In today’s times of uncertainty, SecureWorks, which offers Security as a Service (SaaS), is advising organisations to be proactive at protecting their information technology assets in case they are faced with a natural or man-made disaster. This means that it is critical for organisations to have a solid disaster recovery plan in place, prior to an incident occurring.
“It is critical that organisations ensure they have measures in place to swiftly respond to adverse affects of natural disasters and man-made disasters,” said Al Tirevold, director of security architecture at SecureWorks. “Safeguarding critical customer or member data is not just an IT issue; it’s a business continuity issue, and the opposite can cause you financial loss and an inability to serve your customers.”
Many organisations and regulating bodies have guidelines on how companies should handle data loss prevention, response and recovery. For companies who have not yet formalised their BCP plans, SecureWorks offers some guidelines, which are aligned with some of today’s common regulations:
-- Make sure your business continuity plan has a section for disaster recovery, and make sure your BCP is enterprise-wide, considering every critical aspect of your business including personnel and physical workspace. The BCP should include a sequence of tasks and responsibilities that are clearly spelled out.
-- Do a thorough business impact analysis (including a security business impact analysis) and risk assessment.
-- Test your BCP for its effectiveness, and make adjustments/updates to reflect changes in your organisation. Testing is recommended at least on an annual basis, and you should include third parties like data processors, managed security service providers and core processors.
-- Identify alternate locations to operate from in the event you are no longer able to conduct business from your office. This should include a capacity for data centres, computer operations and telecommunications.
-- Back up data, operating system configurations, applications and utility programmes, and identify alternate telecommunications.
-- Identify off-site storage for back up media, supplies and documents such as your BCP, inventory list, operating and other procedures, etc.
-- Make sure you have alternate power supplies in case you are without electricity (uninterruptible power supplies [UPS] and back-up generators).
-- Assemble a team in advance and designate people who are responsible for various tasks in the event of a disaster. All personnel should be trained in their contingency-related duties and new personnel should be trained as they join your organisation.