Tag Archives: Disaster Planning

IT Support

How to incorporate IT concerns into risk management

How to incorporate IT concerns into risk management

Incorporating IT concerns into your company’s risk management strategy is essential to protecting your assets and minimising potential losses. Here are some steps to incorporate IT concerns into your risk management:

Identify

The first step is to identify your company’s top IT risks that could impact your business operations, such as data breaches, hardware failure and cyberattacks. We published a blog post detailing some of the top concerns of small and medium-sized businesses earlier this week, so brainstorm with your stakeholders as well as your Managed Service Provider what these are, then read our post to see if you’re missing anything. You can read that post here.

Other than this, you will want to identify IT use within your business. This includes internet banking, taxation, cloud hosting services, online stores and apps, social media, Point of Sale (POP), VOIP (Voice over Internet), NBN, mobile phones and computers. This helps you fully outline and visualise the amount of IT your organisation is truly reliant on as well as realise just how easily the risk of serious IT failure can impact your business’ trading.

Part of your risk management processes should be assessing the likelihood of these IT concerns occurring as well as the potential impacts they would have on your business operations, revenue and reputation. This helps you prioritise your efforts and resources to address the most critical IT risks.

If you have one, contact your IT provider

Once you’ve identified those, ask your IT provider about the strategies they have in place to prevent these risks from happening. If they don’t have anything or only have limited processes, you might want to discuss the reasons why this is and if you are not satisfied with their response, look at switching providers. When cyberattacks can cause your company to be in breach of The Privacy Act and when the Australian Government is likely to mandate strategies like the Essential Eight being implemented into businesses, it’s on you to ensure you’re well protected.

If you don’t have one, get an MSP

We have written articles about why an MSP is essential to your business, so make sure to read those if you don’t have one. When signing with an MSP, they set up practical IT risk management systems within your business. These include securing computers, servers and wireless networks, using anti-virus and anti-spyware protection and firewalls, updating software to the latest versions, using data backups, securing your passwords, implementing two-factor authentication, training staff in IT policies and procedures, using Secure Socket Layer (SSL) on websites and helping you understand the legal obligations for your business. 

Your business needs to ensure you have risk mitigation strategies in place to address the IT risks you have identified, and this should be in collaboration with your IT service provider. The Essential Eight strategies can become incredibly helpful in this stage as they detail a framework for your business to follow that is comprehensive and will keep your company safe.

The Prevention, Preparedness, Response, Recovery (PPRR) risk management model helps you identify risks to include in your business’ policies and procedures. You can implement policies such as the policy for use of software, bring your own device policy and information technology security policy, which gives staff something to follow to reduce or prevent IT risks.

Insure your business against IT risks

While strategies put in place are to prevent IT risks, there is always a chance that they will still happen and unfortunately, with so many variables outside your control, it’s no longer a matter of if, but when. This is why business insurance may provide another way to reduce risk to your business. It can help reduce company costs that could have you closing your business or paying a large amount of money. You might want to look into Business Interruption, Electronic Breakdown, IT Liability or Cyber Insurance.  

Monitoring and Reviews

Your MSP should then be regularly monitoring and reviewing these IT risks to ensure that the risk mitigation strategies that were put in place are effective and up-to-date. This may involve conducting vulnerability assessments, penetration testing and reviewing incident response plans. Don’t just leave this all to the MSP though, as when you receive your reports from the provider, make sure you are also going over these thoroughly to ensure that you are receiving the level of service from the provider that you agreed to and that you are satisfied that the risks are being properly monitored.

Communication

Communicate IT risks and risk management strategies with relevant stakeholders, such as employees, customers, partners and investors. If need be, involve your IT service provider in these meetings so that everyone is on board and so that you are both achieving the longevity goals you have set. This helps to build trust and demonstrate that your business takes IT risks seriously. You can even hold cyber security training for new staff and update staff and training manuals when new risks are introduced through meetings or company newsletters.

All in all, it’s important that, as a business, you continuously improve your IT risk management approach by learning from past incidents and industry best practices. This helps to ensure that your business remains resilient to new and emerging IT risks.

By incorporating IT concerns into risk management, businesses can ensure that their IT infrastructure is secure, reliable and efficient, reducing the likelihood of IT-related incidents and minimising their impact when they do occur. Like it or not, it’s technology, so something will likely occur, but risk management strategies ensure that your business is not damaged when it does.

