthdays. A hacker can easily find this information on somebody's social media profiles. When creating a password, make sure it's long and complex.
Additionally, install two-factor authentication on your devices whenever possible.
Two-factor authentication uses an additional method of identity verification in conjunction with a password to secure your account. For instance, some programs let you associate your cellphone number with your account so that when you login, you must enter your password as well as a code that's sent to your cellphone number.
RELATED: How to Create and Secure a Strong Password
Secure Your Copiers and Printers
When hackers think of which parts of a business network to target, many might think to aim for computers because of all the sensitive documents and programs stored on them, but sometimes, hackers instead aim for printers and copiers because they let them access private files or enter your network.
One way to leave your office machines susceptible to data breaches is by enabling features that let you access documents stored on your copiers and printers from your computer. When setting up your copiers and printers, disable this feature, if you can.
Personal copiers and printers typically used in managers' offices come with a host of security risks. For instance, personal printers can have a "print from anywhere" feature that lets you print documents even when you're away from the office.
However, this "print from anywhere" feature has little security because it has to create a hole in your firewall to allow you to communicate with the machine from anywhere in the world, which can create a security gap that lets hackers into your network.
While enabling a "remote support tools" feature lets your machine dealer remotely assist you in fixing issues, this two-way form of communication creates network security gaps.If you have this feature on your copiers and printers, either turn this feature off or try to opt in to one-way outbound machine support with your dealer.
To patch a potential security threat in your business, consider upgrading to newer copiers and printers because of their updated security features.As an additional security layer, consider scanning your network for any open ports on the copiers and printers can help identify any existing security gaps.
RELATED: How Can Your Printers Have Security Risks? [Tips to Protect]
Layer Your Cyber Security
Robust cyber security with multiple layers of protection, including software, hardware, and trained IT professionals to monitor and patch up your network, ensures that your network stays secure from every angle.
Consider letting managed IT services holistically protect your network. Along with implementing in-depth BCDR plans, a Managed Service Provider layers security measures to take a proactive approach to network protection.
They install and maintain up-to-date security hardware and software, educate employees on cyber security best practices, and resolve any security issues that arise.
By implementing multiple security measures, you reduce the chances of having to become reactive in the event of a cyber attack. This can save you money from potential data breach lawsuits, prevent compliance violations, and reduce downtime in the event of a cyber attack.
In this day and age, it is not a matter of if your company experiences a cyber attack but when.
BCDR plans reduce the negative impact that these attacks, as well as natural disasters, can have on business operations and network functionality.
As a Managed Service Provider, we used our experience with helping businesses implement BCDR plans to write this article. We hope that this article answered your questions. For more cyber security articles, follow our blog!
Posted by Erica Kastner
Erica Kastner is a lead Marketing Specialist at Standard Office Systems as well as a University of Georgia graduate. She aims to use her passion for problem-solving to help businesses understand how to better leverage their network infrastructure.