One in five organizations experiences an unplanned incident such as power outage, fire, flood or malicious attack in any given year, something that could impact business continuity. That’s why a good disaster recovery plan is so important. It safeguards a company’s IT infrastructure and minimizes financial loss as a result of a disaster. However, not all companies implement security planning solutions properly. Here are three of the biggest disaster recovery mistakes — and how to avoid them.
1. Not Testing a Disaster Recovery Plan
Businesses that fail to test their business continuity strategy are unlikely to recover data in an emergency. These companies will struggle when disaster strikes and find it difficult to restore business applications. One-third of all organizations that have a business continuity strategy only test their disaster recovery plans once or twice a year, while a quarter of them have never tested their plans.
Testing lets businesses prepare for unexpected events and validate their disaster recovery initiatives. IT staff should test every possible scenario — natural disaster, power outage, malicious attack from hackers and so on — so they know how to respond quickly and efficiently. They should also modify their disaster recovery plan when necessary. Although testing is expensive, businesses should aim for a full-scale test at least once a year.
2. A Disaster Recovery Plan Is Outdated
Cyberthreats are continuously evolving, so an outdated disaster recovery strategy won’t be much use in an emergency exposure situation. Common IT threats, such as hardware and ransomware, continue to pose a significant risk for companies that exchange information online. However, new threats — like hackers who target wearable technology and connected cars — could impact businesses with antiquated business contingency plans.
Keeping a disaster recovery plan updated is essential. All IT infrastructure — hardware, data centers, servers and the like — should be checked for security vulnerabilities, for example. Physical computer systems that have a virus need to be repaired or replaced immediately, too, or valuable data could be compromised — something that could prove critical for any business. Research shows that survival rates for companies without a proper disaster recovery plan stand at less than 10 percent.
3. A Disaster Recovery Plan Is Too Dependent on a Cloud Provider
Disaster recovery is pretty much synonymous with the cloud. This technology continuously backs up data and keeps it safe so companies can access it in an emergency. However, over-reliance on a cloud provider brings multiple problems. Forty-nine percent of IT professionals fear unauthorized access to their customers’ information whey they use a cloud service, while 43 percent believe there are security defects in cloud technology.
This is why it’s important for businesses to choose a trustworthy, reputable cloud provider, and one that serves their unique security needs. Vendors should provide companies with a simple way to deploy and manage their software, for example. The cloud is still susceptible to DDoS attacks, hacked interfaces and APIs and data breaches, so companies should opt for a vendor that keeps their data safe at all times.
Forty percent of businesses said that their disaster recovery plan wasn’t very effective when an emergency occurred, according to a 2014 study. Periodical testing, an up-to-date security plan and a reputable cloud provider, however, can fortify business continuity after an unforeseen event, and get a company back on track.
Source: SANS ISC SecNewsFeed @ January 31, 2017 at 02:12PM