Everyone Is a Participant in Information Security

The information security team may have security in their name, but that doesn’t mean they own it. Security requires the active participation of everyone in the company, from management to facilities staff, in order to prevent and respond to incidents.

Preventing Security Incidents

Everybody has a role in preventing a security incident:

Management: Management sets the standard of behavior for everyone else in the business. If managers are seen treating security casually, no one else will take it seriously, either. This means managers, including senior executives, need to participate in the security training that’s mandated for everyone else; they need to demonstrate safe computing practices, like not writing down passwords and sharing them with their admins; and treating compliance audits as beneficial, rather than a necessary evil.

Finance: The financial team needs to understand the value of spending on security and authorize the appropriate expenses. In addition, the financial team needs to understand the sensitivity of the data they work with and take steps to avoid falling for targeted spearphishing attacks that seek to steal account numbers or trigger funds transfers inappropriately.

Human resources: The HR team, through its training programs, is responsible for ensuring everyone receives the necessary information security training. In addition, the HR team has the responsibility for ensuring the hiring process employees appropriate background checks and handling disgruntled employees to minimize insider risks.

Facilities: Physical security of your premises is an important component of information security.

Information security: Of course, the information security team has a major role in preventing breaches through developing security strategies and implementing tools to protect valuable corporate data.

Everyone else: All employees are responsible for using safe computing practices, including creating strong passwords and not sharing them. Employees are responsible for paying attention to the mandated information security training and taking those lessons back to their workspaces.

Responding to Security Incidents

If you unfortunately experience a security breach, you need a solid incident response plan. Multiple teams will have roles in the response, including:

Management: Management is responsible for ensuring that the incident response plan is executed, as well as overseeing related activities.

Marketing and communications: One of the biggest challenges in responding to a breach is communicating the event and how you are responding to it. In addition, your teams may need to ramp up marketing to mitigate reputation damage and minimize lost business.

Legal and compliance: A data breach isn’t just an internal matter; depending on your industry and location, you may have to satisfy legal and regulatory mandates regarding notifications, compensation, and other breach-related events. Your legal and compliance teams will make sure you follow the letter of the law on these actions.

Information security: Your technology team needs to complete several different activities. First, they need to identify the impact of the breach and determine the extent of the data loss. Second, they need to discover the root cause that allowed the breach to occur, and implement a strategy to prevent that type of attack from recurring. In addition, they should conduct a thorough review to identify other vulnerabilities and take steps to reduce the risk you’ll be victimized through a different form of attack.

Learn more about creating a disaster recovery plan.

Contact CCS Technology to start developing a comprehensive information security strategy, or browse the additional resources below for more information on getting started.

Additional Information Security Resources

Create An Information Security Culture to Protect Your Data

Don’t Overlook These Information Security Basics

7 Common Mistakes That Place Your Data in Danger

Take These Steps to Avoid Expensive Ransomware Recovery Costs

Recovering from ransomware has cost affected entities millions of dollars—Baltimore spent more than $18 million to bring systems back to their normal state. To avoid budget-crushing costs, it’s imperative to defend against attacks and have a plan for responding to incidents.

Understand the Scope of the Needed Defenses

There isn’t a single measure you can take that will be effective against all ransomware, any more than there’s a single measure that will block all other kinds of malware. Defending against ransomware begins by understanding that defenses need to be widespread. Do a review of your data to identify the most vulnerable and most valuable so you can focus your efforts where you’ll gain the most benefit. Similarly, conduct a review of your network architecture to ensure the most important applications are isolated from the wider network.

Get Your Backups Ready

You can prevent some files from being corrupted by ransomware by setting filesystem permissions, but restoring from backups is often the only way possible to recover from a ransomware attack. It’s crucial that you ensure your backup procedures work. Make sure your backup scripts cover all critical systems, and run a test to ensure you know how to correctly restore a server. Keep a copy of the backup that isn’t connected to networked devices in order to prevent ransomware from accessing the storage.

Learn more in Don’t Lose Your Files to Ransomware.

Block Dangerous Software from the Network

If you can keep ransomware out of your network, you’ll never have to attempt to restore from backup. If you’re behind on installing patches, catch up now, and put a process in place to keep you up to date. Ensure firewalls, blacklists, and mail server filters prevent potentially risky files from reaching end users.

Protect User Devices

Take steps to prevent ransomware from spreading and limit the number of affected files if it reaches user devices. Turn off file sharing and disable Windows PowerShell and Windows Script Host. In Microsoft Office, disable macros. Ensure antivirus software is installed and do scheduled full scans. Don’t allow applications to run from App Data folders.

