One ransomware infection or data breach can cost a small business over a million dollars. That’s an expense that many can’t recover from. This is why 60% of them end up closing their doors for good within 6 months of a cyberattack incident.
Without proper disaster recovery planning, companies can be more susceptible to an attack and caught off-guard should one occur.
Even larger companies that don’t prepare properly can be taken by surprise and suffer expensive downtime. One example is the ransomware attack on meat producer JBS that caused plants in Canada, the US, and Australia to close for several days. (The company ended up paying over $10 million in ransom to attackers just to get operations back up.)
Many small businesses in Ontario aren’t properly backing up data, testing their data recovery, and don’t have a disaster recovery plan in place. For some, the reason is thinking that only larger companies are attacked or that disaster recovery plans are only for enterprise corporations.
But increasingly, smaller businesses are being targeted, especially by ransomware attackers who can get a few thousand from several small businesses more easily than hitting a larger company.
In 2020, ransomware attacks grew by 485%, and many of the victims were smaller companies.
A good disaster recovery plan is a simple two-pronged strategy:
- Put up safeguards to mitigate the chance of an attack
- Put recovery mechanisms in place to help you recover fast if you are attacked
Follow These 6 Steps to Get Started with a Disaster Recovery Strategy
1. List Out Potential Work-Stopping Events
Before you can defend against a crisis, you need to know what situations could put your business operations in jeopardy and require you to go into recovery mode.
Some of these, you will have the ability to mitigate (like a cyberattack), while others, you can only be prepared for but can’t really keep from happening (like a natural disaster).
Some potential events that can cause significant business downtime include:
- Ransomware or other malware infection
- Data breach
- A natural or manmade disaster
- Severe winter storms
- Server crash
- Pandemic or other unexpected changes to consumer behaviors
- Data loss incident
- Insider breach
- Accidental data overwrite or deletion
2. Identify Ways to Mitigate Crisis Events
Next, you need to look at ways to address each of the work-stopping events that you’ve identified through mitigation of risk.
What can you do to reduce the risk of one of those events from happening to your company?
One example of how to mitigate a cyberattack would be adding network software for threat detection and avoidance. This would keep your network monitored 24/7 for danger and take action should a threat be detected.
Other mitigation techniques include things like:
- DNS filtering to block malicious websites
- Email filtering to filter out phishing emails
- Antivirus/anti-malware being installed on all company devices
- Ensuring all software is updated regularly on a scheduled basis
- Having remote employees use a VPN to encrypt connections
- Using a password management application
3. Identify Disaster Recovery Mechanisms to Reduce Downtime
Now, you want to look at what you would do should a crisis event occur that causes your business downtime. This involves preparing for the flexibility of anywhere-work should your team not be able to work at the office, and keeping your data protected.
You also want to look not only at data backup but also at your data recovery. If data can’t be recovered quickly in the case of a ransomware attack, many companies end up paying the ransom anyhow just to get operational faster.
In your recovery planning, you should look at:
- Full backup of your data (including cloud-stored data)
- Fast recovery of your data
- Ongoing security and disaster recovery staff training
- Ensuring you have an IT partner that you connect with regularly
- Redundancy (such as a backup ISP provider, or collaboration with a fellow manufacturer for resource sharing in the event of a disaster)
4. Evaluate Your Current IT Security & Disaster Preparedness
Once you’ve identified what you need, it’s time to look at what you currently have in place. What you’re doing in essence is a gap analysis, so you know what gaps you need to fill in order to be well prepared to both ward off and recover from an unexpected disaster.
Working with an IT professional like PartnerIT can save time during this step and ensure you have a thorough analysis of your risk and the needed steps to mitigate it.
5. Develop a Plan & Budget for an Upgrade Plan to Fill Gaps
Now, you’ll want to create a plan to fill any gaps you have so you can properly prepare your business for unexpected disasters.
If you lay out an upgrade strategy over several months, this can make the entire project seem much less daunting and you can also better budget for the upgrades. We can help you prioritize, so you’re tackling the most important gaps first.
6. Test Your Disaster Recovery Plan Regularly
Test your disaster recovery plan and conduct drills with your team regularly. This greatly increases your chances of a speedy recovery back to operations should a crisis happen.
Need Help Putting Together a Strong Disaster Recovery Plan?
PartnerIT can walk your Ontario business through all the steps of proper disaster recovery planning to help you ensure you’re prepared for anything.
Contact us today to learn more at 519-672-0900 or through our website.