November 2017 – Another month. Another hack. Uber, the widely recognized ride sharing company, revealed last Tuesday that in late 2016 the personal information of 57 million riders and drivers was exposed. This comes at a time when Uber is dealing with multiple internal legal battles.
Regulators were not informed until recently that Uber paid hackers $100,000 to destroy the sensitive data, and further legal action against the company may come as a result. By gaining access to Uber’s systems through a third-party cloud-based service, the hackers found the username and password to access user data stored on Amazon servers. Although Uber is a large company with cyber defense mechanisms in place, this was not a sophisticated hack. Companies on occasion will accidentally keep credentials in source code that is uploaded into vulnerable areas on the cloud.
In terms of scale, Uber’s hack comes nowhere near the size of other major breaches. Cyber criminals targeted Equifax earlier this year, compromising the personal information — including names, addresses and social security numbers — of over 145 million people. In 2013, a hack of Yahoo impacted all 3 billion accounts. This emphasizes that no company is impenetrable from cyber threats, and to believe so is naive. Having strong external defenses, such as industrial firewalls, is a great start but will not protect your information forever. How a business reacts once it is breached is the single most important piece of the disaster recovery puzzle.
So, where to start? Well, ask yourself this question – why does disaster recovery matter? Whether you operate a small business or a large corporation, you strive to remain competitive. It’s vital to retain current customers while increasing your customer base — and there’s no better test of your capability to do so than right after an adverse event. There are 6 steps to create an effective recovery plan:
- Identify the scope of the plan.
- Identify key business areas.
- Identify critical functions.
- Identify dependencies between various business areas and functions.
- Determine acceptable downtime for each critical function.
- Create a plan to maintain operations.
One way to ensure your plan is not successful is to adopt a casual attitude toward its importance. Every DR plan must be supported from the top down. That means senior management must be represented when creating and updating the plan; no one can delegate that responsibility to subordinates. In addition, the plan is likely to remain fresh and viable if senior management makes it a priority by dedicating time for adequate review and testing.
Management is also key to promoting user awareness. If employees don’t know about the plan, how will they be able to react appropriately when every minute counts? Although plan distribution and training can be conducted by business unit managers or HR staff, have someone from the top kick off training and stress its significance. It’ll have a greater impact on all employees, giving the plan more credibility and urgency.