Train Users

Your users are your final backstop against attacks on your network. Train them on good computing practices in general, including recognizing and avoiding phishing attacks. Make sure users know who to contact in case of any suspicious email contacts. Users should know how to disconnect their device from the network and be taught to do so in case of a suspected ransomware incident. Learn more about creating an information security culture.

Ransomware is just one of the many cybersecurity threats businesses need to defend against. It’s important to develop a comprehensive, multilayered security strategy that offers comprehensive protection. Contact CCS Technology Group to learn about how our security services offer protection against ransomware and other information security threats.

If you’re serious about protecting your company – and you should be – there’s a two-pronged approach that will stop most ransomware dead in its tracks. You need solid employee education, and you need the right technical tools.
To find out how, download our guide: Ransomware 101 Guide.

Additional Information Security Resources

Discover the Dangers of the Dark Web

The Key Features to Look for In Your Firewall

6 Ways to Keep Your Cloud Secure

Discover the Dangers of the Dark Web

It’s too late for a Halloween story, but year-round, it’s the things in the dark that scare us. This is true in the online world as much as the real world.

The Dark Web Defined

The web lets us instantaneously access information and resources all around the world by typing a URL into a browser, but there’s a part of the web that’s not easily accessible. URLs that aren’t known to the search engines are called the deep web, and much of that is innocuous, such as pages under development that aren’t yet released to the public. A small corner of the deep web is the more dangerous dark web, where anonymity is preserved and criminality thrives.

The dark web is a vibrant marketplace, filled with stolen data (account numbers, social security numbers, passwords, and other personal information) and tools for hacking. When a data breach occurs, it’s often made possible by malware sold on the dark web, and the stolen data often ends up for sale there, as well. For all the value this data has to its owners, there’s so much of it that it’s cheap for criminals to buy: according to Experian, social security numbers sell for just one dollar.

Dark Web Dangers for Business

As both the source of hacking tools and the destination for stolen data, the dark web is a threat to data security. The dark web is also an inspirational source for criminals. There are those hacking kits that are available, plus guides on how to deploy malware and ransomware, and how to open fraudulent accounts. Wannabe criminals who don’t have their own technical skills can rent a botnet to execute a DDoS attack or buy admin credentials to gain access to a company’s systems.

It can be used in other ways to harm businesses, too. There are sites that aggregate personal information—not just your accounts but also your social media—that can be used to threaten executives.

Learn more in What is the Dark Web and Why Should We Care?

Shine Light into the Dark Web

For businesses to protect themselves against the dark web’s dangers, the first step is to know when the dark web is brushing up against them. Monitoring tools allow companies to detect if any data stolen during a breach has been made available on dark web sites. You can make sure the data is yours through watermarking or fingerprinting.

In addition to monitoring for data from your business, you should also monitor the dark web for references to your business, including names of employees. Monitor for references to specific software and hardware you use, as that chatter can reveal vulnerabilities and potential attacks.

Beyond monitoring, make sure you have a strong cybersecurity process in place. Ensure patches are applied quickly, firewall rules are correct, and consider intrusion detection and data loss prevention software to help prevent theft of data. Make sure your employees are trained to detect phishing emails and to use safe computing practices such as strong passwords.

CCS Technology Group provides security services to help businesses against the dangers of the dark web. Get a dark web scan to learn how to stay safe at Halloween and year round. What you don’t know will hurt you. A Dark Web Scan can uncover if your data is for sale, and tell you if your personal or business data may be at risk.

Additional Cybersecurity Resources

Create An Information Security Culture to Protect Your Data

6 Ways to Keep Your Cloud Secure

The cybersecurity employee training checklist

What is the Dark Web and Why Should We Care?

You’re happily humming along on the internet, thinking you’ve got a pretty good understanding. You can navigate your way around Google, Facebook, Amazon, and news sites. You’re actually only visiting four percent of the internet. There’s a whole world hiding beyond these safe surface-level sites, known as the Dark Web and it’s a much less hospitable place.

What exactly is the Dark Web?

The Dark Web is a conglomeration of websites that cannot be found on search engines or accessed via traditional web browsers because their location and identity is hidden through encryption tools such as TOR. TOR was originally created to protect military communication but now has a much broader utilization for both Dark Web purposes and highly secure communication. You typically have to access Dark Web sites utilizing TOR.

