In an era of continuous business operations, being offline has become unacceptable. This drive for high availability, although exciting, also poses serious risks to the security of your data. Any form of downtime can be detrimental to the livelihood of your business, since it affects reputation and revenue. Here are 12 tips to accomplish the always-on business with confidence against an intrusion.

1. Understand What’s Critical

You can’t protect what you don’t know exists. In order to determine what data is sensitive or critical, don’t just look at your applications from an IT point of view.

2. Involve Other Departments

Engage with others to assess needs from differing perspectives: business operations, customers, regulators/auditors and shareholders. Keep this list of what’s critical updated because it evolves.

3. ITGRC (Information Technology Governance Risk and Compliance) 

Build a program. Assess the organization’s maturity and adequacy, and demonstrate progress. This progress may be incremental. But do not underestimate the resources needed to run a meaningful program. Know who decides what’s important and keep a dialogue open with all business units. (See our recent guide for more info.)

4. Vulnerability and Threat Management

An essential part of risk management is in understanding the vulnerabilities and threats to your assets and data. This will help you determine how your organization might reasonably protect against these threats.

5. Determine Appropriate Security Controls

Research and figure out the logistics of implementing a security solution that works. Determine how to acquire, implement and monitor the tools that guard your business against threats. Weigh risk criteria with their associated asset and impact values to determine cost-effective controls. Gauge their impact to ensure stringency does not significantly, adversely impact the original business value.

6. Backups

Backups are boring and an imperfect target, especially as datasets continue to grow. But strive to be diligent on everything that is sensitive and critical to your company. Archive hard copies of the most valuable data assets offsite. Test the accuracy and restoration of those backups.

7. Replication

Anything that needs to be recovered quickly, both in a natural or human-related disaster, should exist in an alternate location. Based upon importance, tier your applications into levels of recovery.

8. Critical Applications

Critical applications should be in a high-availability environment, also known as “hot” or always-on. Others may be able to withstand a couple hours or days of downtime. Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) will help determine which type of replication is best for each application. Consult the ITGRC, because all owners may desire everything to be always-on, which may not be immediately feasible.

9. Planning and Preparation for Disasters

Hope for the best, but prepare for the worst. Plan and test against someone smarter and more determined than you. Include not just the technical aspects, but also communications, PR and budgeting for the worst.

10. Acquire Insurance

Prepare for not only financial aspects of loss, but also the reputational impacts and legal liabilities of a breach. In lieu of reinforcement of some controls, pay more money to cover yourself, but remember this doesn’t really fix the problem.

11. Befriend Law Enforcement and Lawyers

Lawyers and law enforcement are skilled at handling malicious and careless activities. They can also help with what insurance doesn’t cover. Know who to contact before necessary.

12. Hire Trusted Partners

Retain advisors or professionals to review, audit and assist with your security and data recovery because they offer a fresh perspective for improvements. Third-party opinions matter because they may have more experience and resources than you.


Confidence begins with a plan that works. Don’t wait until a disaster strikes to take action. If you’re experiencing pressure to improve your current IT program, don’t fret. These tips should set you on the right path to a secure business environment with optimized recovery. For input from a security guru, drop a line to Bluelock. We offer a flexible, tailored approach to disaster recovery planning with a proactive support team that acts as an extension of your IT team.

Find the full article at CIOinsight

Image Source:
Blog Post

Are You Fully Prepared for Cybersecurity Threats?

Due to increased attention on cybersecurity events in the news recently, Bluelock commissioned IDG Research for a survey of executive leadership and IT managers across six major industries. In this survey, 64% of respondents cited lost customer confidence as their primary concern.

View Blog Post
Blog Post

Cyberattacks Are Inevitable, So Plan Accordingly

It’s no longer “if,” but “when” and “when again” your company will be attacked. Worse, sometimes these intrusions can go unnoticed for months.

View Blog Post
Blog Post

How Secure Is Your Aging IT Infrastructure?

Of the 115,000 Cisco devices analyzed in Cisco’s 2016 Security Report, 92% had software with known weaknesses to security incidents.

View Blog Post