Cybersecurity, IT Support, Managed IT Services

The 10 Disaster Planning Essentials For Small to Medium-Sized Enterprises

The 10 Disaster Planning Essentials For Small to Medium-Sized Enterprises

If your data is important to your SME and you can’t afford to have your business halted for days, or even weeks, due to data loss or corruption, then you need to read this report and act on the information shared. A disaster can happen at any time and is likely to occur at the most inconvenient time. If you aren’t already prepared, you run the risk of having the disaster occurring before you have a plan in to handle it. This post outlines 10 things you, as a business owner of, say, 20 to 80 computers, should have in place to make sure your business is up and running again in the event of something going wrong.

Have a written plan

As simple as it may sound, just thinking through in advance about what needs to happen if your server has a meltdown or a natural disaster wipes out your office, will go a long way in getting your business back up and running fast. At a minimum, the plan should contain details on what risks could happen and a step-by-step process of what to do, who should do it and how. Also include contact information for various providers and username and password information for various key websites.

Writing this plan will also allow you to think about what you need to budget for backup, maintenance and disaster recovery. If you can’t afford to have your network down for more than a few hours, then you need a plan that you can follow so that you can get back up and running within that time frame. You may want the ability to virtualise your server, essentially allowing the office to run off of the virtualised server while the real server is repaired. If you can afford to be down for a couple of days, there are cheaper options. Once written, print out some copies to store in a fireproof safe, off-site at your home and with your IT consultant.

Hire a trusted professional to help you

Trying to recover your data after a disaster without professional help is business suicide; one misstep during the recovery process can result in forever losing your data or result in weeks of downtime. Make sure you work with someone who has experience in both setting up business contingency plans (so you have a good framework from which you can restore your network) and experience in data recovery. If you have a Managed Service Provider, an MSP, ensure they have experience in these areas.

Have a communications plan

If something should happen where employees couldn’t access your office, e-mail or use the phones, how should they communicate with you? Make sure your plan includes this information including multiple communications methods.

Automate your backups

If backing up your data depends on a human being doing something, it’s flawed. The #1 cause of data loss is human error, such as people not swapping out tapes properly, someone not setting up the backup to run properly, etc. Always automate your backups so they run like clockwork.

Have an offsite backup of your data

Always, always, always maintain a recent copy of your data off-site, on a different server or on a storage device. Onsite backups are good, but they won’t help you if they get stolen, flooded, burned or hacked along with your server.

Have remote access and management of your network

Not only will this allow you and your staff to keep working if you can’t go into your office, but you’ll love the convenience it offers. Plus, your IT staff or an IT consultant like an MSP should be able to access your network remotely in the event of an emergency or for routine maintenance. Make sure they can.

Image your server

Having a copy of your data off-site is good, but keep in mind that all that information has to be restored someplace to be of any use. If you don’t have all the software disks and licenses, it could take days to reinstate your applications, like Microsoft Office, your database, accounting software, etc., even though your data may be readily available. Imaging your server is similar to making an exact replica; that replica can then be directly copied to another server saving an enormous amount of time and money in getting your network back. Best of all, you don’t have to worry about losing your preferences, configurations or favourites. To find out more about this type of backup, ask your IT professional.

Network documentation

Network documentation is simply a blueprint of the software, data, systems and hardware you have in your company’s network. Your IT manager or IT service provider should put this together for you. This will make the job of restoring your network faster, easier and cheaper. It also speeds up the process of everyday repairs on your network since the technicians don’t have to spend time figuring out where things are located and how they are configured. Finally, should disaster strike, you have documentation for insurance claims of exactly what you lost. Again, have your IT professional document this and keep a printed copy with your disaster recovery plan.

Maintain Your System

One of the most important ways to reduce risk to your business is by maintaining the security of your network. While fires, floods, theft and natural disasters are certainly a threat, you are much more likely to experience downtime and data loss due to a virus, worm or hacker attack. That’s why it’s critical to keep your network patched, secure and up-to-date. Additionally, monitor hardware for deterioration and software for corruption. This is another overlooked threat that can wipe you out. Make sure you replace or repair aging software or hardware to avoid this problem.

Test, test, test!

A study conducted in October 2007 by Forrester Research and the Disaster Recovery Journal found that 50 per cent of companies test their disaster recovery plan just once a year, while 14 per cent never test. If you are going to go through the trouble of setting up a plan, then at least hire an IT pro to run a test once a month to make sure your backups are working and your system is secure. After all, the worst time to test your parachute is after you’ve jumped out of the plane.

Want help in implementing these 10 essentials? Call us on the number above to discuss how we can tailor a plan that suits your individual business needs.