Since the corona pandemic, IT departments have shifted their focus to IT security. They doubled down on protections to stop hackers from stealing data while launching a record number of ransomware attacks . In the process, many specialist departments have lost sight of other threats that can cause as much damage as an attack. Recency bias describes the disproportionate, cognitive focus on recent events compared to the overall picture of historical events.
Don’t Forget To Back Up Your Data
Human error is still the leading cause of data loss . Studies show that companies lose almost five times as much data through accidental deletion and overwriting as criminal incidents. Random configuration, application, and user management errors can also crash systems, erase data, and cause costly downtime.
Natural disasters are also a growing problem. The flood disaster in Rhineland-Palatinate claimed many lives and left a trail of destruction in its wake. Experts expect that climate change will cause more extreme weather events. In addition to the humanitarian consequences, natural catastrophes also have an economic impact on the respective regions: the damage from such a catastrophe can quickly run into the billions – and IT systems are, of course, among the damaged parties and thus the data.
This shows that the increased attention to IT attacks is justified. Still, companies urgently need to renew their disaster recovery (DR) strategy to do justice to the threat situation. They need to invest in employee training, automate functions in the DR process, and ensure DR plans and procedures are designed to deal with sudden, unforeseen incidents. Data backup is part of emergency plans like IT security. Otherwise, gaps remain.
If entrepreneurs do not take this into account, their operations will suffer. According to a study , 94 percent of companies that suffer a catastrophic data loss do not survive it. Forty-three percent will never reopen, and 51 percent will close within two years. According to our 2021 Data Protection Report, those that keep going will lose $84,650 an hour in lost revenue and productivity. You lose even more than that: the loss of customer trust and damage to the brand weighs heavily, plus factors such as reduced employee morale and the diversion of funds and skilled workers. There is also the threat of litigation and regulation, which can significantly impact company valuations.
Training Of Employees
Training staff is a good start to improve the situation. Any company that hasn’t rolled out a fresh round of cybersecurity training for its employees during the pandemic should now make it a top priority. This should include standard best practices ranging from following incident reporting procedures to choosing solid passwords to avoid phishing scams. This training should also apply to IT operators. Namely, configuration errors can be avoided by following a set of best practices. These include creating a single configuration source, easily tracking configuration changes, and using DNS service names for all services. Because there is no way to test every possible condition, application errors will still occur. However, regular review and updating of testing procedures can improve performance and reduce the number of careless mistakes in daily practice.
Automation Of Operations
Automation should now also be a high priority. Not only does it reduce human error in day-to-day operations, but it frees employees up for more strategic, overarching tasks. This applies to IT as well as to the employees in the office. Companies have increasingly invested in automation technology in the last two years and should continue to increase productivity and ensure a higher level of security. In particular, automating the disaster recovery process can save time and speed up the overall response. Today’s applications and datasets are larger, more complex, more distributed, and more interdependent than ever before. This makes the successful recovery of even a single application – let alone entire branch office data and systems – incredibly difficult. This makes the orchestration of recovery processes an indispensable tool.
Given the high level of risk, now is a good time for organizations to look at their contingency plans and procedures to ensure they can be implemented quickly. Here are some tips to guide you:
- Check the Details: Having a program that is up to date and validated against an organization’s specific business needs. Needs have likely changed since the pandemic began. If you haven’t reviewed your plan in over a year, this should be a top priority.
- Check your documentation: Having easy-to-understand, comprehensive documents during system recovery can save you time and reduce stress. Creating these documents is time-consuming, and they should be constantly checked – preferably by the people who have to use the documents.
- Update Identity Management: As services have changed, gaps in access management are likely to have emerged. Ensure the right people are authorized to perform critical system functions when systems are unavailable.
- Rethink DR/Resiliency Plans: With the increasing use of external devices, organizations should revise their plans to ensure end-to-end protection, from the workforce to the endpoint.
- Reinforce testing: Test each application individually to ensure you meet your key metrics — most notably the recovery time (RTO) and recovery point (RPO) objective.
Cyber attacks are on the rise, and companies need to take a hard look at how to protect against them; so far, so good. But disasters come in different forms to companies. Therefore, to ensure the organization is covered in the event of an attack, IT departments should be mindful of modern data protection and ensure their recovery plans and procedures are in place. Data backup must be part of the contingency plans. Ultimately, the well-being of the business depends on it.