Creating a Disaster Plan to Ensure Your Company’s Security
by Paul C. Ursich, CPA, and Robert Risk, Wiss & Company LLP –
May 22, 2017
When it comes to defending your enterprise from undefined catastrophes, traditional disaster recovery tactics are no longer adequate. If cyber terrorists seize your company’s critical information, or if human error or natural disasters erase your company’s data, your resources cannot be swiftly returned by outdated recovery methods. To sustain your company’s position in a combative marketplace, it is vital to form a modernized disaster planning solution customized to fit your needs. By using judicious, solid components of recovery, such as business continuity planning (BCP), disaster recovery (DR) and penetration testing, your business can diminish losses and emerge from misfortunes relatively unharmed and ready to persevere.
There are comprehensive steps to devising and enacting a suitable disaster plan. The following points outline the roadmap to ensuring your company’s security:
1. Business Continuity Planning
From minor to catastrophic adversities, businesses can face myriad inconveniences in their lifetime. Fortunately, BCP can assist companies in marching forward and continuing operations through hardship. A solid BCP should include a cyber insurance review. Cyber insurance helps businesses mitigate the risk of a data breach or network security failure. The method encompasses steps such as singularizing latent threats, determining the extent of these threats, employing precautions and measures aimed to mitigate said risks, testing defenses, and redesigning the formation to confirm it is up-to-date with the latest features and components.
However, it is important to note that although BCP can help a company prolong business-as-usual when confronting common misfortunes like fires or floods, the strategy is not as valuable if the disaster affects a hefty sum of the populace, such as a disease outbreak. One example would be a finance establishment that backs up its data offsite. If something were to happen to their headquarters, satellite offices would be able to retrieve vital information and help the business to continue to operate.
2. Disaster Recovery
To shield businesses from sweeping catastrophes, disaster recovery efforts can assist in the recovery of an organization’s software, hardware and data, as well as the recommence of standard, critical business functions. As a slice of BCP, disaster recovery plans consist of calculated and extensive planning, assessment and possibly an isolated site for restoring corporate operations. Moreover, though the majority of DR planning concentrates on recovery of data, companies must recognize the multifaceted prospects of disasters, such as illnesses that can wipe out staffing, and consider them when designing a DR plan. The plan must be inclusive and understood by key staff members so they can act accordingly when a disaster strikes. It should also be updated when staff join or leave the team, a new branch office opens, or new software or hardware is added.
3. Penetration Testing
An effective weapon against any disaster that crosses your company’s path is the execution of a penetration test. This effort can proficiently gauge the security of your IT infrastructure by carefully attempting to unearth any vulnerabilities. These weaknesses may subsist in operating systems, service and application faults, unfitting configurations, or perilous end-user behavior. Such examinations are also advantageous in authenticating the efficacy of defensive appliances as well as end-user observance to security procedures.
The swift stride of change in the industry, coupled with the menace of information loss in small or massive data platforms, elevates the importance of augmenting protection against malintent or disasters. Since catastrophes materialize in a variety of forms, your company must have a vigorous and well-tested disaster plan equipped to safeguard your business and its resources. Disaster planning commands a novel way of thinking, where businesses can take advantage of fresh technologies that can maintain pace with data evolution and the preservation of valuable information from unforeseen setbacks.
Robert Risk is the director of technology advisory services at Wiss & Company LLP, where he specializes in strategic business decisions, system implementations and aligning information technology with organizational goals.
This article appeared in the May/June 2017 issue of New Jersey CPA magazine. Read the full issue.