When a disaster strikes, who should your business turn to?
A burst water pipe; office fire; IT breach; terrorist attack; perhaps even a global pandemic. All of these are disasters that most of us don’t want to consider as we get on with our day-to-day business. But don’t be fooled into thinking that they’ll never happen to you. If 2020 has taught organisations around the world anything, it’s that preparing for the worst is a prudent course of action.
In the hours and days immediately following a disaster, some of the basic actions may be self-explanatory. If you discover a fire, you’ll no doubt know to call 999. And if a leak begins to flood your office, tracking down a plumber to come and fix the pipes is a relatively easy task.
But what about when your IT systems and infrastructure come under threat?
Having an IT disaster recovery plan in place is one of the most important aspects of any organisation’s business continuity efforts. After all, it can make the difference between being able to continue with business as usual and being unable to trade. In 2020, it became clear that many companies didn’t need their offices or even face-to-face interactions. What they did require was the ability to work remotely and retain flexible, secure IT systems.
If any more evidence were needed, research has shown that 87% of companies that lose access to their corporate data for 7 days or more go out of business within the year.
So, what should your business do if you’re disaster recovery planning for the first time?
Here are the fundamentals:
- Address how secure and agile your existing IT infrastructure is
- Create an Information Asset Register, documenting the assets, their location, owners, and vulnerabilities, assess those risks by priority and identify controls to minimise those risks
- Create a disaster recovery plan so that there is a clear guide on how to deal with any unforeseen incident or problem
- Ensure that every member of your business is familiar with the plan and that you have a trusted provider in place to provide support when a disaster strikes
If you’ve never asked yourself these questions before, don’t feel ashamed. Estimates suggest that just 50% of companies have a disaster recovery plan in place. The sooner you begin to work on a disaster recovery plan, however, the better.
At itcent.re we typically work closely with businesses from the early stages of disaster recovery planning. This is because we can add genuine value by identifying vulnerabilities and essential improvements needed to prepare for an unexpected disaster. This might mean addressing the setup of your servers or improving backup procedures; it might also mean updating anti-virus software and providing training on phishing emails to help mitigate against the risk of a cybersecurity breach.
Once your organisation’s infrastructure and cybersecurity has been assessed, creating a disaster recovery plan is the crucial next step to create a roadmap for responding to an attack, accident or unforeseen incident. This should include the key points of contact and decision-makers within your business; identify the preferred process for establishing remote working; establish which of your key stakeholders, supply chain and customers need to be informed of the problem; and incorporate an emergency response checklist.
Not sure you have the right personnel to manage a disaster internally?
Don’t worry, you are in the same boat as many other businesses. And that’s where we try to offer peace of mind at itcent.re. Working with us on a retained basis to support your cybersecurity and maintain your IT infrastructure, we can also act as your first responder in the event of a disaster.
Just as you might have AA or RAC membership for a car breakdown, there can be real value in knowing that our expert team is just a call away. We can offer immediate help to implement your recovery plan as a quick response team. After any kind of breach or incident, time is of the essence and the first 72 hours, in particular, are critical. The faster you can get help to mitigate damage and secure your IT; the quicker you can return to business as usual.
By limiting damage in this way, many organisations also find they can reduce the costs to their business in terms of lost revenue, reputational damage and, in the case of data losses, reduce fines that could be levied under UK the Data Protection Act.