DISASTER RECOVERY FOR SMBS
CONTINUED
work as it is intended if a disaster hits. “Testing a DR plan shouldn’t be a one-time exercise, it should be routinely reviewed, tested and reassessed to ensure that the latest defences in place. Relying on an outdated or legacy plan could put a business at risk in the same way as businesses that haven’t prepared at all. “Another element that is becoming increasingly important is the need for employee education. It’s not enough for internal teams to issue a series of IT policies and procedures with little follow-up. Most cyberattacks occur from human error, so it’s essential that small businesses take the time to educate their internal personnel on how to spot the signs of a potential issue, but also teach them who to report it to – stressing the need for urgency.” Chris Groot, general manager at N-Able, agrees that DR plans need to be tested. “Businesses need to make sure that sufficient training is provided to their staff in the event of a disaster and that regular training sessions occur,” he says. “Everyone needs to be aware of their roles and responsibilities – and this goes beyond technical staff. Management and comms teams need to be part of disaster recovery planning and know what is required of them.”
Anton Shelepchuk VP of worldwide sales
nakivo.com
“
are down. This strategy should also ensure that all relevant stakeholders, such as law enforcement, insurance companies and business partners are promptly notified in the event of an incident. “Another important aspect is the immediate documentation of evidence following a cyberattack. Capturing evidence, such as ransomware messages, is crucial for making insurance claims and assisting law enforcement investigations. The plan should also detail containment procedures, emphasising the need to quickly identify and isolate infected systems to prevent the spread of an attack. This could involve shutting down networks or disconnecting affected devices, with each step carefully outlined to ensure swift and effective action.” Power plays Martin Ryder, channel sales director, Northern Europe at Vertiv, notes that a company’s infrastructure strategy is paramount in keeping operations running and businesses open. “Companies should protect their networks,” he says. “Processes, policies and plans must begin with protecting the critical infrastructure which keeps businesses up and running – not least in the data centre. “Uninterruptable power supplies are a crucial component of any critical infrastructure environment. Without adequate power backup, it’s not just the risk associated with inconvenience or loss of goodwill. Businesses know that an effective provision for backup
Processes, policies and plans must begin with protecting the critical
infrastructure which keeps
Clear framework John says a foundational element of a
businesses up and running – not least in the data centre.
strong DR plan is using a clear framework, such as the NIST cybersecurity framework. “This helps businesses establish a robust cybersecurity model by focusing on key functions: identifying, protecting, detecting, responding and recovering from incidents,” he says. “These guidelines provide a structured approach that applies to businesses of all sizes and allows them to develop effective contingency planning strategies. “A critical component of any DR plan is having a detailed, documented playbook that outlines all necessary steps and procedures during a disaster. This playbook, often referred to as a ‘Yellow Binder’, should be easily accessible, either in hard copy, third party cloud storage, or stored on an external device, ensuring that it remains available even if internal systems are compromised. “Additionally, the plan must include a well-defined communication strategy. It is essential to outline how to communicate during a disaster, including alternative methods if primary communication systems
”
Professor Andy Pardoe
pardoe.ai
52
Powered by FlippingBook