fbpx
0
DORA

DORA, are you ready for it?

The Digital Operational Resilience Act comes into force across the EU on 17 January 2025, aimed at strengthening cybersecurity across the financial industry. Failure to comply will result in severe fines and risk of reputation. Here is what financial institutions and ICT providers need to know in order become compliant with the new regulation.

Author: Shannon Dority, Marketing Manager iStorage

Digital Operational Resilience Act

As part of creating a risk assessment process, organisations will need to conduct an impact analysis to demonstrate how specific scenarios of severe disruptions might affect the business. These include incidents such as ICT service failures, natural disasters and cyberattacks. Data backup and recovery measures, system restoration processes and plans for communicating with affected clients, partners and the authorities must be included as part of these plans. There is not a one-size-fits-all method for how this needs to be conducted, as requirements will be proportionate to the size of the business. But regardless of size, businesses will need to demonstrate their cybersecurity measures they have in place to prevent these instances, as well as have an effective plan in place to recover quickly in the event one does occur.

With data backups being a crucial part of the DORA regulation, an important way organisations can demonstrate operational resilience is by making data backups a daily task. Having multiple encrypted backups of your data and important files is a crucial safeguard in the event of a cyberattack and/or disruption, helping to save time and money in regaining access to critical information and getting your business back up and running. Using a hardware encryption module to encrypt data stored in the cloud and/or an offline encrypted backup is an important option to include in your data hygiene practices, as it can provide that extra level of reassurance and security. Taking that critical extra step, in protecting your data by storing it offline in an encrypted flash drive or portable HDD/SSD, out of the hands of criminals, can act as an essentially unbreakable safe and can make the world of difference when you need to restore your data following an ICT service failure, natural disaster, or a cyberattack.