People create sites on the Dark Web in order to hide where they’re operating from, as well as to remain anonymous (TOR hides all IP information, identifying information, as well as data transfers). Over half of the sites on the Dark Web are used for criminal activities.

Why Do People Use the Dark Web?

One of the most prevalent uses of the Dark Web is buying and selling illegal goods, such as recreational drugs, weapons, fake identities, and organs. The proliferation of cryptocurrencies—like Bitcoin—has facilitated these sales. People living within totalitarian societies that restrict communication also take to the Dark Web to share their thoughts freely.

The most dangerous use of the Dark Web for businesses is the exchange of credentials (usernames and passwords) and identities. An individual’s stolen credentials can typically be sold on the Dark Web for as low as $1. Hackers utilize these purchased credentials to:

  • Gain access to important financial information and steal identities (access to a Bank of America account holding $50,000 can be purchased for $500)
  • Access accounts for further phishing attacks
  • Threaten people with exposure of sensitive information (Remember the Ashley Madison hack from a few years back? Those credentials were dumped onto the Dark Web and hackers leveraged them to expose users).
  • Compromise other accounts using the same passwords and perpetuate the sale of personal Information

What can you do about it?

The average citizen will never have a reason to access the Dark Web, but their credentials could easily be floating around, endangering their offline livelihoods. Once your credentials are released on the Dark Web, there is precious little you can do to have them removed. However, you should, at the very least, know when you’ve been compromised so that you can immediately act, like changing your passwords and activating two-factor authentication.

We recommend utilizing a full Dark Web monitoring service that alerts you if credentials appear on the Dark Web. These services constantly scan the Dark Web for your information and alert you whenever something suspicious appears. These alerts don’t necessarily mean a breach has occurred, but they are very good heads up that something bad may be coming. You can then create a plan of attack before any damage is done. Granted, there will be your fair share of false positives, but we firmly believe in operating in the better safe than sorry camp.

How should you get started with Dark Web monitoring?

Our team can run a preliminary scan of your domain revealing the likely breaches in the last 36 months. We’ll then review that report with you and come up with a plan of action to alleviate any major dangers. Click here to request a free dark web scan.

Or learn more in our other article Discover the Dangers of the Dark Web.

Additional Dark Web Resourcs:

What is the Dark Web & How to Access it

Battling the dark WEB

What is the dark web? How to access it and what you’ll find

Dark web data monitoring: 6 questions to ask

Create An Information Security Culture to Protect Your Data

Who do you rely on to keep your data safe? If your answer is your information security team, you’re only half right. Because everyone can cause a security incident (and insiders, either accidentally or deliberately, are the biggest cause of data breaches), information security is everybody’s job. Making everyone realize that requires deliberately creating a culture of information security.

Obstacles to a Security Culture

There are two main obstacles to creating a security culture: your management and your employees.

Management often gives lip-service to the need for information security, but doesn’t practice what they preach. Executives are likely targets for phishing attacks, but they’re often exempt from security awareness training. Many still share passwords and rely on administrative staff to generate reports and access online systems for them.

Employees see management not practicing safe computing, and reasonably conclude it isn’t really a top priority. The security training they receive is often boring or superficial. Their direct managers often emphasize getting the work done, even if it means taking security shortcuts.

Both managers and employees usually understand information security to mean technology that prevents data breaches. Building a security culture means changing that understanding; if you define information security as being about reducing risk rather than preventing a breach, it is easier to see how it’s everyone’s responsibility.

Learn more in Don’t Let These Obstacles Get in the Way of Your IT Security.

Talking About Information Security Is Key

Although much security training is ignored by employees, having conversations about security is key to changing awareness and attitudes. Look into new ways to make training for interesting and more impactful; the “gamification” of training rewards employees for the effort they put into it.

It’s also important to not only teach employees about strong passwords, but explain why they matter: what are the risks and consequences when poor security practices enable a breach. It also requires having a clear process by which employees can report suspected phishing attempts or other security incidents.

In addition, provide tools and processes that help employees use safe computing practices—but use them wisely; restrictions in places where they don’t really make sense will lead to employees searching for workarounds. Have a strong password policy, and give employees access to a password manager so they don’t write them down. Make sure you have an efficient process to grant employees access credentials so they don’t need to share them.

Learn more in The cybersecurity employee training checklist.

