The Draft Information Security Policies as presented by The Department of Public Service and Administration states the following:
"Backup of the organisation's data files and the ability to recover such data is a top priority.
Managements are responsible for ensuring that the frequency of such backup operations and the procedures for recovery meet the needs of the State."
In this day and age, information security or data protection is the key to survival after a disaster for any organisation.
The government draft policy also states that one of the most vital things to consider when implementing data protection policies is that all procedures and methodologies enabling data protection must be tested from end to end. This means testing from the point of backup to the point of restore and ongoing operation.
What the government draft policy is really trying to tell us is that for data protection, and all other aspects of recovery from disaster, it is essential to have a fully tested business continuity plan in place. Read this for more information on what a business continuity plan should contain.
Specifically, data protection is incredibly vital for any modern business.
Data protection is at the heart of your business continuity plan. In reality, although the business continuity plan is a holistic plan covering all aspects of disaster recovery, it is almost impossible for a business to recover from a disaster without an adequate data protection plan as part of the business continuity plan.
It is highly recommended that data protection begins with an off-site, online backup plan.
If your volumes of data are so large as to make this impossible, back up to data protection servers located outside of your premises, possibly a separate building. But in order to ensure adequate data protection and recoverability, you should back up your financial and business critical data to an off-site, online backup service provider.
Your data protection service provider should store your data in an encrypted state on their servers. This is to ensure 100% confidentiality of your data and to ensure that no unauthorized people can access your data.
Another vital part of your data protection plan must be to adequately protect your business servers and computers from viruses, malware and employee abuse.
Potential data theft and infection of computers by viruses or crypto-locker type software should form a part of your data protection plan. It is vital to have a modern, cloud-based advanced protection service on your business's computers.
Your plan needs to be adaptable.
Revisit your data protection plan regularly to check that all new machines are protected and backed up to ensure ongoing data protection throughout your business.
Make sure that all relevant devices are included in your data protection plan.
Know where most of your company's work is being done. In today's world people are more inclined to bring their own machines in to work on. Include these in your plan and make sure that all your company's data, regardless of the source, is backed up.
In conclusion, your data protection plan forms a vital part of your comprehensive business continuity plan. The entire plan - including the data protection part of your plan - needs to be reviewed and tested on an ongoing basis to ensure they are current and workable.