Due to the uncertainty of the future, COVID-19 effects, election results, and the increased IT risks that occur during and in the aftermath of such monumental events, it is crucial for organizations to be proactive and have a risk-oriented view of their environment. Why? Bottom line is that your business could depend upon it.
Planned or unplanned events that could impede your ability to deliver optimal services may include: production and/or migration failure of systems and/or applications, turnover among key IT staff, man-made and natural disasters, cyberattacks, and malicious activities by known or unknown parties. Any of these events may disrupt or even paralyze an enterprise if proper planning and controls are not in place.
As part of Cybersecurity Awareness month, we recommend that every business takes the time to test your IT infrastructure, and your level of IT resiliency. How confident are you that your organization can withstand or avoid business disruption when the IT infrastructure (hardware, software, communications, data centers/hosting services, and human resources) is challenged by planned or unplanned events?
Test Your IT Resiliency
- Do you have a documented Business Continuity Plan (BCP)?
- Business Continuity Plans are essential to successfully conduct business seamlessly when disruption strikes. Having a working BCP in place in advance of a disruptive event helps to lessen the impact on people, processes, and systems.
- Have you properly tested your BCP?
- Organizations should be able to answer the questions: “What do we need most?”, “How long can we be without it?”, and “How much data can we afford to lose?”. The answers to these questions generate a Recovery Time Objective (RTO) and Recovery Point Objective (RPO). From there, a specific plan to address the needs of each service may be developed.
- Do you have an IT Disaster Recovery Plan (DRP)?
- An IT Disaster Recovery Plan is a documented and tested process or set of procedures which ensures your organization can recover IT systems, services, and data following an event. DRPs should be tailored to your business size, industry, and specific IT infrastructure. The plan will be multi-discipline and include other departments outside of IT.
- Have you properly tested your DRP?
- A risk-based approach will drive answers to “How will we work?”, “Where will we work?”, “What is the impact to the business and our constituents?”, and “Who will communicate to our constituents?”. Once crafted, periodic testing of the DRP should be executed as part of your BCP in order to support business operations.
- Does your organization have a sound backup and recovery strategy for its data?
- Organizations must implement strategies that protect both their data and their ability to access it. The backup and recovery strategy should include routinely scheduled backups of your business’ critical systems. Routine is subjective and driven by RTO and RPO requirements specific to the environment being backed up and recovered.
- Does your organization regularly perform a robust risk assessment?
- Understanding where risks exist in your technology enterprise is paramount to your ability to effectively manage them. Risks exist in aged technology; outdated solutions; access control deficiencies of incoming; existing and departed staff; inappropriately configured systems; poor password management practices; and a lack of employee training and awareness, to name but a few.
- All organizations should perform regular top down risk assessments as a solution to help identify, prioritize, and remediate deficiencies.
3 Steps to Improve IT Infrastructure Resiliency
- Perform an IT ‘Risks and Controls’ assessment.
- Once completed, visibility to high risk concerns will be unveiled and can be addressed. It is likely cyber security will be a strong concern, therefore, network penetration and cyber assessments should also be employed.
- If you host private and/or confidential information covered by HIPPA, GDPR, PCI, FFIEC, or other local, state, federal, or international governing requirements, these services should be considered.
IT resiliency is at the core of an effective IT strategy – designed to ensure organizations can quickly get back to business after something goes wrong, as well as how to protect your organization from threats in the first place.
Contact a K·Coe advisor to perform a thorough IT evaluation of your business, and for strategies to mitigate cybersecurity risks and ensure resiliency.