These days, almost every business could be called a technology company because we are so dependent on technology to enable us to carry out our everyday work. As a result, it is more vital than ever to have the right technology to get the job done quickly and efficiently, as well as to ensure ready access to data. Any downtime could significantly affect your business, and prolonged downtime could be fatal to your company. Ensuring your business is ‘cyber resilient’ is therefore as high a priority as ensuring it is cyber secure.
Cyber resilience is a Board-level issue
All too often, our clients tell us that the cyber resilience of the company is the IT department’s responsibility. But as cyber resilience applies across your organisation as a whole, it must be managed at the highest level.
It is vital that your company’s top decision-makers are involved in making your system cyber resilient, as they will understand the impact strategic decisions will have on the entire company.
What would happen if…
Part of your cyber resilience strategy must include business continuity and disaster recovery plans. You need to know the answer to questions such as: What would happen if your system was hacked? What would happen if there was a power failure, an office fire, flooding or power outage? How soon would you be able to resume trading after a catastrophic event?
Detailed contingency plans are part of cyber resilience in that you and your staff need to know what their responsibilities are in any given situation and must be able to act quickly. If, for some reason, you were prevented from using your office, you must have a tried and tested plan to alert staff that they need to work remotely, as well as the means by which they can safely do so in order to enable you to continue trading with minimal disruption.
The same applies in a situation where your system is hacked - do you know who will take responsibility for alerting the appropriate stakeholders? How will you recover your data? In what order would you want your data to be recovered? How much data can you afford to lose? Answers to these questions will be crucial when deciding how often to back up your data and where your data and backup data will be stored.
A wider aspect of your business’s cyber resilience is your hardware. You need to consider the age of your equipment and whether or not it is the right technology to allow your business to do what it needs to do efficiently. Old equipment poses a risk to your business - it will be slower and less efficient, meaning you are not utilising your staff’s time effectively; and the older it gets, the less compatible with new applications and software it will be.
We call the point at which your hardware begins to cost your business more in terms of inefficiencies and incompatibility than your ROI in replacing it with new and fit-for-purpose equipment the ‘magic minute’, and we will be covering that topic in our next blog.