This article was originally published in March of 2020, just as stay-at-home orders were being issued in the United States due to COVID-19. Since then, work as we know it has changed, vulnerable industries have seen an increase in cyber threats, and a business’ cybersecurity posture is more important to consumers than ever. It is through this lens that we re-introduce the importance of Business Continuity in the event of a cyber attack.
Data breaches, natural disasters, global pandemics. Business leaders can’t control when disaster strikes. What they can, however, control is how all areas (HR, IT, marketing, accounting) of the business respond to a disaster event.
Understanding the risk and potential for a disaster is one important part of being a leader. Leaders must help create an actionable response protocol that minimizes the damage invoked by a disaster event.
Business continuity planning and disaster recovery programming revolve around the notion that by protecting an enterprise from the effects of a natural or human-induced disaster, organizations are better able to withstand downturns. It is important to note that business will drive the technology decisions when creating a disaster recovery road map, technology should not shoe horn business interests to into less than desirable solutions.
The importance of backups in business continuity planning is sometimes misunderstood. To understand more about the difference between data backups and disaster recovery, check out our article here.
What Is A Backup?
Data backups are copies of the files that enable a full restore. There are at least a dozen different backup types, many of which can be used concurrently. Not only can the type of backup vary, so can the backup process.
Traditionally, backups were physical copies. Many IT departments today may be familiar with – or still use – tape backups. While tape backups are still useful, there are newer, more effective ways to backup data. Virtualization provides more effective, strategic backup tools, like snapshots, replication, and live migrations.
Why Backups Matter – Ransomware And Business Continuity
Let’s use the pervasive threat of ransomware as an example. Cybercriminals lock-down and hold hostage your data. Pay up, or lose every data asset you have – and, in some cases, wait for the criminals to publish your data on the web for all to see. But’s not just your company’s data that is at stake, in addition to sensitive financial data or company secrets, there is client data and even employee data to consider.
In this scenario, what can you do?
No Backups? Bad For Business
If you haven’t backed up your data, there’s not much you can do. You either ignore and try to move on without your data, or you negotiate and pay-out to the criminals, hoping they are honest to their word and return your data. In some cases, the latter may be your best, according to reports by Forrester and ZDNet.
The FBI, on the other hand, continues to discourage businesses from paying ransoms, as it directly funds increased attack vectors and comes with no guarantee. We highly recommend taking a look at the FBI’s Ransomware Prevention and Response for CISOs.
Backups Save The Data
If you did backup your data, you may be in luck.
Strategic, off-site and off-network backups are the only effective recovery methodology for ransomware. While there may be some discrepancy between your last backup and when the data lockdown occurred, most data is typically recoverable.
But Not Always The Reputation
It’s important to note that even a good backup strategy cannot replace the prevention and mitigation elements of data protection and disaster recovery programming. You may succeed in business continuity – returning to operations – but a data breach can have enormous consequences in how your clients view you and your business.
To learn more about the interesting intersection between disaster recovery, business continuity, data protection, and cybersecurity, check out our latest guidebook: The Crossroads of Data Protection.
The Importance Of Backups In Business Continuity – Disasters
Ransomware is just one example of how backups can mitigate the affects of a disaster. Disasters, however, are a far larger category.
The recent outbreak of the coronavirus provides further proof for the value of data backups. Not only has there been an enormous increase in the number of coronavirus-related cybercrimes (i.e. phishing, malware, spoofed sites), but organizations have had to dramatically tailor work environments and operation protocols.
While swift change is a necessity in business,
it also increases the risk a business takes on.
Simultaneous changes can exacerbate that risk.
For example, if a manufacturing company has to move a majority of employees to a remote environment, stop multiple production lines, shift production timelines, and manage increased employee health risks, that manufacturing company has effectively multiplied its business risk fourfold!
Take Action: Do A Backup Checkup
One issue we see time and time again with our clients is a failure to regularly check and modify backup and disaster recovery programming. An out-of-date or untested backup policy is about as good as no backup policy; it is rarely effective and often wastes valuable resources – like your employees’ time.
Here’s a quick run-down of the items you’ll want to check off:
- Backup and Disaster Recovery Team
- Completed Risk Assessment
- Identified Mission-Critical Facilities, Resources, and Functions
- Aligned Backup and Disaster Recovery Program
Bring in the Experts
While we preach that testing and retesting your business continuity is essential, we understand that valuable resources simply cannot be devoted to “what if” scenarios. Mindsight can help. By bringing in outside help that acts as an extension of your team, you benefit from a dedicated resource without investing at the in-house level by bringing on new staff or providing new training to already overloaded employees. By working with a managed services provider, you can instead focus on delivering the services and products on which your clients rely.
Join us on May 18th, 2021 for our Virtual Event, Data Protection in 2021: Reducing Your Exposure. Mindsight’s CIO Tad Gralewski will be covering lessons learned in 2020, how to approach your DR road map, and critical components to keep in mind when finalizing your overall strategy.
Contact us today to discuss your business continuity plan.
Mindsight is industry recognized for delivering secure IT solutions and thought leadership that address your infrastructure and communications needs. Our engineers are expert level only – and they’re known as the most respected and valued engineering team based in Chicago, serving emerging to enterprise organizations around the globe. That’s why clients trust Mindsight as an extension of their IT team.
Visit us at http://www.gomindsight.com.
About The Authors
Eric White is Chief Technology Officer and VP of Consulting Services at Mindsight. With over ten years of experience in information technology and leadership, Eric excels at implementing network and data center technologies, designing high-yield solutions for the business. Holding professional certifications from Microsoft, VMware, and EMC, as well as the Cisco CCNP, Eric is an expert at solving business realities with a client-centric focus that delivers.
Siobhan Climer, Mindsight’s Technology Writer, writes about technology trends in education, healthcare, and business. With over a decade of experience communicating complex concepts around everything from cybersecurity to neuroscience, Siobhan is an expert at breaking down technical and scientific principles so that everyone takes away valuable insights. When she’s not writing tech, she’s reading and writing fantasy, hiking, and exploring the world with her twin daughters.