Making Cyber Security Part of Your Disaster Recovery

New guidelines are being launched by the government advising businesses to prioritise cyber threats as a key business risk.

Currently under consultation review, the ‘Code of Practice on cyber security governance’ will recommend that businesses boost protections to safeguard themselves, customers, supply chains and staff.

The Code, designed in partnership with industry directors, cyber experts and the National Cyber Security Centre (NCSC), comes as figures show that 32% of firms have suffered a cyber attack or breach in the past year.

And whilst the guidance will be welcomed, Lifeline IT’s Daniel stressed that cyber security should form part of any business’ overall disaster recovery plan – covering everything from fires, floods and data outages through to malicious staff attacks and cyber threats.

“Cyber security is no longer just an IT issue that’s the problem of the IT department – it’s something that affects everyone in the company, as well as external customers, suppliers and legislative authorities. We’ve had quite a few clients coming to us recently asking about cyber risks and the key thing to remember is this is a risk to your whole business and the knock-on effect goes way beyond IT.”

Added Daniel: “Every company should have a disaster recovery plan covering different scenarios and a cyber attack is just one of these. Each business is different so there is no ‘one size fits all’ disaster plan – we would work with a client to assess and then advise on the right plan for them.”

When preparing a disaster recovery strategy, here are some of the key aspects to consider:

• Identifying critical systems – what are the key systems that are vital to your business? Things such as staff, data, access to accounting and software systems and internet services, as well as building resources like heat, light and water.
• Identify the risks to these systems – what are the events or disasters that could potentially stop your critical systems operating? It could be anything from a cyber attack, flood or fire through to a break-in/theft or power cut.
• How to mitigate against these risks – what processes are in place to try and prevent these risks? This could include robust data storage on and off-site, having effective cyber security controls in place, staff training and good server infrastructure.
• Having a plan to get back up and running. As much as businesses can try to mitigate risks there will be occasions when disaster still strikes. In the event of this, it’s about having a disaster recovery plan that can be implemented immediately so the company can start operating again as quickly as possible.