CYBER SECURITY | 6 MIN READ
Acts of Mother Nature and the wrath of cyber criminals can be unpredictable. If your business' network went down tomorrow due to a natural disaster or cyber attack, how would you ensure that business operations continue smoothly and that minimal data is lost? Business Continuity and Disaster Recovery (BCDR) plans are the answer. Keep reading to learn how to prepare your business for the unpredictable by building an effective BCDR plan.
Not enough time? Jump to:
Why All Businesses Need a BCDR Plan
As a company, the only thing worse than being struck with a disaster that impacts business operations is being ill-prepared to remedy the consequences.
Many businesses assume that they are already prepared enough in the event of an emergency and that their IT knows what to do.
However, they should never assume that anybody is perfectly prepared for an emergency scenario, especially when so many variables can determine how badly a business will be affected.
While creating a BCDR plan won't prevent natural disasters, cyber attacks, or network outages from occurring, it will minimize the amount of time that your business operations are negatively impacted.
Regularly testing and updating your BCDR plan keeps all employees in the loop on protocol to follow when disaster strikes. When testing your BCDR plan, bring together all key personnel and have them go over their roles in the event of a catastrophe.
For Disaster Recovery plans specifically, the entire IT department should meet to ensure that every employee knows what to do to recover your business' network.
While BCDR plans mainly bring in IT departments and company executives, every employee is, in some way, affected by network outages and impacts to business operations.
Consider having a company-wide meeting so all employees know how to adapt their day-to-day routine if business operations are interrupted.
When your office is struck by a tornado or hit with ransomware, there's no telling how long your network may be down.
While your network is down, every department is affected. Salespeople may not be able to prospect. Billing may not be able to process payments. The longer the downtime is, the bigger the productivity and financial losses are.
Businesses underestimate how much downtime costs. While it negatively affects productivity, it also directly impacts your bottom line. According to a 2016 IBM report, on average, every minute of unplanned downtime can cost a business $7,003.
Small businesses in particular are at a disadvantage when it comes to downtime costs. Many have razor-thin margins, which means that they really cannot afford extensive downtime.
Having a BCDR plan maximizes network uptime, which in turn allows business operations to quickly resume.
Protect Sensitive Data
Imagine how many important or sensitive files your business could lose if company data wasn't regularly backed up. How would your business be impacted if it permanently lost access to financial documents or client files?
There are too many important documents stored on a business' network to warrant a lackluster approach to network protection. When your network goes down, your IT department may have to access previous network backups to restore network functionality.
If your network isn't backed up as often as possible, your IT may have to resort to a backup from a week ago, a month ago, or longer. This means that most documents created and stored in your network since that last backup may be permanently lost.
When companies create BCDR plans, data is automatically backed up as often as possible, sometimes multiple times a day. This can help businesses avoid severe data loss in the event of a network outage or cyber attack.
How to Build a BCDR Plan
If your company doesn't have a Business Continuity and Disaster Recovery) plan, you are at a disadvantage for when a natural disaster or cyber attack happens.
Building out and regularly testing a thorough BCDR plan puts you a step ahead for when disaster strikes.
Evaluate Workflow on a Department-Based Level
Since many jobs can now be done online, in the event that your network goes down, many employees should be able to pivot and work remotely from home and use websites and other online platforms to continue working.
When evaluating each department, answer some of the following questions: How do they communicate with one another? What software and programs do they use? How much of their jobs relies on files within your network? Knowing the answers to questions like these can ensure that there are no gaps in your plan.
By evaluating and taking note of how each department runs, you can then build a plan of attack that lays out how each department will shift its business operations to be remote or old-school on paper while your network is recovered.
Take note of what business processes need files and platforms within your network so you can plan a workaround. For instance, if your accounting department tends to store spreadsheets in a common drive on your company's network, they may not be able to access them if your network goes down.
How can that department shift their business processes so that they can either access that data somewhere else or continue working without them? Thinking like this will keep your business better prepared.
Network outages and ransomware attacks can happen at any time. In these scenarios, you may have to restore all devices to the most recent backup.
If you don't back up data frequently, then you risk losing access to important documents. Sometimes, businesses will have trusted employees manually perform data backups. While this can work, human error can come into play when a backup is forgotten or is improperly performed.
