Cybersecurity Risk Assessment Template: Data Recovery

What is the best template to use for a cybersecurity risk assessment, for Data Recovery?

In this video, I explain the 5 best practices to protect your company’s data, according to the CIS Framework.

Want my recommendations on the best companies to quote for a cybersecurity risk assessment? Click the button below and ask me today.

About Me

Mike Smith has been helping companies select the best telecom, WAN, security, and cloud services since 1999. He founded AeroCom in 2003, and has been the recipient of numerous business telecommunications industry awards, including being recognized as one of the top 40 business people in tech-heavy Orange County, CA. Follow Mike on YouTube, LinkedIn, Reddit and SpiceWorks.

Transcript

Your company is in the market for a cybersecurity risk assessment. You’ve decided That’s definitely something your company needs. You’re wondering, Hey, is there a template I should be following? Yes, there absolutely is a template in the cybersecurity world. We call that a framework. what framework should you be following along with if you’re looking into doing a risk assessment for your company? I wanted to make a series of videos on this, and today I’m going to be talking about data recovery when it comes to a cybersecurity risk assessment, what things should you be? What should your company be doing in order to be on top of your game for cybersecurity when it comes to data recovery the framework I’m following for this, just so you know, is the CIA’s framework. Just because it’s a simple framework for me to follow for making these videos, there’s only 18 or so controls. As opposed to the, you know, NYSC framework and all type different types of framework that might have 100 different controls. This one keeps it really simple. So that’s what I’m following today. So that’s what I’ll be talking to you about today. Also, tell you what are the most common findings that if you hire an outside company to do that cybersecurity risk assessment. What’s the most common things they find in companies when it comes to this control, when it comes to data recovery control?

Confused? Contact me today for my recommendations

All right. But before we get too far ahead of myself, if you’d like my recommendation on the best third party cybersecurity vendors that your company should be quoting for either a risk assessment, like a formal risk assessment, or for any other type of cybersecurity service like virtual CSO or an MDR solution or an endpoint management solution, Endpoint protection protection solution. You want to know which vendors to, quote, reach out and contact me by email or by phone (714.593.0011). I’m a broker for all the major cybersecurity vendors out there. I’ll ask you a few questions about your company’s requirements and then I’ll give you a recommendation on, Hey, if I were you, I’d be quoting these three or four vendors and why and also introduce you to those vendors, introduce you to the best salespeople at those vendors, and oversee the quoting process to make sure you get the best pricing. I’m a broker for all the major vendors. That’s what I do. And the nice thing is, is I don’t charge you a dime for my services. So there’s absolutely no excuse not to at least reach out and get my opinion on this stuff. Okay. So that’s first. Also go to our website Aerocominc.com. Leave a review on any type of cybersecurity solution that you’re using today so other I.T. professionals can can use you your experiences to help them make a better decision on what they’re buying. So do me a favor and do that also. And as always, don’t forget to hit the like, subscribe and ring button at the bottom.

Data Recovery: What would happen if my Office 365 died today?

you want to know what’s the template for data recovery? What are the best practices that your company should be following when it comes to data recovery? If you’re doing like a risk assessment for cybersecurity for your company? Well, according to this framework, there’s there are several steps that you should be doing, and I’ll cover those in a second, but I’m gonna tell you the first thing that you need to know. The most common gap that outside vendors fine if they go to do a formal cybersecurity risk assessment for an organization is that companies aren’t doing any type of data recovery practices for their cloud services. So you got to ask yourself what would happen if our office 365 died today? What data is held up in office? 365 would not be accessible.

Questions to ask your company

They would absolutely want to make sure we have backed up. What about your payroll solution? It’s probably done over cloud solution nowadays. What data on there needs to be backed up in case that company all of a sudden goes down or has a breach and loses a ton of information? What backups are you were doing so that you can recover that stuff? What if they go down for several days and you have to process payroll? What information does your company need and is it up to date? When was the last time it was backed up? So those are the questions that you need to answer. And that’s the most common finding when it comes to data recovery. If you hire an outside organization to come in and do a formal risk assessment for cybersecurity for your company. So just wanted to throw that out right out of the gate. now I’m going to talk about what are the actual steps that your company could be doing today to make sure you’re checking all the boxes to be doing best practices for cybersecurity when it comes to data recovery,

1) Establish and Maintain a Data Recovery Process

the first thing that every single company needs to do is make sure that you have a data recovery process. So this applies to all sizes of organizations in all all needs. So definitely make sure you have a data recovery process That’s step number one.

2) Perform automated Backups

Step number two is to perform automated backups. So automated data backups sounds simple, but make sure you have automated backups set up and that they’re they’re running when they’re supposed to be running.

3) Protect Recovery Data

Number three, protect your recovery data so that it cannot be compromised.

4)Establish and Maintain an Isolated Instance of Recovery Data

Number four, establish and maintain an isolated instance of all of your recovery data. Okay. So those first four steps were for all companies, just the basics.

5) Test Data Recovery

This next step, step number five, which is to test your data recoveries. So run tests like saying, hey, if we need to backup, is that recovery there? How do we go and implement? How long does it take us to recover the data? How long does it take us to get things back up and running? So to run regular testing according to your plan, so have it planned and actually run the test. But that step really only applies to maybe the next level above basic when it comes to companies need. So do that. Especially. That’s like a best practice. If your company, for instance, is using sensitive information. So if your company definitely can’t afford downtime and you also maybe have some sensitive information, like customer information, like your processing credit cards or you have HIPA compliant information, you have certain compliance standards you need to meet. So if you’re kind of next level beyond basic requirements, you maybe want to implement that as well. The whole testing phase. So that’s the last one.

Still not sure? Contact me for my recommendations  

All right. So if you want to know which companies you should be quoting for any type of outside cybersecurity service, reach out and ask me by email or phone (714.593.0011). That’s my job. I’m a broker for all the major vendors out there for cybersecurity. So let me know what you’re looking for, whether it’s a virtual CE. So or maybe it’s just for some advisory services or maybe it’s for full MDR solution. You know, maybe endpoint solutions, maybe just a formal assessment or some pen testing. Let me know. Let me know what you guys are looking for. I’ll tell you which vendors you should be quoting and why. Also, introduce you to the right vendors also oversee the quoting process to make sure you’re getting the best pricing from the vendor of your choice. And all of that is free to you. There’s actual service providers pay me my broker fee so you don’t have to use there’s no excuse not to at least reach out, see what I have to say because it won’t cost you anything.

Check out providers on our Website

 Also, don’t forget to go to our website Aerocominc.com and leave a review on something, whether it’s a cybersecurity solution you’re using or a phone system or a telecom carrier or a call center solution or an Internet service provider. Leave a review on our website so that other I.T. Professionals like yourself will know what your opinion has been good, bad or indifferent on any of the technology vendors that you’re using today. I’d really appreciate it. Our website is kind of like the Yelp of business technology, so go take advantage of it. Help us build up a big bunch of reviews on there so you guys can use it for your benefit when you’re shopping as well. Also, don’t forget to like subscribe and ring the bell button. I’d really appreciate that too. That would help get our videos out to more people. Thanks again. As always for watching and I will catch you on the next video.