The best insurance is the insurance you don’t need. This applies to Disaster Recovery. Who would imagine suffering water damage, a fire, or a cyberattack? However, SMEs should plan for the recovery of critical data and IT systems in the event of an emergency in advance rather than regretting it later.
Be honest: Is your company safe from cyberattacks and potential risks such as a production or business shutdown? 18% of the 504 SME managers surveyed believe that the risk of a one-day shutdown is high, while only 6% fear attacks that could threaten their viability. This is even though one in four SMEs in Switzerland has already been the victim of a cyberattack. This is one of the results of the study “Consequences of the coronavirus crisis on digitalization and cybersecurity in Swiss SMEs”
SMEs Lack Organizational Protection Measures
Technically, most small and medium-sized businesses are well protected. 93% protect their computer systems with antivirus programs, 86% regularly update their software, and 92% have installed a firewall.
In many SMEs, however, the results are less brilliant when it comes to organizational emergency measures. Just over half (57%) of the SMEs surveyed have an emergency plan or concept to maintain production or operations. In other words, more than 40% are not prepared
for outages or disruptions. A cyber attack, but also incorrect handling, or environmental damage due to water, fire, or earthquake can also paralyze IT systems.
Furthermore, management is only responsible for IT security in 55% of cases, although it is responsible for the smooth running of the company. Just over a third delegate this task to an IT service provider, and in 7% of cases, no one is responsible. In an emergency, a quick reaction becomes difficult.
SMEs also Need a Disaster Recovery Concept
Outages or disruptions can last a long time, become costly and, in the worst case, threaten viability. That is why companies, regardless of their size, need a Disaster Recovery concept. Especially if their production or activities are networked and dependent on the IT system. The French expression “rentrée en cas d’urgence ou de néstresse” sums up well what Disaster Recovery is: getting the IT infrastructure back up and running as soon as possible after an outage, a disaster, or after a successful ransomware attack and restoring all important data.
Plan Instead of Reacting in Panic
The Disaster Recovery Plan is the foundation for recovery in the event of an emergency or disaster. It defines all measures and procedures as well as guidelines for how to proceed in the event of an emergency. The individual measures are listed step by step in the form of a checklist that must be followed. A Disaster Recovery Plan also defines escalation levels, reporting channels, and responsibilities: Who is responsible for restoring the situation after a hardware failure or natural disaster? Which IT security professionals provide rapid assistance in the event of a ransomware attack?
It is important that the plan is not only written down and archived somewhere, the responsible employees must know it and be regularly trained.
Test instead of Blindly Trusting
Most plans look good on paper. If you don’t want to wait for an emergency to find out if your disaster recovery plan is sound, test all measures and procedures regularly. This will allow your company to resume operations or production without long and costly downtime after a disruption or outage. It also allows you to improve the disaster recovery plan, train all responsible employees in emergencies, and make other employees aware of the consequences of possible operating errors.
Simplifying Disaster Recovery
Disaster recovery is expensive. Many SMEs do not have the human and/or financial resources necessary for effective protection and recovery in the event of an emergency. Disaster Recovery as a Service (as a cloud service) can then be useful for them. A provider sets up data backups, storage spaces, and virtual systems in its data center and manages the infrastructure. It is important to know that disaster Recovery is more than just a data backup.
On the one hand, because the data is automatically and regularly synchronized and is therefore up to date, and on the other hand because the entire IT infrastructure is mirrored. Corporate IT is therefore quickly ready for reuse in the event of a disaster, although it is to be hoped that this will never happen.
