By Jamie Zajac, VP Product Management at Carbonite, an OpenText company
Right now, disaster seems to be all around. The headlines help remind us of the natural disasters from coast-to-coast, and let’s not forget a global pandemic that has led to lost time, productivity, and impacted bottom lines. Cybercriminals don’t slowdown in the face of disaster—in fact, quite the opposite. Just like hackers have used the coronavirus pandemic to launch COVID-related malware scams, they are also known for using hurricanes, wildfires, and other life-altering events to exploit vulnerable systems. The setup of an organization’s cybersecurity posture and overall cyber resilience strategy can make or break the ability to adapt. But, with the right protection in place, you can establish the resilience needed to maintain data access during a seasonal storm – and all year round.
Adverse events catch both people and businesses off guard. And while it’s reasonable to anticipate highly impactful outages such as a debilitating storm, the reality is that less catastrophic events are far more commonplace when it comes to data loss. Everyday scenarios – leaving a laptop on an airplane, dropping a phone in the sink, or accidentally deleting a folder and having the recycle bin policies expire – require sound back up planning to minimize downtime and data loss. Whether it’s just another day or the apocalypse, with the right cybersecurity practices is in place, your information will be protected.
Whether it’s a lack of awareness, the complexity of systems, or the perceived difficulty of deploying security solutions, too many individuals and businesses fail to be proactive about safeguarding their data. Both cybersecurity and data protection are frequently overlooked priorities until it’s too late. Often thinking “it won’t happen to me” … until it inevitably does. After the fact, recovery requests are far more time-consuming, expensive and ineffective than having a cyber resilience plan in place from the start.
Businesses have struggled and even been forced to closed due to data loss. Or, brands suffer because hackers have stolen their data, facing reputational risk with current and prospective customers. Simply put, studies show consumer trust can suffer after an attack. And as compliance requirements and privacy requirements evolve, more and more businesses, particularly small businesses, face these risks.
Historically, hurricane season is prime time for system outages. Before that happens, prepare for the unexpected. Here are three key steps you can take to strengthen cyber resilience:
- Anticipate your office being unavailable – Like the physical disruptions we’ve experienced with the COVID-19 pandemic, anticipate IT infrastructure becoming unavailable. Can you run systems in the cloud? Can you access a cloud backup quickly? DRaaS is a life-saver for businesses susceptible to hurricanes and other acts of nature.
- Back up everything, not just some things – Many people realize too late that they only chose to back up critical systems. Those “second-tier” systems are also necessary to run the business. It’s better to have everything backed up than to be missing something. You can often save costs by tiering your backups or having different recovery objectives for different systems. But don’t skip backing up some systems.
- Test your backups – Know whether you can recover systems within the time required.
When it comes to hurricanes and natural disaster risks, specific security-related concerns should also be considered. Having protocols and proper training on best practices are vital in enhancing cybersecurity for remote work. Training is key to keep security top-of-mind and ensuring network users know the common pitfalls. Whether employees are remote temporarily or full-time, people are often more distracted and susceptible to phishing and social engineering when they are at home. A security suite that includes cloud-based anti-virus and anti-phishing protection could be the game-changer that keeps your organization’s data protected, no matter where your employees are.
Furthermore, no recovery plan is complete without backup. Aligning established objectives before disaster strikes is the only way to ensure recovery processes are enough to protect against threats, forecasted, or spontaneous. On an endpoint, fast file backup and recovery means only losing minutes of data and ensures files are available in a web interface for quick access. With servers, tiered systems into mission-critical applications are required and use a very low RPO solution, such as DRaaS. Non-mission critical infrastructure can withstand a few hours or days to get running again. If a given system is offline, at what cost is it coming to the business?
Never let a good catastrophe, or the threat of one, go to waste. Use this hurricane season to make sure you have a robust cyber resilience plan that covers all the above. And not just for disasters, but for all the ways you can lose access to data. In rain or snow, drought or fire, or just staying at home, everyone has the right to be secure in a connected world.
Jamie Zajac, VP of Product Management, has over 10 years of experience designing, implementing, and maintaining high availability solutions for small and large enterprises. In her role at Carbonite, she leads a team making endpoint security and data protection simple for MSPs, SMBs, and enterprise customers. Jamie holds a B.S. in Meteorology and Computer Science from Emory-Riddle Aeronautical University and an MBA from UMass.