Security Isn’t One and Done

The most important way to make security a part of your culture is to make it clear that it’s an ongoing process—employees haven’t fulfilled their security responsibility simply by attending a once-per-year presentation. Have fun quizzes and security tests throughout the year, with rewards for employees who do well or who report potential incidents.

Make your security culture even more effective by deploying security tools that support safe computing practices and reduce the number of threats that get near your employees. CCS Technology Group provides security services that help employees keep your data safe. Contact us to learn more.

Additional Cybersecurity Resources

The Key Features to Look for In Your Firewall

6 Ways to Keep Your Cloud Secure

Closing the Most Common Cybersecurity Holes

Don’t Let These Obstacles Get in the Way of Your IT Security

Information security should be a top priority for any business. You don’t make any money by having good information security practices, but you can lose a lot of money if you don’t: this year, the average cost per record of a data breach was $150, according to the Ponemon Institute. Multiply that number by the size of your database and you can see how the costs quickly mount up.

So if a lack of information security can be so costly, why are there so many data breaches? One reason is that it’s impossible for any defense to be 100 percent effective; there’s always the risk that one malware author will get lucky and break through. But more often, it’s because although companies know information security is important, it isn’t really a priority. There are too many obstacles that get in the way of implementing effective security:

  • Manual processes. When processes like patch updates and vulnerability scans need to be performed manually, it’s easy to make errors or neglect to apply them to some systems.
  • Complex infrastructure. Except for a brand-new startup, every business has a jumble of technology. Different hardware, different operating systems, different operating system versions, multiple software products, and cloud systems make it difficult to develop a comprehensive approach to security that can cost-effectively protect all resources.
  • Lack of budget. In most businesses, IT is a cost center, and that means limited budget that needs to be allocated between projects that help the business grow and projects that add security to protect the business.
  • Employees don’t use safe computing practices. How many computers do you walk past with passwords written down on sticky notes? Information security is everybody’s responsibility, but many companies don’t do a good job educating their non-IT employees about safe computing, including strong passwords and recognizing phishing attacks.
  • Overworked, under-trained IT staff. IT staff is often overwhelmed and spends most of its time fighting fires and putting out today’s problems. Getting training on the latest security threats and their defenses isn’t top priority and isn’t always in the budget.
  • Changing threats. The scope and source of security threats is constantly changing. It’s not just about dealing with new variants of existing malware. There are new kinds of malware, such as ransomware, which has been devastatingly effective in numerous instances. There are also new attack vectors, including mobile devices, the internet of things, and the cloud.
  • Lack of business support. Business management is focused on the business, not IT. They sometimes see information security measures, such as preparing and testing an incident response plan, as a distraction.

Security services from CCS Technology Group can help you overcome these challenges. Our proactive approach closes holes that make you vulnerable to current attacks and implements layered security and defense in depth strategies that help guard against future attacks. Contact us to learn more about how CCS Technology Group can help you protect your business.

Additional IT Security Resources

Closing the Most Common Cybersecurity Holes

The Key Features to Look for In Your Firewall

Phishing 101: What it is, how it works and how to avoid it

The Key Features to Look for In Your Firewall

Keeping your front door locked is the first step in keeping intruders out of your home. Keeping your network’s front door locked is the first step in keeping intruders out of your systems. A firewall provides that first line of defense for your business; here’s what to look for.

Technical Features

It used to be relatively simple for firewalls to offer protection. They blocked or allowed access based on rules regarding ports, protocols, applications, and IP addresses. It could be administratively challenging to keep track of the reasons behind the rules, making maintenance difficult, but the overall idea was straightforward.

Today the protection offered by firewalls needs to be much more technically robust and flexible. Threats come in so many varieties and are created and modified so frequently that limits based on lists of ports don’t offer enough protection. Instead, firewalls must:

  • protect applications regardless of port. Applications today aren’t always run on standard ports, so application-based controls need to be able to identify applications no matter which port they’re using.
  • control applications at the feature level. The firewall also should offer fine-grained controls to ensure application usage conforms to corporate policies. Many online services offer multiple functions, only some of which may be allowed.
  • identify users appropriately. IP addresses aren’t enough to determine who’s accessing your network. Where possible, user-based policies ensure access is limited appropriately no matter where a user connects from. Remote users need the same access and same limitations as on site users.
  • inspect encrypted traffic. It’s ironic that encryption keeps traffic safe as it travels over external networks but hinders safety once the data reaches your network. SSL inspection is critical to protecting you from dangerous traffic, but needs to be performed rapidly with minimal performance impact on end-users.
  • cope with the unknown. It isn’t enough to scan the traffic you expect; your firewall needs to be able to inspect and manage the traffic you know nothing about, including unknown applications and atypical ports. Blocking unknown traffic may prevent users from accessing needed services, but allowing unknown traffic presents a high risk to your systems.
  • minimal performance impact. We mentioned above that SSL inspection can potentially cause performance issues users notice; that’s not the only possible performance impact. Since all your network traffic goes through your firewall, even if all your firewall did was automatically say yes to everything, it would be a potential bottleneck due to volumes. Firewalls need the appropriate amount of ports, CPU capacity, and network in order to do their job without keeping other systems from doing their own jobs effectively.

