CAPstone Webcast Series: Disaster Recovery/Business Continuity with Cloud Security
May 28, 2020
Amid the COVID-19 pandemic, the importance of firms having robust disaster recovery plans (DRPs) and business continuity plans (BCPs) with their cloud security has never been more evident. On May 19 2020, Rahul Mahna, managing director in EisnerAmper’s Process, Risk, and Technology Solutions (PRTS), led a discussion with Desraie Thomas, channel development manager at cybersecurity company Datto, Inc. for EisnerAmper’s Cyber Action Plan (CAP)Stone series webcast titled “Disaster Recovery/Business Continuity with Cloud Security.”
To build, implement and maintain a strong cybersecurity system, there are four pillars to be considered: (1) physical building, (2) computing, (3) network activity and (4) cloud. The discussion focused heavily on the importance of backing-up data, industry trends and BCPs as part of the fourth pillar with the following statistics:
- 43% of all cyber attacks are aimed at small and medium sized businesses;
- 85% of all email attachments are harmful; and,
- Ransomware is up 180% from 2018 – currently, a business is hit with ransomware every 13.275 seconds.
Many companies were not prepared to provide their employees with remote access when the pandemic started; setting them back -- and stressing the importance of having a BCP. Mahna pointed out that many businesses may have already had a BCP, yet never tested it on a large scale -- and in many cases, failed. “A robust BCP requires the consideration of many key elements such as: clearly defining your team, effectively testing objectives, continuous IT operations, crisis communications, and back-up strategy,” he said.
Thomas also shared some insights in protecting oneself and one’s organization: (a) implementing and maintaining written policies and procedures; (b) implementing password policies and requirements; (c) restricting software downloads from untrusted sources; (d) conducting and administering user-awareness training at least twice a year if not every quarter; (e) keeping current with maintaining virus definitions, engines and software can improve the effectiveness of anti-virus programs; (f) having a policy for mobile devices (BYOD) and, (g) most importantly, backing up data regularly.
You can access the transcript of the webcast here.