Disaster recovery vs business continuity vs data loss prevention

Issue 4 2023 Security Services & Risk Management


Jim Morrison.

In mid-May, the Western Cape Parliament's technology systems went offline after a cyberattack. While this event was undoubtedly bad for productivity, they could at least recover from the attack thanks to data backups, business continuity, and disaster recovery plans.

Every business must have such measures in place, says Jim Morrison, Account Manager at Sithabile Technology Services. "The simple fact is that it's easy to become a cybercrime victim, experience catastrophic equipment failure, or an employee accidentally loses important data. That's why we tend to say 'when, not if' about cyber risks, especially cyberattacks. Unfortunately, automated tools and the low risk of prosecution means cybercrime is as opportunistic as a street mugging. If you want to reduce risks from cyberattacks and employee mistakes, you need to have both prevention and cure in place. Business continuity and disaster recovery plans can cover both those bases."

Yet despite often being used interchangeably, Business Continuity (BC) and Disaster Recovery (DR) are different. So is Data Loss Prevention (DLP). How can you tell the difference between BC, DR and DLP?

Building a resilient business

The concept of resilience has become very popular since the pandemic. Books such as Antifragile and Grit inform discussions on how people and organisations can reduce harm from unexpected changes and challenges.

Yet while we can cover volumes on exploring resilience, it's a straightforward proposition for an organisation,” says Morrison. "Business resilience is about how well your operations can resist negative disruption or recover from such disruption. It's like losing the keys to your office front door; how quickly can you find a replacement key and open up so that people can get to work?"

The cornerstone of business resilience is business continuity planning, supported by disaster recovery and reinforced by data loss prevention.

Business continuity: BC is there to help an organisation continue operating through a disruptive event, and BC planning is to identify critical operational areas, then put policies and processes in place to help those through planned and unexpected disruptions.

Disaster recovery: As the name suggests, DR steps in when something goes wrong. Specifically, it focuses on recovering technology systems and data in the event of a disaster, bringing them back to operational status.

Data loss prevention: DLP is an ongoing effort to track and secure data through policies and processes, often automated, preventing accidental losses or intentional data theft.

The resilience pyramid

Business continuity is the strategic master plan. It determines what is important, what could threaten those critical areas, how to reduce those risks, and what to do when something goes wrong. Disaster recovery often guides the tangible parts of that strategy, particularly for assets: what data or applications are important, how they are being backed up, and the appropriate timelines and priorities to recover systems. Data loss prevention aims to prevent disaster recovery by determining measures such as encryption, access controls, and employee training.

"You can visualise resilience as a pyramid. Business continuity is at the top, while disaster recovery and data loss prevention form the foundations. You make BC plans, then use DLP to support prevention and DC to support recovery," says Morrison. "If you don't know where to start, always start with BC planning. That's your guiding light. Once you have a grasp on BC needs, you'll see where DR and DLP fit in."

The pyramid of business continuity, disaster recovery and data loss prevention form the most robust approach against cyber-related risks and help mitigate many other disruptions, such as fires, equipment failure and even loss of people. And if done correctly, it helps employees be more productive inside a highly secure business.

Hence, why it's important to distinguish these three disciplines. But while their definitions are straightforward, every business has unique needs. Poorly designed interventions can be worse than none since they create a false sense of security, and ample gaps for criminals to exploit.

"BC, DR and DLP are not just products you pull from a shelf or a cloud app store. They need alignment with your business. It's worth the effort to engage with professionals to put the right measures in place. When disaster strikes, you'll be glad you did, because if you don't have a plan, all you'll get is chaos."

For more information, contact Sithabile Technology Services, www.sithabile.co.za




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SMARTpod talks to The Risk Management Forum
SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Videos Training & Education
SMART Security Solutions recently released its first SMARTpod podcast, discussing the upcoming Risk Management Forum Conference 2024, which will be held on 26 September 2024 at the Indaba Conference Centre in Fourways, Johannesburg.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
Unlocking new efficiencies in private security
Security Services & Risk Management Transport (Industry) Smart Home Automation Logistics (Industry)
Justin Manson, Sales Director at Webfleet, discusses how the urgent need to protect life, and to do so more efficiently, is driving continuous innovation in holistic home and residential security services in South Africa.

Read more...
Innovation and security go hand in hand
Technews Publishing Facilities & Building Management Security Services & Risk Management
In a world where the demand for tech innovation is matched only by the acceleration of cybersecurity threats, businesses face the challenge of balancing new product development and robust security measures.

Read more...
Bomb threat landscape in South Africa
Editor's Choice Security Services & Risk Management
Over the past 25 years, South Africa has faced thousands of bomb threats and explosive incidents annually, imposing a significant economic burden on the nation, costing billions of rand.

Read more...
Natural catastrophes and fire risks top concerns
Security Services & Risk Management Asset Management Residential Estate (Industry)
Natural disasters are the highest risk in the real estate industry, followed by fire and explosions, and then business interruption. Estates must prioritise risk management and take proactive measures to safeguard their assets, employees, and reputation.

Read more...
Building a solid foundation
Alwinco Security Services & Risk Management Asset Management Residential Estate (Industry)
Understanding the roles of a Risk Assessor and a Risk Manager is like building a solid and secure foundation in the security world. Andre Mundell makes it easy to understand.

Read more...
SA firms take nine months to detect data breaches
Information Security Security Services & Risk Management
A human being can be conceived and brought into the world at roughly the same time a South African small and medium-sized enterprise (SME) becomes aware of and reports a data breach.

Read more...
Be wary of these scams this tax season
News & Events Security Services & Risk Management
As we approach the end of August, millions of South Africans will log onto the SARS eFiling website or visit their closest branch to complete their tax returns, but scammers are also waiting to defraud with tax-related scams.

Read more...
Businesses battle for long-term sustainability
Security Services & Risk Management News & Events
KPMG International’s report reveals the three key risks to growth in 2024 and beyond: geopolitical uncertainty, trade restrictions, and divergence on AI. The energy and natural resources sector is the ‘most exposed’ industry group in 2024.

Read more...