Don’t ‘WannaCry’ over ransomware? Discover the ultimate survival tool


June 6, 2017

june 6th blog image.png

This year has been fraught with major security breaches, most notably the WannaCry ransomware attack last month. WannaCry infected computers in more than 150 countries and affected major organizations like Britain’s National Health Service (NHS), Spain’s Telefónica and FedEx. As an MSP, we work tirelessly on prevention methods for our clients, from the latest security software and updates to, most importantly, user education.

However, it’s important to realize that while prevention is important, nothing is foolproof – infections can and will happen as viruses continue to evolve. The ultimate tool to ensure survival? A solid business continuity plan with backup and disaster recovery processes.

What is a business continuity plan?

A business continuity plan (BCP) can simply be defined as a roadmap for restoration of mission-critical business functions during and after a major interruption whether it be nature-related (fire, flood) or technology-related (malware, hacking).

A lot of companies think that if they have a data backup plan, they’re covered, but a BCP should not just be an IT document. Rather, it needs to be an all-encompassing, operational compilation that includes:

  • Initial company data, such as important contact information
  • Purpose and scope
  • Guidelines related to what events will trigger the plan
  • Policy information
  • Emergency response and management protocols
  • Step-by-step procedures for all scenarios and departments
  • Checklists and flow diagrams
  • A schedule for reviewing, testing and updating the plan

Business ResumptionPlan.png

Creating your business continuity plan

As we mentioned earlier, your BCP is a comprehensive operational document that will be used by all departments in your company. Therefore, it requires intensive cross-departmental planning and collaboration. The hardest part of putting your BCP together is figuring out all the different areas you need to define. Here are some of the top aspects to think about:

  • Key business activities: What sort of things are crucial to keeping your business running? These include systems, processes and activities. For example, if your business lost phone use for over a day, would this shut down your office? Are you able to forward calls to people working from home?
  • Disasters: What events can be disastrous to your business? The term “disaster” typically covers natural/physical disasters (i.e. water damage from a leaking pipe) and technological disasters (i.e. a crashed server). However, there could be more categorizations depending on your business type.
  • Disaster costs: Before you can start to plan for the potential disasters you may face, you should know what is at stake in terms of revenue. Think about things like labor/resource time (and how much that costs), impact to sales revenue and any other potential losses due to client dissatisfaction.
  • Recovery budget: Now you know what’s important to the business, how that can be derailed and at what cost, you can start to consider how much you are willing to pay for preparedness.
  • Training and review: A BCP is not a static document. Instead, it must continually develop and change along with your business and industry. With this in mind, define how frequently the document should be revisited and how often to meet with and educate your staff.

Although the elements outlined above constitute a solid starting point, this is not a finite list of areas to work out. There are communication hierarchies, processes, vendor considerations and more to think about when creating your BCP. The most important realization concerning your BCP is that putting such a plan in place is not a one-and-done scenario – the document is your go-to survival guide in the event of an incident that will significantly affect your company’s up-time, and it should be treated as such. We encourage you to talk to your MSP (if you have one) about how to get a comprehensive plan together, or download our free template to help you get started on your own!

We're Integris. We're always working to empower people through technology.

Keep reading

Cybersecurity Plans, Policies, and Procedures: A Guide

Cybersecurity Plans, Policies, and Procedures: A Guide

The proliferation of cyber threats has underscored the critical importance of robust cybersecurity measures for organizations and industries. As cybercriminals evolve and adapt their tactics, protecting sensitive data, critical systems, and digital infrastructure has...

Two Access Credentials Best Practices to Adopt Right Now

Two Access Credentials Best Practices to Adopt Right Now

To solidify business continuity, IT Teams, IT Steering Committees, and their MSPs should embrace two durable and future-proof access credentials best practices. Access credentials AKA “email addresses and passwords” are the proverbial combinations for each master lock...

The Real Story: Continuity vs. Backup

The Real Story: Continuity vs. Backup

The difference between continuity and backup is akin to the difference between the pitcher and the whole baseball team. Backup is a part of continuity, but in the IT world of today, it is only a player and not the whole team. The problem is that backup is great if...