Here’s something from BackBlaze Blog:
A disaster recovery plan is not just a good idea, it is an essential component of your business. Cybercrime is on the rise, targeting small and medium-sized businesses just as often as large corporations. According to Cybersecurity Magazine, 43% of recent data breaches affected small and medium-sized businesses. Additionally, you could be cut off from your data by power outages, hardware failure, data corruption, and natural occurrences that restrict IT workflows
I can’t rely on the statistics mentioned herein-around “cybersecurity incidents”. Most go unreported despite extensive legislation around it. The usual response is to “reset passwords”, but I was surprised to find that most users give away their professional email ids to different services. They are out in case of a breach, creating more headaches for the support staff. Having a disaster recovery plan for business continuity is critical and should be mandatory. There should be across the board simulations to understand what needs to be done if the digital services go down. Healthcare is specifically vulnerable (I have written about hackers getting access to medical records) because there is extensive password reuse and poor access practices. Hence, these should become part of the training at the inception.