With cyber breaches on the rise, particularly as we head into the ‘Golden Quarter’ for retailers, it is important that all businesses think not just about identifying the weak points that could let a cyber-attacker in and remedying one – but also about how you’d get your business back up and running again in the aftermath of a cyber incident.
Why you need a recovery plan
Imagine your business has been impacted by a cyber-attack. Perhaps you’ve lost access to your email server and your internal messaging platform so you cannot contact any of your staff. How are you going to communicate this?
You may no longer have access to your customer relationship database, so suddenly you have no means of knowing who your customers are and how to contact them.
Your website may be down – how are you going to take orders for your products? Or even let your customers know that the business is experiencing an issue?
What if your inventory management system can no longer be accessed or trusted? Or your account records?
It’s a nightmare scenario for many businesses and – depending on the scale and nature of both the attack and your business operations – it could be an existential crisis for many as costs and reputational impact can spiral.
Your business recovery plan and all the preparation done ahead of time to practice for this scenario is integral to how quickly and efficiently your business can restart.
How to plan for successful recovery
There are several steps you should take now to make implementing this plan simpler if it’s needed in the future. These include:
- Backing up critical databases, storing them off the network, and then testing these back-ups so you are confident that if needed, they are up to the job of helping you rebuild from scratch.
- Printing out key phone numbers and considering alternate channels to communicate both with staff, customers and suppliers so you have options if the usual channels fail.
- Print out key procedures including your recovery plan and details of any response action plans you’ll be wanting to activate in the immediate aftermath of suspecting a cyber-attack. These response actions will include notifying the Australian Cyber Security Centre via the Report Cyber website or calling 1300 CYBER1 for technical support and following a playbook such as the Ransomware Emergency Response Guide in the event you do not have incident response support.
Building your recovery plan
The purpose of a recovery plan is to minimise loss of downtime by enabling business continuity. It does this by providing strategies to help maintain operations during the incident and to restore full operations afterwards.
To build an effective recovery plan, you first need to think about what is most critical to your business operations – what systems, processes and assets must be operational to fulfil your business’ purpose? Knowing exactly what is most critical to maintaining operations is pivotal in terms of knowing where you are going to expend energy to restore assets, in what order you’ll be trying to do this and when you’ll trigger the move to workarounds.
The plan should also cover strategies for contingencies. For instance, if looking at business-critical processes, do you have a backup system that you can pivot to? If your default will likely be to revert to pen and paper then it’s worth having procedures written down and printed that could be shared with staff so they can restart operations and understand how to operate in this fashion.
Another key issue is considering how and when you’ll communicate with stakeholders – at what point you will tell which stakeholder groups such as regulators, customers, staff and suppliers you have suffered a suspected breach, and who will be the person responsible for informing each of these groups, and how much information you’ll be willing to provide.
In planning for this, it’s useful to consider that it may be many days or weeks until you have a full picture of exactly how your company has been impacted. A mechanism to address that uncertainty, such as knowing who will likely be on a first response team and making decisions in this scenario and how that team will be meeting is worthy of factoring into the plan.
Finally, it’s important to regularly test your plans – consider how your staff respond when an incident occurs, whether the technology solutions you’ve planned to recover from will actually work, and whether there are things you haven’t thought of. By conducting exercises and testing the systems and processes you’ve designed, you allow your organisation to be better prepared if the worst should come to pass.
While you may at first glance think these apply to larger businesses than yours, they are useful for businesses of all sizes in framing what needs to go into a recovery plan and ensuring that your leadership team hasn’t neglected any important elements.
After every incident, it’s useful to conduct a post-incident review so as a business it’s possible to reflect on what went well, what could have been done better and anything that was missing from the plan that should be added next time.
It’s also important to drill down and reflect on the root cause of the issue to ensure that not just the symptoms, but also any underlying problems that resulted in the breach have been recognised and remedied.
To this end, sharing experiences of breaches in a safe community can help other businesses learn and prepare to better withstand attack next time.
CommBank is committed to protecting its business and its customers from scams, fraud and other cyber-attacks. For more ways to safeguard your information, search CommBank Business Security or visit commbank.com.au/business/security
Things you should know:
This article is intended to provide general information of an educational nature only. It does not have regard to the financial situation or needs of any reader and must not be relied upon as financial product advice. You should consider seeking independent financial advice before making any decision based on this information. The information in this article and any opinions, conclusions or recommendations are reasonably held or made, based on the information available at the time of its publication but no representation or warranty, either expressed or implied, is made or provided as to the accuracy, reliability or completeness of any statement made in this article.
Commonwealth Bank of Australia ABN 48 123 123 124. AFSL and Australian Credit Licence 234945.