While it’s ideal to always hope for the best, when it comes to protecting our business, we sometimes need to be prepared for the worst.
Our growing reliance on technology and digital processes leave us vulnerable to cyber-attacks, security breaches and more.
To put it politely – “stuff” happens.
And when that same “stuff” hits the fan, and disrupts or threatens the day-to-day running of our business, we need to have a plan in place to lessen any fallout.
Here we detail how to assess real risk and create a digital disaster recovery plan that can lessen stress, while saving you time and money.
The first step is to figure out where your business is potentially at risk.
In terms of digital threats, if you use any software at all within your company, you are at risk of cyber hacking, phishing, malware attacks and more.
Ascertain how these threats could enter the business. Think about the number of devices (both work-owned and personal) that your employees and customers are using to share information.
Personal tablets, smartphones and home laptops can all act as open doorways into your company and its data.
If this exercise feels overwhelming, remember that investing some time now, will help you in the future. There are risk assessment templates online and government guidelines that can get you started. See here for Australian and New Zealand specific advice.
To be able to identify your primary assets, the things your business relies on to succeed, and create a plan to protect those assets, you’ll need to get all department heads involved.
Small and medium sized businesses have a lot of moving parts and collecting intel from your team leaders, asking them where they think some vulnerabilities could be and what is most at risk, will ensure your recovery plan is comprehensive.
Do we need to say it one more time?
Backing up critical records, and making sure all of your IT applications and essential data isn’t kept in just one storage base, will mean that should a site-wide failure occur, your IT team can get you back to pre-disaster state quickly.
Consider your storage needs and look at different data storage options to ensure you have more than one way to retrieve any information that is lost or hacked.
Part of your recovery plan, should a digital disaster strike, is knowing how long it’s going to take to get your business operational again. Is it minutes, or hours?
Additionally, it’s vital that the plan identifies who is responsible for recovering your systems. Who is putting the plan into action?
And, if the recovery period is going to take time, do you need to assign tasks to others who can reassure customers or suppliers that the pause in communication or operations is temporary?
Once you know who is in charge of every aspect of the recovery plan, ensure it is properly documented and communicated to your team. After all, a great recovery plan is useless if no one knows about it.
A test run of your disaster recovery plan is going to take time and resources, but don’t be tempted to skip this step because it’s a big one.
Through testing your plan and recovery methods, you’ll be able to identify errors and gaps and rectify them, without the pressure of the real deal.
You may also discover better ways of recovering data or quicker methods to get your services back up and running.
Trust us – a small investment now, could result in huge savings in the future.
Even the best, most diligent plan can’t always fix or recover everything, so as a final step cyber insurance can give you an extra layer of protection.
The average cyber breach costs upwards of $250,000 and with small and medium-sized business being the most at risk, having a cyber insurance policy in place to protect you isn’t just smart. It’s essential for the survival and longevity of your business.
As your brokers/advisers we can help you find the right kind of cyber insurance for your business. Talk to us today.