COVID-19 has caused a significant shift in remote working across all industries, and for some companies, this transition has caused problems. Many businesses are now finding themselves unprepared or unprotected to operate safely online due to outdated systems and the new wave of cyberthreats. Even more concerning, many businesses do not have contingency plans in place to cope with potential outages.
Only 54 percent of companies have a developed crisis plan, despite 79 percent of business’ decision-makers believing a crisis is impending. As early as March, legal service Equip Global had to be taken offline after a malware attack – emphasizing how even the biggest players’ technology is vulnerable during uncertain times.
Too often, companies are heavily dependent on technological processes that they don’t understand, or simply are not fully aware of the risks they face online. What happens then, if systems encounter a problem and communication is lost? Here are essential backup plans to quickly and effectively deal with such a scenario:
Disaster recovery plan
There are a number of steps that need to be taken to structure an efficient disaster recovery plan. First, consider what processes in your business are essential and need to be restored fastest in the event of a system error. Calculate how long you can survive without these processes, and do the same for the tools or applications you depend on most – this is known as the recovery time objective.
Once you have rough time estimates, translate these into a business impact analysis – meaning work out what the downtime will cost in terms of sales, website traffic, customer service, and so on.
Afterwards, you’ll need to source the last point at which all your data was backed-up or replicated and judge how much time has passed between then and the system problem you’re having now – this is known as the recovery point objective. It’s then time to create a ‘risk and impact’ chart and test a possible fix by comparing the current state of your systems against the desired state. The gap analysis should highlight areas that are most affected and allow you to redesign the system accordingly.
Before implementing any changes, make a timeline and clearly define what the criteria are to achieve full operations. In this definition, include what the rules are for escalating issues and what levels of severity there are. Finally, assign roles among your team so individuals know what they are responsible for, and ensure individuals are fully trained in how to complete their tasks.
A key element of any disaster recovery plan is the communication plan that specifies how both internal and external communication will be managed during the system problem. For example, internal communication could be email alerts, in-office overhead announcements or text messages sent to employee phones. Typically, internal messages convey instructions, updates on fixes, and confirmation of when a situation is resolved.
Besides having designated mediums to communicate with your team and outside sources, ensure you own clear, accessible databases with all their contact information. When a problem strikes, you may be able to export the existing information still. However, the likelihood is that you’ll need electronic lists hosted on secure servers to access from a web browser. Alternatively, hard copies are a trusted failsafe.
On the other hand, external communications usually focus on stakeholders, clients, suppliers, and media who need to be informed about the issue. External communication is often neglected in communication plans but is just as important as internal communication for the continuity of your business.
For customers, check that all emails and chat functions are programed to display a message stating there is a temporary problem. Where possible, divert phone calls to a functioning call center or activate a voice message saying there is an issue.
Unified endpoint management
Unified Endpoint Management (UEM) is a software that helps organizations manage and control endpoint devices from a single interface. These endpoints include mobile devices, desktops, laptops, tablets, wearables, and other smart devices used within an organization.
A UEM solution can act as a failsafe when a system encounters a problem and communication is lost. With the help of an endpoint management solution, the IT admin can set up certain protocols to be initiated at adverse times.
For example, if your devices disconnect from a WiFi network, provisions to connect to mobile data can be enabled, maintaining communication between users. Similarly, multiple WiFi connections can be configured and pushed to devices, meaning that if one of your connections is severed the device will still connect to another network.
Alternatively, if one of your UEM-enrolled devices becomes inactive for more than a specified time, certain configurations that secure the corporate data stored on the device can be enabled the next time the device comes online. This action ensures that if the device is compromised in any way, restrictions prevent the data being leaked or harmful malware potentially spreading further through the system.
Another perk is that if any of your devices are lost or stolen, ‘lost mode’ can be activated to lock down the devices and prohibit access. Once confirmed lost, other directory-based actions can be taken to stop access to corporate resources.
Theory into action
Your backup plan should be devised over a long time, and be living strategies that are constantly being added to and adjusted based on system developments. The plans should additionally align with any financial, insurance, resource, and compliance restrictions your business faces.
Your backup plan should be living strategies that are constantly adjusted based on system, business and compliance developments. #cybersecurity #respectdata
Click to Tweet
Remember, practicing your backup plans is just as vital as the backup plans themselves – there is no point having contingency options if they aren’t guaranteed to help in a crisis. Similarly, restoration is only half the job; you have to conduct an in-depth evaluation of the cause and solution once the problem subsides. Without conducting a thorough investigation, the issue could easily reoccur again and potentially cause greater damage.
Consider any type of system failure a learning curve, one where you can improve and reiterate protocols to strengthen both your company and technology.