Operations Features

Firewalls require oversight, but a solution with an easy to use dashboard and minimal routine administrative work eases the impact on your team. It’s also important that your firewall logs capture detailed information that can flow into analytics programs to identify possible attacks on your network.


Finally, the cost of your firewall needs to fit your budget, but balance that investment against the potential costs of doing nothing. The estimated cost of a data breach is $150 per record stolen, according to the latest Ponemon report. With malicious attacks the main cause of breaches, the value of a firewall is obvious.

CCS Technology Group offers security services that guard your sensitive data with firewalls and other protective technology. Contact us to learn more about implementing an effective cybersecurity strategy.

Additional Security Resources

7 Common Mistakes That Place Your Data in Danger

Different Kinds of Malware Need Different Kinds of Defenses

6 Ways to Keep Your Cloud Secure

Don’t Overlook These Information Security Basics

The reason companies fail at information security isn’t because they aren’t installing the latest high-tech defensive software. It’s because they aren’t taking care of the security basics, like installing patches on time. What are some of the other information security basics you might be overlooking?

Managing employee access

Employee access rights shouldn’t be permanent. As job functions change, you should review and revise their access to match the responsibility of their roles. While ideally you’ll do this as soon as they take on a new role, at least review access privileges annually. Even more important, when employees leave the business, you should be sure to disable their access immediately.

Changing default passwords

Admin/admin? Everybody knows that login and password, including the bad guys. It’s easy to overlook changing passwords after you install new software, but it’s necessary in order to keep your systems secure. Use a unique admin password on all your systems in order to ensure you’re protected.

Reviewing security logs

Don’t just review log files after a breach occurs. Log files should be reviewed on an ongoing basis in order to spot breach attempts before they succeed. This doesn’t have to be a purely manual effort; there are good analytics tools to help identify suspicious behavior.

Enforcing secure mobile device usage

It’s convenient to have employees use their mobile devices to conduct business, but it also can be risky. Develop your “bring your own device” policy, teach employees safe mobile computing practices, and consider using mobile device management software to enforce your policies.

Protecting the cloud

Relying on your cloud provider for security of your data in the cloud is a mistake. Information security in the cloud requires both your organization and your cloud provider to take steps to protect your data. In addition, employee “shadow IT” usage of cloud resources can lead to security risks you aren’t aware of; consider using tools that help you detect unauthorized usage of cloud services.

Learn more in 6 Ways to Keep Your Cloud Secure.

Verifying configuration settings

Many security vulnerabilities, especially in the cloud, are the result of incorrect system configuration. Don’t rely on default settings, but make sure you explicitly set them to the values you need. Limit the ability to modify configurations to authorized employees, and use tools to detect configuration changes so they can be reviewed and verified. Use automation to ensure configurations are deployed consistently across all your resources.

Performing risks assessments

There are too many potential security threats to address all of them at once. In order to get the most value from the actions you take, it’s important to assess the risks you face so you can prioritize your responses.

Securing information resources requires implementing basic and advanced controls at multiple levels, including the network, the cloud, and endpoints. CCS Technology Group offers IT security services to help you comprehensively address your information security needs. Contact us to learn how our services can help protect your critical systems and data.

Additional Security Resources

Closing the Most Common Cybersecurity Holes

Is Your Network Safe From Cyber Attacks?

Ransomware 101: Keeping Your Organization Safe

6 Ways to Keep Your Cloud Secure

The simplest way to migrate to the cloud is to lift and shift your applications, migrating them exactly as they are. That doesn’t work for security, though. To make sure your cloud resources are properly protected, you need to review the security features offered by your cloud provider and make sure you implement them properly. You should check out the following:

1. Cloud provider compliance certifications

Meeting your own security standards is easier when the cloud provider offers a strong base. If the cloud provider offers infrastructure certified to meet the compliance standards relevant to your industry, be sure you deploy to that environment.

