In recent years huge strides have been made in effective cloud-based Disaster Recovery systems. Intelligent CIO spoke to Nick Saunders, a cyber-resilience expert at Mimecast, to discuss the impact of a disaster and the best way to avoid one.
If disaster strikes and a company loses its data, what impact can this have on it?
In today’s information-driven world, data has become central to the running of any business. How we store and protect this data should be a top priority for any organisation. Data loss due to malicious or inadvertent leaks can be a serious problem for organisations today. Whether it’s intellectual property, customer data or sensitive financial information, data loss can have negative impacts on customer relationships, business competitiveness, corporate reputation and your bottom line. And as the threat landscape evolves, data loss is becoming more and more likely, with threats such as ransomware, impersonation, and malicious files or URLs becoming a common occurrence.
The EU’s General Data Protection Regulation (GDPR) will be coming into effect on May 25 2018. This will affect every organisation around the world that collects or processes data on residents domiciled within the EU, including permanent residents, visitors and expatriates. Under GDPR, all organisations must demonstrate they have proper controls over the processing and security of personal data, including how data is used, stored, kept up-to-date, accessed, transferred and deleted.
Penalties for non-compliance could cost organisations upwards of €20 million or four percent of yearly worldwide revenue, whichever is higher. Organisations therefore need to ensure that they have the right security measures in place to help ensure that personal data doesn’t get into the wrong hands. They should also be able to archive their data in a fully encrypted, immutable and redundant system, as this decreases the risk of data loss and allows recovery of data, should disaster strike.
What are the main ways a company can find itself losing its data?
There is a growing risk of accidental deletion, data corruption, cybercriminal attacks and malicious users or administrators. Email is one of the most prevalent sources of data loss and leaks. It represents one of the most vulnerable parts of security efforts to keep data and proprietary information protected.
Data loss can be the result of something as simple as having an email accidentally addressed to the wrong person or having messages sent surreptitiously with sensitive attachments. Data can also be exposed to external threats, when the right security is not in place. Malicious actors are increasingly using targeted threats to steal data or hold it ransom.
What is the best way to plan for Disaster Recovery?
Email disaster recovery is a critical part of IT security. When email goes down, business will quickly grind to a halt. Email downtime means reduced productivity, lost customers and lower revenue. When an outage occurs, the organisation needs a way to restore email as quickly as possible.
Organisations should first look to deploy advanced security services to defend against targeted email security threats. However, in the event of a successful attack, an organisation needs to ensure that they can continue to send and receive email. Employees have zero tolerance for downtime. When an outage does happen, consistent communication and fast service restoration are an absolute must.
Furthermore, it’s important to have a secure cloud archive solution. Why in the cloud you may ask? A cloud archive provides a scalable, secure back-up of all email in the cloud to protect against data loss, corruption and malicious activity. But more importantly it offers more than simple back-up and recovery, it enables access to archived emails anywhere, anytime and on any device in record speed.
Uninterrupted access to email and archives during server downtime is a win-win for everyone: lines of communication stay open, productivity remains high and disruption after a cyberattack remains low.
What would you identify as the different elements that form an effective disaster management strategy?
Back-up is an important part of a recovery strategy for any CIO. However, unlike the strategies of old where back-up fulfilled the purpose of ‘just in case’, the CIOs of today need to consider back-up and recovery as part of their wider cyber-resilience strategy. This means understanding the threats and deploying solutions that protect their organisation, allowing users to continue during a failure or breach and ensuring they are able to recover quickly. The best way to manage disaster is with an effective cyber resilience strategy.
When it comes to cyber resilience for email, all organisations should consider the following:
- Advanced security: Defend against email-borne impersonation attempts; malicious URLs and unknown malware attachments; threats that are internal to the organisation; as well as spam and viruses. Additionally, the proliferation of advanced cyberattacks, like ransomware, along with the continued migration of email to the cloud or hybrid environments, is requiring organisations to rethink their approach to email security.
- A multipurpose cloud archive: Having a tamper-proof email archiving system in place insures your business against data loss, should your primary email system be compromised. In the event of an unexpected outage, cloud-archived email records mean your organisation can be up-and-running again in minutes. Simply put, no disaster recovery or digital business continuity plan is complete without a solid email archiving solution in place.
- Business continuity: Organisations need to be prepared to quickly and seamlessly switch to an available service, should downtime, due to breach, human error or technical failure, occur. With a continuity solution, employees can continue to access everyday tools, like Microsoft Outlook or G-Suite by Google Cloud, without disruption.