Why is a recovery plan needed?
What belongs in a business continuity plan?
A business continuity plan increases cyber resilience, shortens interruptions to business operations and ensures long-term viability. Cyber resilience is the ability to protect against cyber attacks, recognize them, respond immediately and recover quickly from the consequences. These are the four core components of a continuity plan:
- First, all critical business processes are identified. These are the processes that are crucial to the survival of the SME, from the distribution chain to customer services.
- Possible threats such as cyber attacks or technical problems and their consequences are then analyzed in a risk assessment.
- Based on the risk assessment, a recovery strategy is developed so that the SME can resume operations as quickly as possible. For example, with a redundant IT system or at a second location.
- With the increasing number of cyber attacks, cyber security is becoming vital and must be regulated in the business continuity plan. For example, with preventive measures such as regular backups, software patches and updates, or employee training.
Six steps to a business continuity plan
Step 1: Identify and assess risks
Step 2: Evaluate business-critical effects
Step 3: Minimize risks and restore processes
Step 4: Derive, prepare and develop measures
Every business continuity plan is divided into two subject areas. The departments or divisions are responsible for maintaining business operations, as they know their processes best. Internal or external IT specialists are responsible for technical recovery.
Maintenance of business operations
- Print complete process documentation with instructions, plans and directories
- Print and store forms for process documentation
- Record contacts of customers, partners and employees and keep them available offline
- Find alternatives for relocating production and procuring materials
- If possible, set up an external warehouse with production-critical components
- Clarify with the bank how urgent bills can be paid in an emergency
- Look for alternatives to card payment, for example cash or invoice forms
- Discuss documents and emergency scenarios with key employees
- Save important documents on a laptop with an independent Internet connection
- If possible, set up emergency organization with employees and the IT service provider
Technical restoration
- The first thing to check is the availability of the backup data; how many days or weeks does it go back, and do you want to use this as a basis for the future? Do the data carriers work, and is a sufficient read/copy infrastructure available?
- Before restoring the backups, it must be ensured that the target systems have been completely deleted and are virus-free. In some cases, it makes sense to procure new hardware or restore backups in a cloud environment
- For more complex system landscapes, an extensive "clean-up" of the systems may be more efficient than a complete restore from backups. An experienced IT emergency service provider should be brought in to help remove all viruses and backdoors and set up an "alarm system" for new infections
- With the help of the IT service provider, a secure network area can also be created for recovery, which is physically separated, or separated by suitable firewalls, from any systems that may still be infected
- First of all, the central systems should be restored or cleaned up, i.e. user management, file servers, email, security and network systems, as well as systems for operating virtual machines
- The sequence of recovery of servers, virtual machines, applications and databases depends on the criticality of these systems and on dependencies, which should be identified and documented in advance
- At the same time, desktops and laptops can be reinstalled, and affected control systems in production environments can be cleaned up
Step 5: Involve and train employees
Step 6: Test and adapt business continuity plan
Good to know
Zurich Cyber Insurance for SMEs covers not only the costs of analyses such as virus scans or damage assessment, but also the costs of disaster recovery efforts. Calculate your premium or arrange a consultation.