Has your company reached the point where all data protection strategies have been considered? A firewall deployed at the edge of the network? A transparent system against intruders? Encryption to protect all communication routes between networks and remote devices?
These defenses are highly effective in dealing with digital frauds and cyberattacks. But what are the options if your office suffers a small fire that impacts the data center? Or if the personal device of a C-Level is compromised during a flood or physical theft, what to do?
Just as digital threats, human actions and natural disasters can compromise valuable information for your business. Therefore every company needs to consider in their strategy what solutions can help address these types of challenges.
Although you cannot avoid natural disasters, you can prevent the loss of information. And for that, you need a contingency analysis.
A disaster recovery plan should define, implement and test the continuity strategy for all your services, taking into account possible failures that may occur and compromise the company’s strategic information.
Some points will guide you in building your plan.
- Analyze all possible threats, map all possible scenarios. Cybercrime may be the main threatening scenario for your data, but you should not forget events such as natural disasters, electric, physical failures etc. It is equally important to prospect scenarios that may lead to data loss or destruction. Of course, there may be other unfavorable actions to information beyond cybercrime.
The more scenarios you company maps, the more prepared it will be to create solutions and prevent threats.
- Work on an business impact analysis. What would happen if the data held by your company were affected?
To do this, you can create a priority matrix for each type of data and analyze the impact of each type of lost information (download the NIST model). Map all effects (financial, regulatory, contractual, reputational etc.). This analysis will help you identify what your priorities should be in order to protect each type of data.
It is important to always take into account the three pillars of information security: confidentiality, integrity and availability.
- Focus on people. Most companies fail to consider human action as a potential risk to information. Another common mistake is not to consider people as part of the processes, or even to build processes.
What does that mean? While technology empowers business, people also have an important role to play. What are the expected behaviors of your users to ensure information security?
And to achieve this result, what should be the company’s actions? Empower people? Promote awareness? Invest in technology that can drive people best behavior?
On the other hand, which people are the crucial to help recover your operation in the event of a disaster or massive loss of data? Who can respond to a crisis efficiently? What are the capabilities needed to manage these crises? How does your company retain talent capable of acting in crisis situations?
Of course, each company will map different scenarios and create different plans. But to ensure recovery, some tips can be followed to help a faster recovery process.
- Catalog all your hardware and software
- Set downtime and data loss tolerance
- Set responsibilities in the team
- Design a communication plan
- Create secure copies of your information
- Establish SLAs for emergencies and crises
- Test your plan
The main point is to understand that, in the face of a disaster situation, these actions will be crucial to preserve your activities and competitiveness.