Every tech leader knows the adage, “It’s not if you’ll be hit with a cyberattack, but when.” The last thing a business and its tech team want or need is to be scrambling to react on the fly to a breach; therefore, developing a thorough disaster recovery plan is essential. However, many businesses overlook critical aspects of a well-rounded plan, which can lead to longer recovery times, higher cost impacts and lost trust.
To protect your team, customers and data—and your overall business health—it’s important to dig deep into the details when creating and reviewing a disaster recovery plan. Below, 16 members of Forbes Technology Council discuss essential factors to cover in a disaster recovery plan that many organizations overlook and why they’re so important.
1. Stolen Credentials And Active Web Sessions
Organizations often neglect to address the data exposed in the attack. Many security teams simply wipe infected devices without considering the credentials a criminal may have taken. Exposed authentication data can be used for follow-on attacks such as session hijacking and ransomware. Recovery plans must include resetting stolen credentials and invalidating exposed applications’ active Web sessions. – Damon Fleury, SpyCloud
2. A Retrospective
A disaster recovery plan must include a well-run retrospective that covers realistic action items, with owners and a timeline for completion. Incidents are invaluable learning opportunities, but it takes discipline to spend the extra time turning those lessons learned into actionable improvements for your organization. – JJ Tang, Rootly
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
3. Protecting Backup Data
In an emergency, you have to know your backup data is protected. Bring your own key is an invaluable tool for keeping backup data secure—the attacker only has access to encrypted data, rendering it useless to them. With the myriad concerns related to maintaining business continuity, knowing you have an extra layer of security such as BYOK offers peace of mind and maintains compliance. – Ameesh Divatia, Baffle, Inc.
4. Practice
Is a plan really a plan if it hasn’t been executed or attempted? I think not! It is only a plan in planning. Instead of waiting till the critical moment of need, practice your plan and see what might be missing or improved upon. Do this for each new plan and then again every three to six months to ensure the plan stays current and effective. – Grayson Milbourne, OpenText
5. A Risk-Based, Zero-Trust Approach
Given the diminishing returns on investments to defend against cyberattacks, it’s critical to take a risk-based, zero-trust approach. Investments should be allocated toward minimizing damage and recovering as quickly as possible. In terms of recovery, the team needs well-defined response plans, communication plans and customer notification policies. – Aaron Harris, Sage
6. Data Criticality
All data is not created equal. Most business recovery plans focus on recovering IT and production infrastructure. One thing that can help further is to ensure that the recovery of data infrastructure is focused on the most critical data. By taking a tiered approach that’s based on data criticality, disaster recovery can proceed more quickly, because the right amount of effort is being spent on the right problems. – Supreeth Rao, Theom, Inc.
7. Regulatory Reporting
Regulatory reporting is an important part of a cybersecurity recovery plan. Each relevant authority has individual notification requirements that must be met. A failure to communicate internally, among teams, can cause missteps in external regulatory reporting, leading to further consequences such as fines. – Kison Patel, DealRoom
8. A Relationship With The FBI
It is very important for a private-sector company to establish a relationship with the FBI prior to becoming the victim of a cyberattack. Developing this relationship before a cyberattack helps both parties understand how to operate, protect information and work together so operations are not disrupted and evidence for a potential prosecution or civil case is preserved. – Christine Halvorsen, Protiviti
9. A Communication Strategy
A missing but crucial element in many disaster recovery plans is a concise communication strategy. It sounds obvious, but keeping communication transparent and unbiased is difficult. This entails keeping stakeholders informed with factual updates on a constant basis, maintaining transparency as the incident evolves and more information is available, and building trust throughout the crisis. – Vladyslav Matsiiako, Infisical
10. Impact On The Team
It’s important to fully understand the impact of one (or several) members of your team being offline for days or weeks. Most disaster recovery plans do a great job of identifying what to do when something goes wrong, but it’s likely that one or more key members of your team may be either tied up with the incident or lose access to their computers for weeks afterward. Plan for losing people functionality. – Lewis Wynne-Jones, ThinkData Works
11. Key Personnel
Disaster recovery and business continuity plans should also include plans for what to do if key personnel are not available. You can have the best DR plan in the world, but if a component of it is dependent on a specific individual and that individual isn’t available, it can come apart quickly. This is especially true for smaller organizations that might have a single key person in a vital role. – Rohana Meade, Synergy Technical
12. Rebuilding Customer Trust
Often overlooked in disaster recovery plans is a strategy for rebuilding customer trust after a cyberattack. This is crucial, because the aftermath of an attack can erode customer confidence. A well-thought-out plan for transparently communicating the incident, the steps taken to address it and enhanced security measures can help regain customer trust and loyalty. – Jagadish Gokavarapu, Wissen Infotech
13. Multiple Data Backups
One of the most important things you should include in your business’ disaster recovery plan is multiple ways to recover your data. For instance, we have copies saved on our computers, flash drives with important backup data and several versions of our sites in the cloud. A breach can happen at any moment. Creating multiple backups is vital to keep your site safe and secure. – Thomas Griffin, OptinMonster
14. A Point Person
Disaster recovery is often domain-specific and can vary greatly depending on, for example, clientele. One thing that all plans should have is a point person who takes the lead in streamlining processes and ensuring the recovery is unified. That doesn’t mean one person who goes it alone; rather, it should be one person with a team. Also, have a plan for how to tell customers their data was exposed. – Jordan Yallen, MetaTope
15. Blameless Accountability
Defending against cyberattacks means countering “blame attacks” too. A culture of avoiding finger-pointing and focusing on issues is key to keeping small issues from growing exponentially. Fear of blame can delay reporting, as staff try to hide or resolve issues in secret (and in vain). A blameless, yet accountable, environment ensures fast reporting and effective fixes and retains staff who make correctable errors. – Rob Tillman, Copy Chief©
16. Cyber Insurance
We recommend that every company has appropriate cyber insurance. The average global cost to a business from a breach is well over $4 million. If you have a breach and then still opt to not get insurance, you’ve missed an important lesson. Carry appropriate insurance and protect your business for many years to come. – Michael Gargiulo, VPN.com
Read the full article here