Well, a Disaster Happened. Now What?

Posted by Vito Nozza on Oct 19, 2021 10:00:00 AM

Disasters. They can mean different things to different companies. One company might be scrambling without any sense of direction during a malware attack; another company might be as cool as a cucumber. The difference is having a plan in place and the right personnel to help fulfill it. Franz Kafka, a major figure in 20th-century literature, stated, “Better to have and not need than to need and not have.”

In our last blog post, we discussed the importance of having a Business Continuity Plan as part of a comprehensive set of plans to protect the critical assets that your company depends on for continued success. One of the key components of a Business Continuity Plan is the ability to create, implement, and execute a Disaster Recovery Plan. A Disaster Recovery Plan allows a company to respond accordingly to a disaster in all its forms. So, the question is: What’s a disaster? Does it mean that you just lost the ability to do business? If so, how do you recover? How do you ensure that your clients can continue doing business with you? The initial key is understanding what constitutes a disaster to your business. This could be:

  • Server outage issues
  • Human user error
  • Power outages
  • Malware attacks
  • Ransomware attacks
  • Updates that have gone wrong
  • Weather anomalies
  • Fire damage

Once you have created a Business Continuity Plan and know what critical assets you must protect, you can also become more attuned to what disasters are most likely to affect your business. Perhaps your company is not in a flood zone or earthquake area, or you have power backup. However, you may be more susceptible to malware attacks due to the data you are housing. Or perhaps you have a high turnover of personnel due to contracting, and there is a possibility of human errors. All these considerations will lead to you understanding what scenarios you need to prepare for. These scenarios will be key in Disaster Recovery documentation and preparation.

22 Cybersecurity Tips White Paper - Download Now

Now you might be ready to create a Disaster Recovery Plan. Let’s look at the steps you should consider:

  • Start the plan by determining which assets are most critical and what scenarios are most likely to affect you.
  • Identify the potential scope of the disaster. How far could it spread?
  • Designate a team of different business unit leaders who can make the hard decisions.
  • Appoint contacts (both internally and externally) for emergency purposes.
  • Ensure roles and responsibilities are understood.
  • Designate proper backup sites, whether they be in a different state, country, or perhaps in the cloud.
  • Perform scenario testing (tabletop) with the proper personnel to understand actions to be taken during a disaster.
  • Test the backups to ensure that when a disaster happens, data will be available within your expected timeframe.
  • Probably most importantly of all: Maintain the plan to reflect your organizational changes. Don’t leave it on a shelf, never testing or adapting it to your evolving ecosystem.

At ConvergeOne, we have helped many clients create, implement, test, and maintain Disaster Recovery and backup solutions specific to their risk levels and security requirements. Contact us to discuss how we can help you succeed during some of the most stressful times in the life of a business. Remember, as Kafka stated: When you need a plan, will you have one? Ultimately, it’s all about availability—on all fronts.



[Security Magazine Webinar]

Ransomware Readiness:
The Rise of Double and Triple Extortions

THURSDAY, OCTOBER 28TH  | 11:00 A.M. ET

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight. In the last 12 months, we’ve observed successful attacks on our US water supply, a $50M ransom demand on a global manufacturer, and an alarming increase in healthcare and K-12 education ransomware attacks aimed at limiting patient care and student learning.

In this webinar, we will review the following items:

  • How to Prevent, Detect, and Recover from Ransomware
  • Post-COVID Ransomware Landscape
  • Anatomy of a Ransomware Attack
  • Best Practice Strategies to Leverage Immediately

Register Now

Topics: Security, Cybersecurity, Cyber Awareness, Disaster Recovery, Cyber Recovery, Business Continuity


 

Vito Nozza
Vito Nozza  -- Vito Nozza is the Principal Consultant, Cybersecurity Lifecycle Consulting in ConvergeOne’s National Cybersecurity Practice. His career spans 20+ years in Enterprise Architecture, with 15 years specific to Cybersecurity. He has held roles as a CTO, Director, Principal Architect, and Global Security Advisor, which have all led to establishing guidance and consultative measures to SME and Enterprise-grade entities. Vito has been paramount in establishing cloud security, guided frameworks, and disaster/incident response plans, with overall GRC and ERM goals.