Creating a Disaster Plan to Ensure Your Company�s Security


Creating a Disaster Plan to Ensure Your Company’s Security

From the May/June 2017 issue of New Jersey CPA magazine (njcpa.org/newjerseycpa

By Paul C. Ursich, CPA, and Robert Risk, Wiss & Company LLP

When it comes to defending your enterprise from undefined catastrophes, traditional disaster recovery tactics are no longer adequate. If cyber terrorists seize your company’s critical information, or if human error or natural disasters erase your company’s data, your resources cannot be swiftly returned by outdated recovery methods. To sustain your company’s position in a combative marketplace, it is vital to form a modernized disaster planning solution customized to fit your needs. By using judicious, solid components of recovery, such as business continuity planning (BCP), disaster recovery (DR) and penetration testing, your business can diminish losses and emerge from misfortunes relatively unharmed and ready to persevere.
There are comprehensive steps to devising and enacting a suitable disaster plan. The following points outline the roadmap to ensuring your company’s security:

1. BUSINESS CONTINUITY PLANNING

From minor to catastrophic adversities, businesses can face myriad inconvenienc­es in their lifetime. Fortunately, BCP can assist companies in marching forward and continuing operations through hardship. A solid BCP should include a cyber insurance review. Cyber insurance helps businesses mitigate the risk of a data breach or net­work security failure. The method encompasses steps such as singularizing latent threats, determining the extent of these threats, employing precautions and measures aimed to mitigate said risks, testing defenses, and redesigning the formation to confirm it is up-to-date with the latest features and components.

However, it is important to note that although BCP can help a company prolong business-as-usual when confronting common misfortunes like fires or floods, the strategy is not as valuable if the disaster affects a hefty sum of the populace, such as a disease outbreak. One example would be a finance establishment that backs up its data offsite. If something were to happen to their headquarters, satellite offices would be able to retrieve vital information and help the business to continue to operate.

2. DISASTER RECOVERY

To shield businesses from sweeping catastrophes, disaster recovery efforts can assist in the recovery of an organization’s software, hardware and data, as well as the recommence of standard, critical busi­ness functions. As a slice of BCP, disaster recovery plans consist of calculated and extensive planning, assessment and possi­bly an isolated site for restoring corporate operations. Moreover, though the majority of DR planning concentrates on recovery of data, companies must recognize the multifaceted prospects of disasters, such as illnesses that can wipe out staffing, and consider them when designing a DR plan. The plan must be inclusive and understood by key staff members so they can act ac­cordingly when a disaster strikes. It should also be updated when staff join or leave the team, a new branch office opens, or new software or hardware is added.

3. PENETRATION TESTING

An effective weapon against any disaster that crosses your company’s path is the execution of a penetration test. This effort can proficiently gauge the security of your IT infrastructure by carefully attempting to unearth any vulnerabilities. These weak­nesses may subsist in operating systems, service and application faults, unfitting configurations, or perilous end-user behavior. Such examinations are also advantageous in authenticating the efficacy of defensive appliances as well as end-user observance to security procedures.

The swift stride of change in the indus­try, coupled with the menace of informa­tion loss in small or massive data platforms, elevates the importance of augmenting protection against malintent or disasters. Since catastrophes materialize in a variety of forms, your company must have a vigor­ous and well-tested disaster plan equipped to safeguard your business and its resourc­es. Disaster planning commands a novel way of thinking, where businesses can take advantage of fresh technologies that can maintain pace with data evolution and the preservation of valuable information from unforeseen setbacks.

 
Paul C. Ursich, CPA, is the director of business advisory services for Wiss & Company LLP. He reviews accounting processes and procedures and implements strategies and technologies to increase overall efficiency for clients. Paul is a member of the NJCPA and can be reached at pursich@wiss.com. Robert Risk is the director of technology advisory services at Wiss where he specializes in strategic business decisions, system implementations and aligning information technology with organizational goals. Bob can be reached at rrisk@wiss.com.