The past two years have seen a dramatic change in the way that RedDrum have had to change and evolve to meet the two challenges of cyber-crime and compliance, for their clients. GDPR has been and is still an uphill and continuing task. Many clients are still a long way from where they need to be, despite massive improvements having been made to networks, systems and business processes.
Disaster Recovery Plan (DRP)
The purpose of this series of articles is to advise businesses of the absolute necessity to have in place a tried and trusted DRP. The failure to do so could, sadly, lead to the demise of an organisation. If a ransomware attack were to happen and all data were to be lost, how could an organisation continue? If access to premises was lost, what would happen? If internet connectivity ceased for an extended period of time, how would a firm cope? If a firm’s email system was compromised, how would a firm continue to communicate with its staff and/or customers? These are all questions that a DRP should address.
Based upon recent experiences, together with over twenty years of operating as an IT support company, seven questions have been formulated that should help businesses, of whatever type, measure their preparedness for a workplace disaster.
Unfortunately, the vast majority of businesses in the SME sector are completely unprepared for any disaster that may befall them. This is completely understandable. It is difficult enough to keep a business running in normal circumstances, without considering what would happen in case of a major business disruption. The reality of the modern business environment is that everyday, someone, somewhere is experiencing a disaster. This can be seen daily, in the press.
Our existing clients, and others that have come to us in a state of emergency, have faced some very difficult scenarios, in the recent past. A few examples are detailed here, in what have become everyday events. One firm, with 50 users based across three different sites, suffered a ransomware attack. Using servers and data that had been backed up into the RedDrum Cloud, the system was completely rebuilt across the three sites. No data was lost, avoiding the necessity to report the incident to the Information Commissioners’ Office (ICO), as a data breach. Disruption was minimised.
In another example, internet connectivity to a set of offices was cut off, for a period of a week. It was imperative that staff could continue to work, so an emergency 4G connection was supplied to the offices, whilst 8 staff relocated to a Disaster Recovery Workroom (DRW) in a RedDrum Disaster Recovery Centre (DRC). Staff were able to work in a fully functioning office environment, with access to computers, a fast internet connection and their company data.
Hardware failure can also be very damaging, for a business, if an adequate DRP has not been considered. A client suffered server failure, which meant that their staff could not access their case management systems. Sufficient redundancy had not been planned for, in their systems, which meant that considerable downtime was experienced, even though their data had been backed up.
All of our clients have been the subject of many and varied phishing attacks, now a daily event – see here for more information on this: https://www.reddrum.co.uk/fraud-and-cybercrime-part-3/
Some of the attacks have been very simple, others extremely sophisticated. In the early days of this crime, it was relatively simple for criminals to infiltrate companies and their iT systems. Nowadays, modern computer networks should be able to detect the vast majority of these attacks before they arrive into the IT systems. The problem here is not so much the IT system, but the ‘human factor’. No IT system can prevent a member of staff from divulging their username and password, should they choose to do so.
The next article will start to consider the seven questions that a firm should consider, in order to arrive at a sufficient and appropriate Disaster Recovery Plan (DRP) ……