There is considerable uncertainty in today’s world including online hackers and ransomware to the COVID19 pandemic that is still ongoing. Unfortunately, many SMBs do not realize that it is only a matter of time before their IT infrastructure and data might fail or fall victim to malicious human interference. When that happens, SMBs not only lose revenue, they can also lose customer confidence as their reputation suffers. Additionally, there can be legal ramifications is customer data is stolen.
All SMBs needs to have a disaster recovery plan in place prior to experiencing any of these issues. The Go2IT Group can help create a disaster recovery plan for your business using the methods described below.
Risk Assessment and Business Impact Analysis
Step 1: Identify Assets – Inventory of Hardware and Software
The Go2IT Group can help with identifying assets including servers, network infrastructure, sensitive documents, client information, phone systems, printers, etc. It is important to keep the asset list update to date with any new assets being added. Assets can be prioritized by importance level such as critical, major and minor.
Step 2: Identify Threats
Threats are defined as anything that could use a vulnerability to breach security and negatively impact your business. Besides hackers, there are other threats that SMBs should prepare for.
Step 3: Identify Vulnerabilities
Weaknesses that any type of threat can exploit is considered a vulnerability. To determine the weaknesses that exist within your organization, The Go2IT Group can conduct a vulnerability analysis, audit data, provide a critical response team and use security analysis software. Testing the IT infrastructure is necessary to find vulnerabilities. This can include penetration testing and the use of automatic scanning software and tools.
Step 4: Analyze Controls
It is important to determine what methods to control threats are currently in place as well as those that are in the planning stages. Controls are implemented in several ways including hardware and software, encryption, multi-factor authentication and intrusion detection. Other methods include implementing or updating workplace security policies, administrative actions and environmental mechanisms such as security systems.
Step 5: Determine the probability of an incident
Review all vulnerabilities and organize according to type, threat source and motivation and effectiveness of controls. Assign categories of the likelihood of an attack. Be sure to keep this updated and audit over time.
Step 6: Impact Analysis
It is necessary to ascertain the role of the asset and what processes it performs, how critical it is and what sensitive material is stored on the system. The impact can be qualified as high, medium or low. Also, it is important to understand how often an asset may be affected throughout the year, the cost of each possible incident and how adequate the current or planned IT security controls for reducing risk.
Step 7: Results of Analysis
After completing the above steps, actionable procedures should be implemented to reduce risk. This is determined based on the categories assigned to each threat, vulnerability, risk level, etc. Each step should have an associated cost, should focus on legitimate business reasons for each change or update made and should provide a verifiable benefit in reducing the risks. By working through this process, it is possible to gain an understanding of how the company’s infrastructure operates and what can be improved.
The Go2IT Group’s modern approach to disaster recovery provides reduced backup times, faster recovery times, numerous replication options, flexible deployment options that support virtualized environments and more. Reach out to us today to discover how The Go2IT Group can help prevent data loss within your organization.