So don’t be caught unprepared by hacker attacks!

disaster recovery planning
So don’t be caught unprepared by hacker attacks!

providers on the subject

Most SMBs don’t have a disaster recovery plan in place to begin restoring business operations after a hacker attack. Which basic steps or measures are necessary for this?

Managing directors of a small company face many challenges. With tight margins and competitors on their heels, they must move faster than the competition and serve their customers better to maintain their position in the marketplace. Because SMBs often only focus on developing their business, they can end up neglecting one of their most important assets – their corporate data.

According to management consultancies, around 70 percent of SMEs that have suffered major data loss go bankrupt within a year. With the growing number of IT threats, every business is now at risk of disaster, no matter how big or small. With a solid backup and documented method for restoring the backed up data, around 90 percent of SMBs would be able to recover from a ransomware attack, for example.

Development of a disaster recovery plan

It is critical that SMB CEOs have a disaster recovery plan drawn up and updated regularly. The following procedure must be taken into account:

Assemble team: Developing a disaster recovery plan requires putting together a team and appointing a project leader and senior management contact.

Identification of all assets: One of the most important steps in disaster recovery planning is creating a complete inventory of IT assets. These assets include both software and hardware, as well as the data on which the business depends. When creating a disaster recovery plan, the team must develop plans to protect or restore functionality to all of these different assets.

Identification of potential risks for each asset: This consideration must be specified as comprehensively as possible. Possible risks should be assigned to the assets in question. From this it is advisable to select the most common risks with the highest probabilities.

Acceptable downtime for the company: The amount of downtime a company can cope with largely depends on what type of company it is. For example, an e-commerce company or other digital service company will only be able to tolerate very little downtime than perhaps another company. Therefore, when creating a disaster recovery plan, it is important to know how much downtime a company can handle. It should be noted that the tolerable downtime can vary significantly depending on the importance of the IT resource or asset for the company.

For this consideration, metrics such as maximum tolerable downtime (MTD), recovery point objective (RPO), and recovery time objective (RTO) are important to know. Determining these metrics should be done for each critical asset that has been identified and identified as relevant to disaster recovery planning. On this basis, it can now be determined which IT resources must be prioritized and what a successful disaster recovery scenario should look like.

Checking the Service Level Agreement (SLA): In the event that technology or important processes have been outsourced, it must be ensured that the service level agreement can take effect in an emergency. It is advisable to check exactly what defines an emergency in detail. In addition, a time frame must be defined for when the company can put the systems back into operation. A concluded contract must also explain what happens if these promises cannot be kept by the service provider.

Check insurance coverage: Insurance coverage is a must for any business, but not every type of business insurance will help in the event of a disaster. It is therefore appropriate to review current policies and ensure that there are no gaps in coverage. For example, sufficient coverage should be available to include the indirect costs of a hacking attack (e.g. business disruption) as well as direct costs such as property damage. Insurance is also offered specifically for hacker attacks. However, it should be noted that a number of conditions must be met.

As of 10/30/2020

It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. You can find detailed information in our data protection declaration.

Consent to the use of data for advertising purposes

I agree that Vogel IT-Medien GmbH, Max-Josef-Metzger-Straße 21, 86157 Augsburg, including all companies affiliated with it within the meaning of Sections 15 et seq. AktG (hereinafter: Vogel Communications Group) my E e-mail address for sending editorial newsletters. Lists of the respective associated companies can be accessed here.

The content of the newsletter extends to the products and services of all the companies mentioned above, including, for example, trade journals and specialist books, events and trade fairs as well as event-related products and services, print and digital media offers and services such as other (editorial) newsletters, competitions, lead campaigns, Market research in the online and offline area, subject-specific web portals and e-learning offers. If my personal telephone number was also collected, it may be used for submitting offers for the aforementioned products and services from the aforementioned companies and for market research.

If I call up protected content on the Vogel Communications Group portals, including its affiliated companies within the meaning of §§ 15 ff. AktG, I have to register with additional data for access to this content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here.

right of revocation

I am aware that I can revoke this consent at any time for the future. My revocation does not affect the legality of the processing carried out on the basis of my consent up to the time of revocation. In order to declare my revocation, I can use the contact form available at as one option. If I no longer wish to receive individual newsletters to which I have subscribed, I can also click on the unsubscribe link at the end of a newsletter. I can find more information about my right of withdrawal and how to exercise it, as well as the consequences of my withdrawal, in the data protection declaration, section Editorial newsletters.

READ:  What is DevSecOps?

Creation of a disaster recovery plan: After a list of assets, potential risks and acceptable downtimes has been developed and evaluated, solutions for each of the potential scenarios must be found.

Responsibilities in case of attack: In order for the recovery plan to be successful in an emergency, the responsible employees must know exactly what they have to do when the plan goes into effect. Each employee must be given clear instructions and a written copy of the disaster recovery plan.

Test runs for the disaster recovery plan: The final step in creating a disaster recovery plan is to actively put it through its paces. This requires the responsible members of the team to practice the respective actions they would take during a real disaster. This could be simulated with a parallel network or in the existing network. At the same time, it’s a good idea to test backups, since backups are a key component of the larger disaster recovery plan.

Conclusion

By completing these outlined steps, you can begin to create a disaster recovery plan for a company. It is important to remember that the ideal recovery plan for a company must be as unique as the company itself. Every company has vastly different needs and resources, both of which should be reflected in a well-constructed disaster recovery plan.

(ID:49240866)