COVID-19 Disaster Recovery Plan

Home  »  Blog  »  Cyber Security  »  COVID-19 Disaster...

By Bill Minahan   |   April 9, 2020   |   0 Comments

COVID-19 and Disaster Recovery Plans 

The coronavirus (COVID-19) pandemic has thrown a wrench in many disaster recovery plans.

COVID-19 has forced the masses to work from home to slow the spread of infection, which in turn has highlighted the shortcomings of many disaster recovery plans to implement organization-wide work from home policies.

Unfortunately, back up and disaster recovery systems often do not get the budget that they deserve, despite the dire need. However, COVID-19 has brought disaster recovery plans as well as business continuity plans to the forefront during this trying time.

Right now, business leaders should review and address shortcomings to ensure their disaster recovery plans will hold up under the unpredictable circumstances of COVID-19.

If you are a business leader looking to modify your existing disaster recovery plan during the COVID-19 pandemic, here are some technical aspects you must consider.

Identify key personnel

During a pandemic, it’s important to document internal roles and responsibilities. You should have written descriptions of every key employee as well as the key tasks they provide for your business.

It’s also imperative to identify back-up personal for key functional individuals in case they fall ill or are otherwise unable to execute their responsibilities.

Your team should also have a flexible plan in place to account for a potential shortage of staff during an outbreak. Make sure staff can cover each others responsibilities if necessary.

Test and secure remote access for work-from-home employees

As employees work from home, you should ensure they have the necessary equipment to properly execute their daily tasks just as they would in the office. This includes providing laptop computers, monitors, keyboards, printers, docking stations, shredders, etc.

If possible, your organization should try to avoid shifting work to their personal computers.

Furthermore, you should also consider employees that require access to paperwork. For instance, some employees may need access to certain hard copies of documents/ files. You should identify, document, and securely provide access to such documents.

Lastly, you should confirm remote access capabilities by ensuring your VPN is up to date. Additionally, you should confirm your employee’s internet service lines can comply with their workload.

Create an employee communication plan

Don’t underestimate the extent to which in-person interaction makes up the core functions of your business. Important conversations, actions, and decisions that take place in person will have to be modified to take place online.

Work from home policies can create a strain on communication and collaboration between co-workers. As a result, you should test and confirm the ability to web and voice conference.  Ensure every employee can access and understand how to use online communication tools.

If possible, plan consistent meetings with key individuals and groups daily to ensure each employee is up to speed. Every employee should have the time and space to effectively communicate any obstacles that prevent them from completing tasks.

Communication is imperative for every organization. Unfortunately, remote work makes this an even more daunting business requirement. However, with today’s technology, it’s completely possible to stay up to speed with co-workers and employees.

Protect your data

From a data protection standpoint, remote work impacts how data is created, stored, and protected.

During the pandemic, the chance that important intellectual property will be created and stored outside of your data center increases significantly.

If your business relies on storing data on file servers, then remote employees will not be able to access these systems as easily. As a result, they will create and store data directly on their laptops, which throws a wrench in centralized company storage.

If an employee was to spill coffee on their personal laptop, could that data be recovered? Most likely not.

As a result, you should examine your data protection policies regarding laptops and mobile devices. Most companies do not provide backup and recovery for mobile devices, despite agreement upon experts that they should.

If most employees are working from home, now might be a good time to ensure that any device which they create and store important data on has proper backup and recovery features.

It used to be the case that laptop backups slowed down your whole device. However, today you can backup your mobile devices and laptops without even realizing the backup is occuring.

SaaS Data Policies

As the pandemic continues, the more likely your business is to rely on SaaS products like Office 365 or G-Suite. As a result, you must make sure the data you store there is properly protected.

You should examine your service agreement with each SaaS vendor to determine the recovery services they provide, or if they even provide any at all.

Additionally, you should not confuse features like the ability to restore an email with actual backup and disaster recovery. Unfortunately, most of these features use versioning and not actual backups to provide this function. Make sure you and your team understand what a vendor does and does not cover.

The more you rely on SaaS products, the more important it is to understand the specifics of your service agreements and to plan accordingly. If there are shortcomings, you need to address them to ensure your SaaS data is adequately protected.

Consider cloud-based backup and DR

If your entire office is working remotely, then your IT team may be physically unable to manage and run your data center. As a result, your business could have a hard time responding to a disaster if one were to occur.

Furthermore, most traditional systems require some extent of physical presence to manage. As a result of the COVID-19 outbreak, it may be time to consider cloud-based disaster recovery and backup for your business.

Cloud-based, fully automated disaster recovery services are an option. If possible, your business could fail-over your entire IT infrastructure without ever having to be physically present.

A fully automated DR system is also an effective way to prepare for ransomware attacks.

Conduct staff training

During COVID-19, your staff should be up to speed on all events, policies, and procedures regarding your disaster recovery plan. You should conduct a conference call to review the BCP with your entire organization as well as ensure all employees understand their roles and responsibilities.

Your employees should understand how to access critical business systems as well as client/ firm data remotely and securely.

If your employees are accessing sensitive data, then they should receive refreshers on the best security practices. Furthermore, they should know how to set up and use multi-factor authentication.

At the office, we are afforded some built-in security measures, such as a locked office, secure network, and direct access to your file server. However, your business loses these built-in security measures when your entire workforce goes remote.

As a result, it might be beneficial to enroll or re-enroll your employees in cyber security awareness training because their actions will have far-reaching consequences. Cyber security awareness ensures employees are informed and accountable. If you want to try a demo, you can sign up here.

Unfortunately, there has been a spike in cyber attacks and COVID-19 phishing attempts, which means you may want to modify your disaster recovery plan around cyber attacks while your IT staff is remote.

Coordinate with key vendors and outside parties

During COVID-19, even if your business is working remotely, that doesn’t mean your key vendors have the means to. As a result, you should develop open communications and coordinate with your vendors and outside parties. These can include clients, shareholders, partners, regulators, etc.

Furthermore, you should build a plan on how to respond if key vendors are unable to continue their services. Or, what to do if they may only be able to provide limited services.

For instance, on-site services during COVID-19 may be unavailable for an indefinite amount of time. You should plan accordingly after having a conversation with your vendors and determine a backup plan.

You should develop alternative processes to ensure critical business operations can still be carried out.

Adjusting your disaster recovery plan for COVID-19

If you design and implement a DR plan that can handle the worst, then your organization can better manage COVID-19 related disruptions. As a result, you can focus on what matters, keeping your staff safe, healthy, and employed.

If you need assistance with creating, modifying, or reviewing your disaster recovery plan given the COVID-19 impact, then our security experts are here to help.

The full disruption COVID-19 will cause is impossible to predict, but we can help you manage and prepare for the unpredictability.

You can call us directly at 855-459-6600. Otherwise, you can schedule a meeting below.

Schedule a Consultation

Finally, you can always find us on Twitter, LinkedIn, and Facebook.