Disaster Recovery and Business Continuity During COVID-19

As we are still dealing with the vast array of challenges caused by the global COVID-19 pandemic, we see many cyber security issues surfacing because of the increase in remote workers accessing their office servers and workstations remotely. More than ever, Cybercriminals are taking advantage of the vulnerabilities that remote users have. Many firms have laxer standards or less staff to attend to the IT issues and make sure all the nodes have patches, and the backups are performed regularly and completed correctly. Cybercriminals are aware of these facts; hence we have seen a rise in phishing emails and many more attacks on networks with open ports and unpatched servers and workstations. 

We want to discuss how organizations can focus on disaster recovery and business continuity in light of the shifting threat landscape. Here are some key takeaways to follow:

  1. It is essential to realize that backing up just data is not adequate, and it is not the disaster recovery. Backup is only a component of it. Online backup is the most crucial part of disaster recovery. Suppose you have on-premise server(s). In that case, your backup should have bare metal capabilities (restoring the entire image, not just the data) and shadow snap capabilities (backing up every hour), so you only lose very little data. Backup integrity needs frequent tests to ensure that you have recourse in the case of ransomware attacks. 
  2. Employers should conduct cyber hygiene checks of remote workers’ devices to ensure these connections are safe and secure. Suppose there are any vulnerabilities to be dealt with immediately. We all know that the pandemic will linger on, and even it goes away, working from home is here to stay.
  3. Infrastructure status needs evaluation, and necessary measures should be applied to ensure uptime. If you have only one internet service, think of getting a second provider if there is an outage. How long can your battery backups provide you with power in case of a power outage? Can you have a generator in your business? Is your server located in a secure room and limited access? Pandemic is not the only disaster that we are facing. Is your equipment safe in case there is a theft, fire, earthquake, or flood? These are a few of the questions you should be evaluating.
  4. Do you have “Zero Trust Principles” in place? An example of this could be a network-connected device, such as a laptop. This principle states that “networked” devices should not be trusted by default, even if they were properly connected to the managed network and are confirmed to be secure. The “Zero Trust” networking approach advocates checking the identity and integrity of devices irrespective of location and providing access to applications and services based on the confidence of device identity and device health combined with user authentication. Every authentication should be verified and audited if enterprise assets are in play, including accessing VPN service, online collaboration tools, cloud storage, etc. Virtually, organizations should ensure that the proper user accesses the right support under the right conditions. 
  5. Having visibility and control over company assets, including all the remote devices connecting to your network or accessing your data. Installing the right equipment and software to detect unusual behavior and responding appropriately, and having meaningful audit logs to track who and when someone is connecting your network and accessing your data. Although there is a fine line here, you want to ensure that you can perform these tasks while simultaneously making sure the employee does not feel that they are under constant observation.
  6. Employee security awareness training and communication with your employees to let them know what resources are available and how to use them are essential. Having backup and Disaster policies that outline implementing password policies, setting up two-factor authentication, and having drills about what to do if a disaster happens are prudent ways of avoiding disasters and what to do in case it happens. 

The current pandemic has highlighted and forced us to embrace digital transformation and make an essential part of the business. The main challenge is how to make it secure and standardize it and reap its benefits. For additional tips pertaining to Disaster recovery or for any question you should have, feel free to contact us at: 818-501-2281 or via email at: info@ceocomputers.com

As an IT company in the business for over 32 years, CEO Computers is a trusted name in the local community and have gained that reputation by providing quality, dependability and a strong IT support system. Give us a call and let us assist you with your IT needs.

Posted in IT Blog