by Scott Jack
Content Contributor, E-N Computers
7+ years experience in healthcare IT and tech support.
Disaster preparedness is essential for businesses of all sizes. Each business has its own risks that are a product of its geographic location and industry sector. A detailed plan on how to mitigate those risks reduces the risk of failure.
Small businesses in particular are at risk of failure after a disaster. In part, this may be due to a lack of documented processes and an incomplete understanding of the cost of downtime for the business. According to the US Small Business Administration, 25% of small businesses do not re-open after a disaster.
How can you increase the likelihood that your business successfully weathers a disaster? This article will discuss six steps to help you improve your disaster preparedness. The six steps are:
- Develop and securely store your runbook
- Perform regular tabletop exercises
- Know your security software SLA
- Know your service contracts
- Know your cyberinsurance policy
- Identify the internal and external people you need to succeed
Let’s get started by discussing the importance of a runbook.
Identify your risks. Work with internal and external partners to create a plan that addresses those risks. Help your disaster response team become familiar with the plan through tabletop exercises. Understand the details of your service and insurance contracts to eliminate surprises.
Table of Contents
- Step One: Develop and Securely Store Your Runbook
- Step Two: Perform Regular Tabletop Exercises
- Step Three: Know Your Security Software SLA
- Step Four: Know Your Service Contracts
- Step Five: Know Your Cyber Insurance Policy
- Step Six: Identify the Internal and External People You Need to Succeed
Step One: Develop and Securely Store Your Runbook
Your disaster recovery runbook provides a step-by-step guide on how to respond during an incident. It is a living document that reflects current operating procedures and business requirements. For your runbook to be useful, it needs to be regularly updated and accessible.
The runbook should document business processes and technical systems. It should provide a comprehensive picture of how the business will pull through adverse events you deem most likely to happen. On the technical side, you need to have a clear plan for restoring your systems and data. Check out our Ultimate Guide to Backup and Disaster Recovery for more information. Instead of having one person compile your runbook, it’s best to rely on a team of experts.
Your internal team and external partners will need to collaborate to prepare your runbook. It needs to identify each role on the team, who fills that role, how to contact them, and what their responsibilities are. It needs to include contact information and service level agreement details — like what they support and their guaranteed response time — for each external partner.
The runbook should be securely stored in digital and physical formats that make it readily accessible during a disaster. You should have a disaster response center designated and you should keep an updated physical copy of your runbook there. You should also provide key partners with a copy so that everyone can follow the appropriate response procedure when needed.
Step Two: Perform Regular Tabletop Exercises
Tabletop exercises are informal meetings of your disaster response team that provide an opportunity to talk through who handles various aspects of a disaster and how. They are not the same as a penetration test that finds holes in your security. Nor are they a full-scale rehearsal or drill. Why are tabletops important?
You can think of them like the table read for a movie or TV script. Before filming begins, essential parties like writers, producers, actors, and executives organize a read-through of the script. This helps them become familiar with the storyline, think about practical aspects of making it come to life, and gain insights that help during rehearsal and filming.
Similarly, a tabletop exercise allows your disaster response team to work through how they will respond to various events. By imagining and working through scenarios this way, they will be better prepared. Your team may also identify ways the plan can be improved or clarify who is responsible for certain actions.
How can you implement tabletop exercises? Try putting scenarios on index cards, one scenario per card, then choose one card at random. Examples of appropriate disaster scenarios include:
- ransomware attack
- threat to release sensitive data online
- natural disaster
- social engineering attack (e.g. malicious actor obtains employee records and threatens employees with release of their data unless the company pays)
As you discuss your scenario, you should be able to answer the following questions:
- Who is coordinating the response?
- Who is communicating with affected internal and external partners and parties (e.g. employees, clients, vendors, media)?
- Who is handling the technical resolution?
- Which accounts use multi-factor authentication (MFA) and can we access them?
The last point about MFA is an important one. For mission-critical accounts, you need to know:
- whether MFA is enabled
- who receives the authentication code
- which device or app the code is received on
A tabletop exercise helps you review this information and discover the answers to questions you might otherwise have missed.
