Understanding Disaster Recovery
As a society we have become increasingly reliant on technology. It helps keep us organized, increases our efficiency, and even cuts operating costs. But what happens when disaster strikes? Gone are the days of opening with a paper schedule, grabbing a chart, and calling the client. How would you return to normal operation if all the technology in your office were to become unavailable? How would you do it in a timely manner? A Disaster Recovery Plan (DRP) will help you answer these questions and know what to do if you ever find yourself in this position.
Creating a Plan: An effective DRP, typically contains the following:
- Business Impact Analysis: Identify critical functions within your practice and the impact to those systems. This will help to prioritize critical systems and data.
- Perform a risk assessment: What are the threats to your business? Cyberattacks, natural disasters, etc.
- Develop strategies to minimize the impact: Data backup, system restoration, alternative work sites.
- Document the plan: Work with your IT and cybersecurity company to outline the steps that will be taken in a disaster.
- Training and communication: Ensure your staff understands the role they will have in your Disaster Recovery Plan
More common examples to be prepared for are:
Natural Disaster
- Do you have an off-site or cloud backup of all critical data?
- Is all hardware secured?
- Do you have a way to communicate if office lines are down?
- What type of disaster happened? What is the impact on the employees?
- How will it affect their ability to work?
- Ransomware Attack
What Systems are affected?
- Isolate the impacted device, disconnect any internet access to that device.
- Contact your IT and cybersecurity provider.
- Do you have recent backups?
- Important: Do Not Erase or Modify Anything until contacting a cybersecurity firm.
Virus/Malware Incident
- Have you contacted your IT?
- Do you have sufficient Anti-Virus installed and up to date?
- Work with your cybersecurity team to execute a scan of impacted devices.
Email Compromise Incident
- Change your password!
- If it is an Admin account: Check for other users that may have been added or deleted. Can you account for everyone listed?
- Notify all recipients of spam emails that may have been sent.
- Force sign out of all devices and sessions.
- Revoke MFA sessions and Renew them. Tip: Do not use push notifications!
There is a lot to consider as you are creating your practice Disaster Recovery Plan, but Cytek is here to help. We are happy to work with you and your office to create a DRP specific to your office needs. Contact us at [email protected] to discuss how you can get started with Disaster Recovery Planning. Being prepared before it happens is the first step to a quick recovery!