When considering how to address your organizations level of network related risk, you must perform a risk analysis.
This is not the same as creating a Business Continuity and Disaster Recovery (BCDR) plan as this type of planning typically incorporates more than just your Information Technology and should include crisis management, employee safety and alternative work locations.
Nor is it the same as implementing a Risk Management Plan since this comes after all risks have been identified and ranked. When performing a risk analysis, you must adhere to an established risk management process.
During this phase, you should identify the risks associated with your network infrastructure relative to the needs and requirements of your St. Louis organization.
These areas might include, but aren’t necessarily limited to:
Now that you’ve identified your risks, it’s time to begin analysis of each one. In order to do so, you must understand the link between the identified risk and how it relates to the organization.
For example, if you identify your backup solution as being local, file and folder only – you need to evaluate the risk associated with a ransomware attack or a disaster that destroys your entire facility resulting in your backups being encrypted or destroyed respectively.
Once you’ve implemented a solution to address an identified risk, an important step is to map risks as they relate to different documents, policies, procedures and business processes as these may change once the solution has been introduced.
It should go without saying that some risks are more acceptable than others due to their probability or general impact on the business. A risk that may cause an inconvenience as opposed to downtime shouldn’t be considered a top priority; however, it is still a risk and should be included somewhere in your rankings.
Ranking helps you gain perspective on what risks exist within your network infrastructure as well as possible solutions to address them. This provides you with some additional insight since you may see several “low risk” items that would supersede a single “high risk” item if they were to occur simultaneously; however, in some cases, a number of low risk items can be addressed at one time via a single solution. An example of this might be the identification of a local, file and folder only backup solution coupled with a premise-based server. This server also houses your telecommunications solution and email meaning a multitude of risk factors exist were the server to fail.
Given this example, a hardware failure would result in you not only losing access to your server and associated data, but a failure of your email and telephone system; however, a Datto Business Continuity and Disaster Recovery solution would address all of these risks by allowing your organization to transition all of your server processes to the local Datto appliance until such time as the server is back online.
ThrottleNet recommends establishing a risk management solution allowing all stakeholders to discuss any identified risks as well as a possible solution. This allows upper management to review the risks as well as suggested solutions and any progress on implementation.
There will always be risks that fall outside of your purview, but that are always present such as market conditions or compliance requirements. This is an area where your team must be diligent in identifying risk and communicating said risk to all stakeholders.
At a minimum, you should perform a risk analysis annually to make any needed adjustments as well as to account for any risks that may have surfaced since the analysis was completed.
The company I work for had an issue last week and the entire building was down, computers and phones. We were back up and running within a couple of hours. Quick response time, wonderful customer service over the phone, and our on-site tech (Robert Douglas) was very helpful and stayed to make sure the job was 100% done before leaving.