How long has it been since you have revisited or reviewed your company disaster recovery document? Have you conducted any table-top exercises this year or have any lined up on the company schedule of events? Odds are, depending on when you are reading this article, you may be in a real scenario, not an exercise, as part of the COVID-19 pandemic. You may even be asking, “what is a disaster recovery document?” Considering the impact of COVID-19, there is probably no better time create or review those incident, continuity, disaster and recovery documents for your cybersecurity library. You will want to make sure they include all your business needs to be successful when the worst of times are upon you, including a pandemic.
Make sure you review your company dependencies from a technology and human perspective and calculate what controls and abilities do they require to work outside of the office. Having to rush into a remote workforce solution could leave you with little time to think through proper security controls needed to maintain the integrity of your business operations. This could leave your business and its employees vulnerable to malware, ransomware and other cybercriminal activities.
It doesn't matter what governance framework you choose to align with; they all typically require the frequent testing of business continuity and disaster recovery protocols to make sure they are effective when they are most needed. One of the reasons the tabletop practice exercise is most commonly favored, as it is required by governance frameworks, is that it puts required think-tanks, leadership and tech admins in the same room to go over the steps necessary for handling disasters and incidents alike. Stepping through the process of going from disaster to incident management to recovery is necessary to construct real-world scenarios and practice process improvement.
Remember the fire drills from school. They are practiced over and over to make sure kids know what to do and how to act when there is a real fire. Operations of your business should be treated no differently and processes should be in place to test response/reaction times and methods throughout the year. It should also evolve with the business and its technology. Streamlining the processes from incident/disaster to recovery are so incredibly important for when the real incident arrives. You want all your critical personnel knowing what they are responsible for ahead of time. You probably want to notify your critical personnel to make sure they know that they are critical personnel, while you’re at it. You most certainly want to make sure they can work securely from anywhere in the world.
It doesn't matter if you have it all sorted out or you are still writing your document library, now is a great time to set some focus on the documents and processes specific to incident, disaster, continuity and recovery. Set up some time during the year to conduct some practice exercises or use the real-world one happening to provide a record for continued process improvement and lessons learned. You will come out ahead of the curve and be much more prepared for next time. Oh, and you might meet that compliance initiative while you are at it.