As part of your business continuity plan, we’re taking a look at the role your teams play in preventing a disaster, this is a large part of your plan as depending on the size of your business, there’s plenty of margin for error.
Education and training is key here, your teams need to understand every aspect of a potential disaster and how they can prevent it as well as not initiate it! Clicking on a spurious link, switching off the wrong power supply or forgetting to set the alarm are all very real situations that can easily happen.
Here, we cover the most valuable things you can do to get your team on board with keeping the business moving.
Passwords
Nowadays these go without saying on devices and systems, but they need to be secure. The National Cyber Security Centre advise three random words with upper and lower case and/or characters, the more random the better, Think KumquatSpaceField or GooseLifeTree that sort of thing! For a strong but simple to remember password try sentence case around something memorable. For example the sentence could be; ‘My first car was a silver volkswagon golf in 1995’ so the resulting password would be ‘Mfcwasvgi1995’ you can mix upper and lower case and add in special characters also.
Access to business systems and files
The pandemic has taught us a lot about hybrid working, now the UK is opening up, employers need to tackle security on multiple levels. Your teams can now work in the office, at home or from any location, so protocols must be in place.
So how do they access essential files and collaboration tools from anywhere? The most secure way to do this is via a VPN service. This ensures that they can access everything they need via fully encrypted access into your network.
It’s also worth noting here that its best to have a company-wide policy that staff are only granted access to the items they need and files they use regularly. This again reduces any margin for error plus accidental deletion and overwriting.
You could also create an information policy, with ongoing training so each member of staff is cyber-vigilant. They should be clear on business and personal use of devices, handling of information in and out of the office and what to do if an incident occurs.
If you allow BYOD, you’ll need a clear policy around this and to ensure that they have full encryption on each device. Again this is where a VPN comes into its own.
Training and threat replication
As we mentioned earlier, training is key and not just upon entering the business, staff need to be regularly educated on all aspects of business continuity and disaster prevention. The more they understand and are involved in the process, the more vigilant they will be.
There’s a huge amount of support on the National Cyber Security Centre website and many local police forces run sessions free of charge around cyber awareness.
You can also replicate a potential threat through fake phishing emails to see if a percentage of your team are likely to click. These aren’t designed to apportion blame, more to see where any gaps in education need to be addressed.
Power supplies
We heard an interesting story about a server room within a business, an engineer was working on the floor and very nearly managed to switch the entire thing off with his foot. Had it not been for his co-worker alerting him, something like that could have been catastrophic, especially with no Cloud backup!
The moral of this is to think about where power supplies are (definitely have them on a wall!) and if you haven’t already, ensure every machine is plugged into an Uninterruptible power supply (UPS).
For other devices and non-networked machines use a surge protector. It is important to research and/or take expert advice on these to ensure they fit your business requirements plus test them regularly.
Exiting the business
If a member of staff leaves the business, ensure their machine is wiped, passwords are reset and access to company-wide systems are deleted. You should, as part of your plan, hold a list of all their logins and which systems they have access to, so make sure they are turned off on the day they leave.
Its also worth flagging here that any entry cards, keys, code generators etc should be handed back in.
This is just starter for ten on some of the larger aspects you’ll need to cover in your plan. As always Cloud Heroes are here to help, advise and we can even devise your entire plan for you. We’ve got a wealth of experience and our own cleverly designed solutions to keep your business running no matter what happens!