Last March, COVID-19 took just about all of us by surprise – putting us in uncharted waters. Business owners found themselves navigating the financial and operational challenges of a global pandemic while rapidly addressing the needs of staff, customers, and vendors.
For many, these changes meant creating a work from home strategy in a matter of days – or even hours – and reacting to what had already occurred while guessing about an unknown future. If you were in this predicament, you weren’t alone – many others found themselves in the same position. But you did it! You swung into action, changed course, and generally made the best of a difficult situation.
Now, as we start to reach the other side of this pandemic, it is important to establish long-term strategies for greater resilience and to apply lessons learned from the experience to create a roadmap that better prepares your company for future disruptions. In many ways, the pandemic has been a massive test of business continuity.
Let’s take a look at how you can plan for the worst-case scenario and what you should do to ensure you’re ready for anything.
We now know that disasters can take many forms: fire, seasonal monsoon flooding, sabotage, data breaches, global pandemic – even simple human error can be disastrous. One of the most vulnerable assets in the event of a disaster is your business data. Having a timely and well-thought-out plan can minimize downtime and keep your organization running as smoothly as possible in all situations.
When considering a backup plan, the most basic rule to protecting your business data is to ask if losing that data will interfere with your operation. If so, back it up!
If you only have your data backed up on a single device, and it is lost, stolen or damaged, your data could be unrecoverable. Having paper copies or backup tapes is an outdated practice, as it is not adequate or efficient for data protection.
Consider backing up your data using the Rule of Threes. This means you should have:
- At least 3 copies of your data
- Store the data on at least 2 different media types
- Keep at least 1 of those copies offsite.
When keeping a local copy of your backups, you should also have a copy of that data on another device. If you have any problems or failures with your first copy, this data will still be available to be recovered.
Your offsite backup solution should be kept completely separate from your network and the rest of your data. If anything happens to your building or the equipment inside your location, your data will still be safe and sound. Cloud-based backup solutions can assist in these instances. Because cloud solutions use offsite data centers, this is a more reliable method of keeping data secure in the event of an onsite disaster.
Disaster Recovery Planning
If your business does not have a plan to leverage the power of the cloud in the event of a disaster, you need a robust disaster recovery plan. A disaster recovery plan (DRP) is a set of instructions that explains how to respond to an unplanned incident that affects a business’s IT infrastructure in order to resume work as quickly as possible. The best disaster recovery plan is one that is personalized to your business – there is no “one size fits all” plan.
Use the Right Tools
While cybersecurity awareness should be practiced at all times, it’s critical to be even more vigilant during times of disaster.
Cybercriminals are opportunistic and will launch targeted attacks (e.g., phishing campaigns, ransomware attacks) at areas, regions, companies or organizations looking to either take advantage of those trying to help or hoping the chaos has caused you to drop your guard.
Multifactor authentication (MFA) is an easy IT security measure that businesses can use to protect their data. MFA provides layered security to protect against breaches. With its cost-effectiveness and ease-of-use, MFA has become much more widespread in the past few years. Some services also offer a more efficient option with simple push notifications.
Security Awareness Training
Your staff is the last line of defense against cyber threats, so don’t skip Security Awareness training! If your staff receives an opportunistic phishing email during a disaster, will they be able to tell that it is suspicious? Your employees are pivotal to the success (and failure) of your recovery efforts. It is important to do everything you can to make sure your employees will not be fooled by bad actors.
If a disaster forces your team to be physically separated, even basic communications can be challenging. Something as simple as sharing a password can not only pose a major inconvenience, but it can also be a major security risk if teams do not have the right tools in place to facilitate quick, safe sharing of account logins.
A password manager enables your team to save and share account logins quickly and securely. With a few clicks, a shared encrypted password can be synced to a given employee. Shared usernames and passwords appear in an employee’s vault, and credentials are filled automatically as they log in to the shared account.
Loss of power is often overlooked when it comes to a disaster recovery plan, and if your server shuts down without warning, you can find yourself with an array of issues. An Uninterruptible Power Supply (UPS) is a set of batteries that plug into the main electrical supply and can greatly assist your disaster recovery efforts. A UPS not only gives your servers enough time to safely shut down, but they also help smooth the connection between the server and the main power supply. In turn, this can also increase the lifespan of your servers as it eliminates power surges.
Update Your Plan
Your company is not static, and as we have seen this past year, neither is the environment in which we do business. The plan you may have created last year is already outdated. Without regularly reviewing and updating your plan, you risk overlooking new factors on the horizon that have the potential to devastate your business. Depending on the nature of your environment, you may need to perform a review every few weeks, once a quarter, or at least once a year. Aim to review more frequently and then work with your IT service provider to adjust as needed.
Test Your Plan
Regardless of your industry, testing your backup systems, disaster recovery plan, and IT policies should be done early, and often. Any plan that carries the weight of your business should be continually monitored and tested to ensure it will function as needed in the event of a disaster.
Whether you have an internal IT team that needs a hand or you’re just trying to take extra precautions, consider working with an IT Managed Service Provider (MSP) to help with your backup and disaster planning. A plan executed by an IT Managed Service Provider like Silverado Technologies is the best way to support business continuity in the event of a disaster or security breach.
Silverado is proactive and has individual relationships with each client. This creates a deeper understanding of your business needs and concerns and allows for a complete range of factors and liabilities to be addressed on a level that may be unfamiliar to a 3rd party. We also offer solutions like cloud-based data storage and backups that help simplify this process and reduce the cost of disaster recovery.
Call us today to help you create a plan that suits your needs.
Want to hear about one of the ultimate tests in planning? Join us on April 22 at 9:00 AM as we chat with Dante Lauretta, the principal investigator for NASA’s OSIRIS-Rex mission to hear the incredible story of how their planning strategies allowed them to do more than they imagined! OSIRIS-REx is a NASA asteroid study and sample-return mission. The mission's primary goal is to obtain a sample from Bennu, a carbonaceous near-Earth asteroid, and return the sample to Earth for a detailed analysis. Reserve your seat today!