Step Three: Know Your Security Software SLA
Security software can help you detect and respond to digital threats. However, vendors vary in the features that they offer. This includes differences around notifications, proactive security measures, and logs.
Notifications. A good security software will notify you promptly when a threat is detected. You may have the option of being notified in a web portal, by email, or by call or text. When evaluating security software for purchase, pay attention to how quickly you will be notified and by what methods. The best security software packages will notify you within 15 minutes of detecting a new threat.
Proactive security measures. Examine the security measures offered by the software. Ideally, the software you choose will proactively shut down devices that are potentially compromised. This helps prevent the spread of malware on your network.
Activity logs. Detailed activity logs can provide valuable information about how a threat is introduced or gains access to your network. Since business needs vary, determine whether the logs kept by your security software are both detailed enough and go back in time far enough to meet your requirements.
We encourage you to pay attention to these features when evaluating a new product. It’s also advisable to review the features of your current software from time to time and determine whether it continues to meet your needs.
Step Four: Know Your Service Contracts
Businesses are more reliant than ever on cloud services. These services provide several benefits like greater flexibility, scalability, efficiency, and low or no upfront costs. However, they have some drawbacks.
Cloud service contracts are written to protect the service provider, while the service itself provides limited control over backup and security protocols. Typical terms of cloud contracts limit the provider’s liability in the event of a breach, require you to indemify (protect) them from harm, and require arbitration for disputes.
Become familiar with the terms of your service contracts so that you are not surprised in the event that something goes wrong. Make sure you know the provider’s liability limits and what indemnification costs you could be responsible for. This information can help you prepare financially and inform your search for a cyberinsurance policy.
To learn more about this topic, read our article, “What’s Hiding in Your Cloud Service Contracts?”
Step Five: Know Your Cyber Insurance Policy
Cyber insurance can help you to handle expenses resulting from cyber attacks. These may include costs of business interruption, breach notifications, disaster recovery, legal expenses, and direct losses like electronically stolen funds and ransom payments. However, it’s important to understand how your plan is structured.
Besides the monthly premium, a cyberinsurance policy comes with several deductibles. Your plan may have over ten categories of coverage, each with its own deductible and limit. Additionally, it’s likely that your insurer will not cover certain events or will require documentation that you have implemented sufficient security measures before agreeing to provide coverage at a reasonable rate.
Additionally, ask your insurer about local disaster recovery partners. If they do not have any, identify prospective partners. In either case, build a relationship with the people at these companies before disaster strikes. Then everyone involved will be better prepared for a quick response.
To learn more about this topic, read the article, “What is Cyber Insurance?”
Step Six: Identify the Internal and External People You Need to Succeed
Successful disaster response depends on a team of internal and external professionals that understand the over-arching plan and their own unique role within it. Keep an updated list of team roles, partners, and contact information. It may include:
- disaster response coordinator
- internal communicator – who will communicate with staff?
- external communicator – who will communicate with media, customers?
- technical lead
- managed IT service provider
- insurance provider
- utility companies (electric, water, gas, internet)
- alternate workspaces
- other local disaster recovery partners
As you identify these key players, talk with them about disaster preparedness and how you can work together to keep your business running in the face of unexpected challenges. As staff changes internally or with key partners, introduce them to the runbook.
By implementing these six steps, you will be in a much better position to successfully navigate disasters that arise. A strong response team of internal staff and external partners can help you build and execute a plan that keeps your business running through natural disasters, cyber attacks, and other adverse events. Understanding your security software SLA, service contracts, and cyber insurance policy will help you financially prepare and reduce the number of surprises that come up while in response mode.
Like disaster recovery, your day-to-day IT involves more than technical infrastructure. It includes the people, processes, and strategy that influence how technology is used. To get an idea of your IT maturity, try our free IT Self-Assessment. We’ll provide you with action steps you can take to start improving your IT. And you’ll have the opportunity to book a free strategy session to discuss your results. Let’s work together to put you on the path to stronger IT today
Is your business ready to weather changes, including employee turnover? Find out by taking our IT maturity assessment.
You’ll get personalized action items that you can use to make improvements right away. Plus, you’ll have the opportunity to book a FREE IT strategy session to get even more insights into your IT needs.