COVID-19 Exposes Flaw In DR Plans

Introduction

An abrupt change, that’s what the COVID-19 crisis forced upon us all. One moment, we were all working from our offices—and suddenly, we were evicted by a cruel, unseen enemy that ravaged populations and businesses worldwide.

As we come out of this crisis, all businesses need to evaluate the lessons of COVID-19. We explored one such example in our article, “COVID-19 Business Lesson – You Need A Disaster Plan.” Unfortunately, the Pandemic has more to teach us.

Include Employee Home Networks In Your Disaster Plan

Another lesson that we all must learn is that your employees’ home networks need to be a part of your Disaster Recovery Plan (DRP).  The coronavirus (or a variant) can suddenly reemerge, forcing all of us to work from home again for extended periods. It is a risk that should now be included in your DRP’s Threat Matrix. If ignored, the results can be devastating should cybercriminals attack.

CIOs and IT Managers must make sure that employee home networks are secure. The protocols that you have in place while working at the office must be extended to home environments as well. This means:

  • You must document the current state of each remote employee’s network in your DRP with plans to strengthen it according to company policies.
  • Make sure that the home router and WiFi passwords are unique and robust, and the use of default passwords on all devices is prohibited.
  • Passwords to all systems, onsite, or cloud, must be strong and unique and entered into a company-approved Password Manager for security.
  • Multifactor Authentication, where possible, should be placed on all systems, onsite, or cloud.
  • If at all possible, employees that will work from home should be issued a company laptop that is correctly set up by your IT department and includes required security applications, backup solution, etc.
  • Homeworkers should have VPN access to log into company systems while working remotely.
  • If employees are allowed to use their personal computers for work:
    • Make sure they have all the required security applications installed and updated.
    • They have separate user accounts for work and personal computing.
    • They use a VPN whenever accessing company systems.
    • Their internet speed is up to par and can handle the increased load.
    • All company documents should be saved to the server, not on the device itself (hard to control).
    • Company documents that are printed at home should be destroyed using a micro-shredder.
  • As with all Disaster Recovery Plans, test working from home scenarios, document your findings and fix any gaps in your strategy, so when disaster strikes again, everyone will be ready.

Have A Robust IT Backup Solution For Onsite And Cloud Configurations

Unless your company is very small and generates little information, a data-only backup solution is not adequate for quick recoveries when disaster strikes. Most businesses cannot function very long without access to their data.

Onsite – You need a Hybrid-cloud solution that employs an onsite device that takes image-snapshots of your server(s) and saves them locally and to the cloud. This system allows you to restore servers quickly because of the onsite backup with secondary backups in the cloud. With this solution, you can run server operations from the onsite device or the cloud, depending on the nature of the disaster.

Cloud – You also need to backup your cloud applications. The most used cloud application is Office 365. What many people don’t realize is that Microsoft (and Google for G Suite) does not keep point-in-time backups of your data. If data is deleted or encrypted and you do not discover it immediately, the information is lost. As a matter-of-fact, Microsoft encourages users in their Services Agreement to employ third-party backup solutions for their data. Here’s the actual excerpt from Microsoft’s Services Agreement:

“We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”

If you’re interested in hardening Office 365 for your business or wish to schedule a demo of our Hybrid-cloud Business Continuity solution, call us at (845) 362-9675 or email us at [email protected].

 XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 460+ Petabytes of data with over 1400+ employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause. Backup & Disaster Recovery | Business Continuity | Data Risk Assessment