If the worst happens would you be able to recovery your business? For all the good controls we have defined there are still risks that can impact your business. For example, a fire or flood could disrupt your IT as much as a ransomware attack.
The key is to have a backup and recovery plan and to review it regularly, making sure it covers the most likely eventualities and that you are capable of executing it. This familiarity will remove panic from the incident should the worst happen and significantly decrease the time it takes to recover.
Keep the plan simple, from your Inventory create a high level list of services and associate a business priority to them. Now brain-storm the potential risks which may affect any high priority services and ensure you have a plan to recover them. For example, you may find you do not have adequate backups or sufficient skills to execute the plan in a timely manner.
When responding to a security incident a 6 step process can be followed. The bullets below are a high level summary of the process which we will explore in a future blog post on incident response (Subscribe to our mailing list to keep updated):
- Prioritise your service, develop and test a recovery plan
- When something happens make a decision early whether to initiate the plan or take a different course of action
- Stop the incident from getting worse before starting recovery
- Make sure the cause of the incident has been removed before proceeding
- Resume service
- Recover in a structured manner
- Lessons learnt
- Review all of the previous steps and make improvements for next time
Finding out your plan doesn’t work when you need it most isn’t a good idea. Although it’s a pain, try and run one of the plans every 6 months. Review the lessons learnt and implement fixes or improve the process. Like me you may be too trigger happy with a delete button so my file level backup solution is tested quite frequently. Therefore, spend your time testing the less well practiced processes.
It’s easy to think the worst won’t happen or if it does that you’ll be OK. With a little bit of planning recovery will always be far quicker and more effective.
To keep up to date on all our posts in the series and others go to www.rminfosec.co.uk/subscribe today.