Take human error out of the equation by using a platform that can perform backups as often as possible. The more often backups occur, the less data you will potentially lose when your network goes down.
Frequent backups also minimize downtime by allowing IT folks to quickly restore your network to full functionality. This means that employees can quickly resume normal work functions without wasted time sitting around.
Keep Executives Up to Speed
Make sure that all executives and any in-house IT staff know the proper steps to take in the event of a cyber attack or network outage.
Will all employees be shifted to remote work temporarily? Do any software vendors need to be contacted? Which employees will be the primary people to handle a network outage, and which tasks will they need to delegate to others?
Answering these questions ensures that staff resources are quickly and efficiently allocated to get your network running again.
Regularly Test and Update Your BCDR Plan
Having a comprehensive BCDR plan is a great step towards safeguarding both data and business operations. However, if your plan isn't regularly tested and updated, you risk cracks forming in your plan over time.
The Disaster Recovery aspect of your plan shouldn't ever change much, but it is a good idea to periodically evaluate your backup processes for kinks and see if you need to make any improvements.
When it comes to the Business Continuity aspect of your plan, periodic updates are key. Staff change departments, leave for other companies, or are promoted. When personnel shifts happen, BCDR plans should be updated so that the most current roster of executives and employees is available.
When new executives are brought on, they should be brought up to speed on your organization's BCDR plan. We recommend testing your BCDR plan with executives quarterly if not every six months and with the entire company annually to ensure that it stays fresh in all employees' minds.
Should I Backup My Data
On-Premise or in the Cloud?
When you implement the Disaster Recovery aspect of your BCDR plan, you may be wondering where you should backup your data.
In general, businesses choose to backup their data either in the cloud or on-premise. Keep reading to learn how you can determine which one is a better fit for your business.
Benefits of On-Premise
Easy Management with In-House IT Personnel− While the up-front investments for hardware/software can add up, you would already have dedicated staff to manage the infrastructure after it's up and running, keeping data both secure and close by.
Customization− On-premises solutions are infinitely customizable because your entire network, including your servers and data, are in your office. While this can be costly, it allows one to develop a customized solution fit for their specific needs.
Regulatory Compliance− Companies with strict data privacy regulations to adhere to might feel more comfortable housing their data in the office instead of hundreds of miles away in a data center. Keep in mind, however, that housing data on-premise leaves it more susceptible to theft and natural disasters.
Cheaper− On-premise security can be a cheaper up-front cost for small to medium sized businesses, especially if you already have in-house IT. However, keep in mind that the cost to maintain and repair servers can add up.
Benefits of Cloud
Storage Immortality− With cloud storage, your data is housed in a data center forever as opposed to on-premise solutions which must be shifted around every time you get new servers.
Security− Some businesses could find the cloud to be more secure because your data isn't physically at your office, but is instead stored in a data center with advanced security features. Cloud systems also learn your network and grow with you, which can make them more secure over time.
Regulatory Compliance− As long as a cloud security provider does their due diligence in staying compliant and up to code, the risk of data loss and non-compliance penalties can be effectively mitigated.
Minimal Downtime− Effective BCDR plans involve minimal downtime. For businesses that prioritize keeping network downtime to a minimum, the cloud could be the way to go because it backs up your data in multiple places.
Scalability− Data centers can quickly re-adjust their resources to meet client demand. For instance, if a company experienced rapid growth and needed to expand their infrastructure and computing power, the cloud could do this with ease.
Cyber security solutions are not one-size-fits-all and can be customized to fit your needs.
If you don't feel pulled strongly in either direction, there are hybrid options available that have aspects of both on-premise and cloud security.
Keep in mind, however, that in general, the data security industry is moving towards the cloud as technology progresses.
Constructing an effective BCDR plan involves not only careful coordination but also periodic testing and updates. We hope that your organization can use this article to take some actionable steps towards creating your own BCDR plan.
For more cyber security-related content, follow our blog!
Posted by Erica Kastner
Erica Kastner is a lead Content Specialist at Standard Office Systems as well as a University of Georgia graduate. She aims to use her passion for problem-solving to help businesses understand how to better leverage their network infrastructure.