2. Encrypt your data

Store data in an encrypted format to keep it protected. You can usually easily turn on database encryption in the cloud. It’s simpler to allow the cloud provider to manage the encryption keys, though you’ll gain additional security if you manage them for yourself. Depending on how encryption is implemented, encrypting stored data may not require any application changes, making it compatible with a lift and shift migration.

3. Use identity and access management controls

Identity and access management (IAM) lets you limit access to your cloud resources. You may be able to use the same IAM tools in the cloud as in your data center, allowing you to lift and sift this security control as well. In either case, make sure privileges are set properly.

4. Don’t adopt default cloud configurations

The default configurations established by many cloud providers are not security conscious. Don’t assume they’re set the way you need them. Make sure these settings are appropriate for your applications and modify them when they are not. Where possible, use templates or base cloud images that have the settings you need built in to create all your cloud instances.

5. Separate production, test, and development environments

Because cloud lets you create and shut down instances as needed, you may see recommendations to speed production deployments by turning the “test” instance into production and creating a new test instance the next time you need it. The problem with this is that test environment configurations are often not as secure as those needed in a production environment. You’ll lose a little deployment speed but gain a lot of additional security by keeping the distinction between environments.

6. Don’t forget about the devices that access cloud

Securing your cloud resources requires more than just securing the cloud; it requires securing the devices that access the cloud. Don’t forget about tools such as firewalls to protect your network, and consider mobile device management software to protect your cloud from mobile device risks.

CCS Technology Group’s cloud services ensure your cloud provides a cost-effective, efficient, and secure environment that meets your IT needs. Contact us to learn more about building and using cloud safely.

Additional Cloud Security Resources

Closing Common Cybersecurity Holes

7 Common Mistakes That Place Your Data in Danger

Protecting Your Business Against Phishing Emails

Craft An Effective Disaster Recovery Plan

If you don’t want to be scrambling in the middle of a crisis, you need a plan. Here’s what to think about as you develop your disaster recovery plan to make sure you get out of the situation and back into normal operations fast:

Communications plan

There’s bound to be lots of confusion during an incident, but you don’t want there to be any confusion about who’s in charge. Make sure your plan identifies who decides to invoke the disaster recovery plan and how this will be communicated to everyone who needs to be involved in the recovery.

Scope of potential threats

Crises come in all sizes, from a single accidentally deleted critical file to a fire that destroys your primary data center. Spend time assessing a variety of possible situations and determine how you’ll match your response to the size of the outage.

Lists of systems and people

You’ll need a complete list of all hardware and software that your business uses, as well as network diagrams. Also create a list of all the staff you’ll need to help bring the systems back online, including their contact info. Include contact info for third parties, such as vendors and partners, that may need to make changes on their side to connect to your recovery site.

Priorities and targets

It isn’t possible to bring up all systems at the same time, and it usually isn’t necessary. Take your list of systems and evaluate the priority of each system so you know where you need to focus your effort. For each system, set a specific recovery time objective and recovery point objective, specifying how rapidly you need to restore that system to operation and how much data you can afford to lose. Once you know these numbers, you can craft a recovery strategy for each application to meet those targets.

Recovery procedures

Document the details of the recovery procedures for each application, including the complete details of the commands that need to be executed. Identify the other processes the application depends on in order to start up. Include validations that allow you to confirm the application is running properly in its recovery mode.

Fallback procedures

Once the disaster is over, you’ll want to resume operations in your normal production environment. Executing fallback processes can be as complex as the disaster recovery procedure itself, so document the process to the same level of detail.

Once your disaster recovery plan is complete, schedule a test to validate that it works. Then update the plan with any corrections, clarifications, or critical information that was missed the first time around. Because your infrastructure changes continually, your plan should be a living document. When you place new resources into production, you should also update your plan to include them. The entire plan should be periodically reviewed and tested, at least annually, to make sure there are no omissions and that it works with your current infrastructure.

CCS Technology Group provides comprehensive disaster recovery services. Contact us to find out how you can make your plan more effective.

Did you know three out of four small businesses have no disaster recovery plan at all? Learn more in Why a Business Continuity Plan is Essential.

Additional Disaster Recovery Resources

7 Common Mistakes That Place Your Data in Danger

Backups Are Not A Disaster Recovery Solution

The Differences Between Backups, Disaster Recovery, and Archiving Matter