We’ve talked about creating a Technology Disaster Plan. We’ve provided a guide on how to recover from a physical technology disaster. Now, we’re going to address the importance of having a cybersecurity recovery plan in place.
Cybersecurity risks are harder to pin down than other types of business disasters. To quote Mike Osborne, founding partner of the Business Continuity Institute, “You can group together most of the traditional risks like natural disasters, terrorism, epidemic, or IT failure into a small number of resulting impacts. They all have the same impact on your business – you can’t access your premises, staff are unavailable, IT systems are unavailable, etc. Cyber incidents, however, are not as simple — you cannot just fail-over because you bring the same problem with you, whether that is malware or a hacker with access to your systems. If data has been locked and encrypted, you need to factor in significant data loss because you will need to restore data from a backup before the ransomware infection.”
Planning for cybersecurity attacks may be more complex, but we’ve created a list of things you’ll need to address to make planning easier.
So what’s the difference between a Technology Disaster Plan and a Cybersecurity Disaster Plan?
A Technology Disaster Plan covers the physical components of a disaster. What if there’s a flood, or a fire, or a break in? Which technology do you need to maintain operations? How can you work offsite? These kinds of questions are addressed in a tech disaster plan.
A Cybersecurity Disaster Plan covers what to do in the event of a cyberattack. Who must be contacted? What is the order of communications? What needs to be recovered? We’re about to cover all this and more.
Security Plan vs Disaster Plan
First of all, let’s break this down into parts. A security plan and a disaster plan are also two different things. A security plan is designed for internal communications, tends to be very quiet, and addresses ways to prevent security breaches or how to handle minor threats.
A disaster plan addresses the magnitude of a problem, communicates externally to the public, and focuses on how to bounce back from a breach. Though the two are related, they require different approaches to planning.
What Should Your Cybersecurity Disaster Plan Include?
Technology is like the blood of a business; it runs through every part of your business, whether you think about it or not. For example, most of the phones used in workplaces now operate on Voice over IP (VoIP). This requires an Internet connection to function, meaning it’s susceptible to cyberattack. Your security system may operate through the Internet, also making it a cyberattack target.
Business components to consider in your plan:
- VoIP phones
- Security systems
- Wireless devices
- POS systems
This is just a starter list. Make an inventory of all the technological assets your company has to start, and from there, you can move to the next step.
Create a Cybersecurity Disaster Plan
Because technology requires software, data, hardware, and connectivity to fully function, these elements must all be accounted for in your plan.
This is the type of connection you have. Cellular, fiber, wireless, cable, etc.
The programs you use every day that are critical to business. Inventory, email, time tracking, order processing, etc.
This is where you store all the information you collect and send
All of the technology required to complete critical business functions
Once you’ve identified what falls into these categories, it’s time to plan.
- Determine which things are critical for your business to continue operations in the event of a disaster. How will you use them if they’re under attack? What alternatives or backups can you have in place to keep operations going while dealing with a crisis?
- Brainstorm possible threats with multiple ways to react. There’s no way to tell what will happen, and like the old saying goes, “Better overprepared than underprepared.” Get your team together and come up with predictions of what could happen to your business. It’s helpful to research what kinds of attacks have happened in similar industries to get an idea of what hackers may try to break into your business.
- Know which recovery resources you’ll need. Who will you contact first, second, third, etc.? Is there a professional company who excels at cybersecurity recovery? Now is a good time to vet those companies if you don’t have one selected.
- Use a Business Impact Analysis template. You can find an example of what should be included at Ready.gov.
- Have backups in place. Automatic backups should be turned on. Cloud storage should be utilized.
- Plan a lean recovery strategy. How can you keep going with as little as possible? It’s important to know this so that business can continue while you address the issue. Downtime is incredibly costly.
- Train your employees. Human error is the number 1 cause for data breaches and cybersecurity attacks. Thoroughly train your employees on the perils that can be found online, via email, etc. A good place to start: Learning how to spot phishy emails. Social engineering is an incredibly effective tactic that hackers use again and again. The more your employees know, the better they’ll be prepared to combat these tactics.
- Test your training! Once employees have been trained, it’s wise to send out monthly tests. This lets you know whether the training is effective and who might need a more thorough explanation.
- Update regularly. Technology changes rapidly. Implementing new systems, software, and hardware will require a reevaluation of your current plan with updated solutions.
Keep it simple! For higher level employees, more detail makes sense, but for your everyday worker, you don’t want to overwhelm them with legal jargon and long lists of procedures. Boil it down to the most necessary, simplify it, and post best practices in an easy-to-view place. Keep your business safe. Outsource to an IT Cybersecurity expert where necessary, and be sure that your employees are up-to-date on the latest hacker tactics.
Subscribe to our blog