Before the internet and mobile devices were essential workplace tools, disaster recovery plans were established to mitigate the effects of physical catastrophes like fires, floods, and severe storms. But in today’s connected environment, digital disasters — such as blackouts, data breaches, and hardware failures — are an even greater threat.
The vast majority of businesses rely on mobile devices to access, process, and communicate information for their daily operations, yet 20% of businesses don’t have a plan in the event of a digital disaster, and 58% of small businesses are unprepared for a data loss event. Major disruptions can lead to lost revenue (between $10k and $5million per hour), brand damage, unhappy customers, and more. The longer the recovery time, the greater the impact.
With so much at stake, a good digital disaster recovery plan is essential. Such plans are invaluable to any companies that rely on mobile devices to access important corporate data, as they help prepare a coordinated response that mitigates the fallout and enables a rapid recovery from disruptions.
What is a digital disaster?
A digital disaster is any event that causes a disruption or loss of a company’s digital assets or the devices used to access them. Examples include:
- Hardware failure: Issues with servers, computers, hard drives, mobile devices, and other physical assets that prevent access to corporate data.
- Examples: Physical damage, lost or stolen devices
- Hacking: Malicious activities from an external source that lead to compromised or lost company data or assets.
- Examples: Ransomware, data scraping
- Internal threats: Accidental or intentional employee behavior that leads to losses/leaks of corporate data or the devices used to access it.
- Examples: Sharing confidential information, accessing data over an unsecure connection
- Network failure: Downtime caused by loss of internet or mobile network connection.
- Examples: ISP outages, power outages
- Software failure: Software issues that lead to downtime or compromised data/devices.
- Examples: Failed software upgrades, software security flaws
What is a digital disaster recovery plan?
A digital disaster recovery plan is a strategy used to prevent digital disasters, mitigate the damage, recover lost assets, and return to business as usual. It’s a formal document that contains detailed instructions on how to respond, which stakeholders to involve, what to prioritize, and how to restore business operations.
What does a digital disaster recovery plan include?
While the exact plan will vary from one organization to another, here’s what a digital disaster recovery plan generally entails:
In order to mitigate disruptions and reduce downtime, it’s essential to frequently back up data. A proper backup strategy ensures that you can recover a copy of your corporate data in the event that your primary storage solution is compromised. Periodic backups are key as they ensure that your data is always up to date, and they can even be set up to back up automatically. It’s best to have a secondary location for data storage in the event that the primary option fails and cannot be accessed. Consider using some of the following backup options:
- iCloud / Google
- Other cloud-based applications specific to your use case
For physical assets like mobile devices, it’s important to have spare devices on reserve that can be set up and restored quickly in order to prevent significant downtime.
An MDM solution
If an MDM isn’t already a major part of your digital disaster recovery plan, it should be. Mobile device management software gives your IT department the ability to set up and enforce policies to monitor, secure, and manage all of your organization’s mobile devices. Controlling devices with an MDM can help prevent threats, mitigate data theft, and assist with device setup when replacements are needed. MDM will not help you with making backups, but it can at least auto-deploy applications and other needed content which will lessen the blow if data loss occurs. Plus, in the event that a device is stolen, an MDM can be used to put the device in lost mode.
There are a number of potential threats that can occur at any time as a result of regular business operations. Preventative measures are a key part of any digital disaster recovery plan, as they can help reduce the likelihood of any major disruptions happening in the first place.
Beyond the scary threats – like mobile threats and scams – that are more difficult to protect against, company equipment, especially mobile devices, are susceptible to physical damage. Drops, dings, and dents can take their toll over time, so it’s important to ensure devices are protected so that they last as long as possible. Consider equipping your devices with cases that protect against drops and other damage. If your workplace is especially dangerous for phones, look into rugged smartphones that are built to work under pressure. But above all else, it’s important to have some spare devices on hand, or an easy way to access replacements. This will help you get your network back up and running much faster than having to call your carrier and wait for them to ship replacement devices.
In order to reduce the possibility of data loss or leakage, companies should prioritize data security. This involves creating processes for storing, sending, and accessing company data, securing mobile devices using an MDM solution, establishing guidelines/requirements for the safe use of mobile devices, etc.
The principle of enforcing least privilege
While it might be easier to give employees free reign to all company tools, resources, and data, unrestricted access can be a huge security threat. Instead, practice the principle of least privilege: Only give employees access to the resources they need to do their job – nothing more, nothing less. By limiting mdm admin privileges, fewer people will have access to sensitive company information or the ability to control your company’s devices.
Companies should keep a log of all of their assets — both physical and digital — to maintain oversight over their mobile ecosystem. In the event of a digital disaster, an inventory list can help identify which devices were affected so that they can be repaired, restored, or replaced with limited downtime. It’s also important to ensure that each device either has location services enabled or is accounted for via MDM detection/compliance, so that they can be easily tracked down if they are lost or stolen.
Failover solution (temporary systems)
To prevent significant downtime, companies should identify failover solutions — backup systems that can be used in the event of a digital disaster. This can include a collection of backup devices, an alternative data storage solution, temporary service providers, etc.
In the event of a digital disaster, it’s important to identify priorities for recovery and restoration of operations. Determining which aspects to address first can help get operations back up and running sooner and limit the fallout from the event. Priorities can vary from business to business, but considerations include:
- Mobile devices
- Business critical data
- Software applications
- Internet or mobile networks
It’s important to remember that some solutions require supporting hardware or software to function effectively (and securely!). For example, reactivating hundreds of mobile devices without an active MDM system would result in hundreds of unsecured devices that could worsen the issue or lead to further issues. Establishing priorities can help prevent such mishaps and ensure that operations can return to normal safely and securely.
In order to understand whether or not your plan will actually work in the event of a real digital disaster, it’s important to stress test your entire digital disaster recovery plan. Create a digital disaster response team and test various scenarios to get a better understanding of your strengths, weaknesses, vulnerabilities, and opportunities for improvement.
Once the damage is done, restoration framework can help identify key equipment, stakeholders, systems, processes, and partners that can help with recovery and get your business back on track. A major digital disaster can be messy to clean up, especially if communication systems are disrupted in the process. Having a restoration framework in place can provide guidance and establish steps toward recovery. If mobile devices are affected by a digital disaster, you can start with the following:
- Check to see if devices are damaged beyond repair.
- If the screen is no longer lighting up, an external screen can be attached temporarily to access the phone and backup information.
- If the device will not power on anymore, try plugging it in or swapping in a spare battery.
- Check to see if the needed information was backed up to your preferred backup system.
- Replace devices with new or temporary devices, then restore from latest backups.
- Distribute Apps, documents, and configurations automatically with an MDM.
- If damaged beyond repair, ensure they are destroyed before disposing to mitigate data loss.
Without a plan in place, a digital disaster can be absolutely devastating, no matter how big or small your business might be. From power outages to ransomware and everything in between, it’s important to be prepared so that you can reduce downtime, mitigate the fallout, and get back to business as soon as possible. If the thought of creating a mobile digital disaster recovery plan is daunting, LINQ can help. As an experienced managed service provider, we can help you put the processes and systems in place to protect your business from mobile digital disasters.