Why you need a recovery plan

Imagine your business has been impacted by a cyber attack. Perhaps you’ve lost access to your email server and your internal messaging platform so you cannot contact any of your staff. How are you going to communicate this? 

You may no longer have access to your customer relationship database, so all of a sudden you have no means of knowing who your customers are and how to contact them.  

Your website may be down – how are you going to take orders for your products? Or even let your customers know that the business is experiencing an issue? 

What if your inventory management system can no longer be accessed or trusted? Or your accounts records? 

It’s a nightmare scenario for many businesses and depending on the scale and nature of both the attack and your business operations, it could be an existential crisis for many as costs and reputational impact can spiral. 

Your business recovery plan and all the preparation done ahead of time to practice for this scenario is integral to how quickly and efficiently your business can restart.

How to plan for successful recovery

There are several steps you should take now to make implementing this plan simpler if it’s needed in the future. These include:

  • Backing up critical databases, storing them off network, and then testing these back-ups so you are confident that if needed, they are up to the job of helping you rebuild from scratch.
  • Printing out key phone numbers and considering alternate channels to communicate both with staff, customers and suppliers so you have options if the usual channels fail.  
  • Printing out key procedures including your recovery plan and details of any response action plans you’ll be wanting to activate in the immediate aftermath of suspecting a cyber attack. These response actions will include notifying the Australian Cyber Security Centre via the Report Cyber website or calling 1300 CYBER1 for technical support and following a playbook such as the Ransomware Emergency Response Guide in the event you do not have incident response support.

Building your recovery plan

The purpose of a recovery plan is to minimise loss of downtime by enabling business continuity.

It does this by providing strategies to help maintain operations during the incident, and to restore full operations afterwards. 

To build an effective recovery plan, you first need to think about what is most critical to your business operations – what systems, processes and assets must be operational in order to fulfil your business’ purpose? Knowing exactly what is most critical to maintain operations is pivotal in terms of knowing where you are going to expend energy to restore assets, in what order you’ll be trying to do this and when you’ll trigger the move to workarounds. 

The plan should also then cover strategies for contingencies. For instance, if looking at business-critical processes, do you have a backup system that you can pivot to? If your default will likely be to revert to pen and paper then it’s worth having procedures written down and printed that could be shared with staff so they can re-start operations and understand how to operate in this fashion. 

Another key issue is considering how and when you’ll communicate with stakeholders – at what point you will tell which stakeholder groups such as regulators, customers, staff and suppliers that you have suffered a suspected breach, who will be the person responsible for informing each of these Groups, and how much information you’ll be willing to provide. 

In planning for this, it’s useful to consider that it may be many days or weeks until you have a full picture of exactly how your company has been impacted. A mechanism to address that uncertainty, such as knowing who will likely be on a first response team and making decisions in this scenario and how that team will be meeting is worthy of factoring into the plan. 

Finally, it’s important to regularly test your plans – consider how your staff respond when an incident occurs, whether the technology solutions you’ve planned to recover from will actually work, and whether there are things you haven’t thought of. By conducting exercises and testing the systems and processes you’ve designed, you allow your organisation to be better prepared if the worst should come to pass.

Useful templates

While you may at first glance think these apply to larger businesses than yours, they are useful for businesses of all sizes in framing what needs to go into a recovery plan and ensuring that your leadership team hasn’t neglected any important elements. 

Australian Cyber Security Centre Emergency Response Guide

Australian Cyber Security Centre Cyber Incident Response Plan Readiness Checklist

Reflection

After every incident, it’s useful to conduct a post incident review so as a business it’s possible to reflect on what went well, what could have been done better and anything that was missing from the plan that should be added in next time. 

It’s also important to drill down and reflect on the root cause of the issue to ensure that not just the symptoms, but also any underlying problems that resulted in the breach have been recognised and remedied. 

To this end, sharing experiences of breaches in a safe community can help other businesses learn and prepare to better withstand attack next time. 

You can learn more about how to recover from a cyber attack here. You can also find detailed information of recovery plans at https://www.cyber.gov.au/report-and-recover

If your business does experience a cyber incident you can contact us – either on 13 22 21 or on 13 23 39 for CommBiz customers, and report to the Australian Government Report Cyber | Cyber.gov.au.

Keeping your accounts safe is our priority. That’s why we have a range of security features and services to help keep you secure 24/7, including fraud prevention technology and secure banking. Find out more at commbank.com.au/business/security