- Security TWENTY
- Women in Security Awards
Business as usual? Managed continuity and disaster recovery is a priority, says John Brett, pictured, Operations Director at the IT and networks firm Nexus Open Systems.
Maintaining business as usual in the event of an unexpected situation is crucial for organisations from a reputational and financial perspective, however it is becoming increasingly difficult to guarantee. Modern businesses are having to contend with more sophisticated threats each day, online and offline. From a practical point of view, preparing to deal with the consequences of an outage is just as important as defending against an attack in the first instance. Still it is something which is not sufficiently prioritised.
Price of outages
It is estimated that 65,000 cyber-attacks are carried out each day against small businesses, costing them over £25,000 in basic ‘clear up’ costs. IT outages also come at the expense of your customer base. In a competitive marketplace with the added pressure of high customer expectation, prolonged downtime and data loss will reflect poorly in the eyes of the customer. Companies must be doing all that is in their power to mitigate risk and ensure services can resume as normal to maintain the trust of customers. Dealing with the aftermath of a cyber-attack is so costly for businesses, in part because many do not have robust Business Continuity and Disaster Recovery (BCDR) in place. Indeed, almost 50pc of UK businesses are not even confident in their business continuity plan.
This is often because organisations, particularly small-medium businesses (SMBs), are not following best practice for business backups. One survey from Beaming found that around half of UK companies keep their data backups onsite in a separate system, which still leaves information at risk from physical threats. Furthermore, 17pc of respondents have no data backups whatsoever.
What is best for business continuity?
An effective BCDR strategy considers the entire IT environment, from hardware to applications, putting the relevant procedures and systems in place to protect and restore data as necessary. It will be tailored to the company’s unique requirements and plan for the specific risks your business might face. It will also determine the critical systems which need prioritising in the event of a disaster, for instance a CRM database.
It may be that your company already has a strategy in place, but is it updated with the latest insights? Does it factor in today’s most prolific cyber threats, such as ransomware attacks? A strategy which is outdated in its backup methods and understanding of the threat landscape is not equipped to protect your business.
Planning and implementing business continuity and disaster recovery can be complicated, especially for organisations who are unsure of best practices and perhaps lack the knowledge to determine the right technology to use. Equally, for companies with extensive IT systems requiring continuous monitoring, looking at autonomous solutions is a great asset to support in-house IT teams. Given the scale of risks to consider, a managed BCDR solution can be a cost-effective option to safeguard the business and relieve pressure on the IT department. Compared to an off-the-shelf solution, a BCDR provider will carry out a comprehensive IT audit to identify your needs, potential risks and implement the best defences.
A comprehensive solution which stores data in the cloud and runs automatic backups is essential to protect against every threat vector, from cybercrime and social engineering attacks to accidents such as flood or fire. Cloud backups are more reliable than physical devices as it ensures continuous access to data. Crucially, this provides almost instant data recovery so that operations can resume as normal before the customer notices a difference. The scalability of cloud backup further protects important systems and data as the organisation grows, providing a secure and cost-efficient alternative to onsite disks.
Post-GDPR, companies have a duty to shield customers’ sensitive information as well as their own. Businesses who are found wanting when it comes to their data protection have the added peril of fines as well as losses from downtime and customer abandonment. Many industry-specific regulators also have their own standards to ensure operational resilience. Only recently, Raphaels Bank was fined by the FCA and PRA for failing to review the BCDR of its outsourced service providers. A managed continuity and recovery solution is a vital addition to in-house technicians to mitigate this risk; the provider’s experience often means they are quicker to identify weaker legacy systems, implement more robust alternatives and ensure they are regularly updated.
A provider who is experienced in handling attacks and recovering data also frees up internal technicians to focus on the everyday running of the IT infrastructure. This is the difference between precious files being lost permanently or salvaged, between downtime which lasts for weeks or a matter of hours. Disaster recovery can lead to unexpected costs for businesses, depending on the amount of work required to recover systems. When selecting a managed BCDR solution, it is vital to look for providers who offer fixed contracts to avoid additional costs.
Modern organisations face constant risk from a variety of evolving threats, and this requires a modern solution. Managed business protection offers comprehensive protection and recovery, ensuring that your business stays up to date with the latest procedures. While the likelihood of suffering a systems breach today may be higher, this does not mean that your company is defenceless. Continuous data protection allows business as usual to proceed whilst minimising the risk of a future attack.