Businesses hold a great deal of personal information about their employees and their customers. Privacy laws create restrictions on how that information should be handled. Those with a need to know from a business perspective are allowed access, but most of your employees–and certainly the public outside of your company–should never be able to view it. While your everyday systems are designed to protect this data, if your disaster recovery plan is not equipped to maintain security, you risk running afoul of privacy laws.
Preventing Physical Access
Two sides of your plan should be created to account for your privacy preservation needs. First, you need to ensure your disaster recovery plan prevents physical access to data locations. This includes access to your servers and your hard copy files. Too often, in the event of a disaster, this aspect of your security gets neglected. As people move through your building, you have to lock down any server and file rooms that hold personal information on site. The more you can do to preserve the measures in place from a physical security standpoint, the better your plan will do at maintaining privacy.
Restoring Network Restrictions
In addition to physical access, your plan needs to ensure that you do not allow access to open up beyond the people who need it for business purposes. A good disaster recovery plan includes contingencies and redundancies in your emergency personnel to ensure all of your business functions can continue. Still, those redundancies cannot allow access to your customers’ or employees’ personal information to go unprotected. Any breach, whether physical or cyber-attack, should meet an immediate response that closes off any unnecessary access to this data.
Maintain or Re-Establish Defenses
When you create a disaster recovery plan, part of the process is ensuring that your essential business functions can continue. What many do not understand is that security is not just about what does not happen, but about taking proactive steps that are, in fact, part of your essential business functions. Shifting your mindset from rebuilding defenses to maintaining the processes required here can do a great deal to assist your efforts in protecting your customer and employee data.
Your disaster recovery plan should always work to protect the privacy rights of everyone connected to your organization. Click below to learn more about how Custom IS can help you.