“Before anything else, preparation is the key to success” – Alexander Graham Bell
When it comes to disasters, both natural or man-made, never underestimate their potential to devastate your data access and networks. Make your business’s longevity a priority with these 7 disaster recovery principles:
Acknowledge your threats
A responsible disaster recovery plan will have two parts: 1) It identifies the full gamut of risks to your business, whether it be a cyberattack or a tornado and 2) It has agreed upon reactions and recovery guidelines for each of those risks. As an example, if a hurricane eliminates your servers in Savannah, do you have a transition plan to retrieve your data? Will you be able to pay your employees on-time? Discussing these scenarios with anticipation will save you time and money in the long run.Unsurprisingly, not all catastrophes happen with equal consistency, so how do you combat that? Put focus on the most likely disruptors. Ransomware attacks and data breaches have steadily been on the rise in recent years and are now considered an immediate threat to almost any business. With that in mind, cyberattacks should be given the most attention over others, such as natural disasters.
Conduct a BIA
Prioritizing your DR plan can feel a bit like spring cleaning – where do I even start? A BIA, that’s where!A BIA (business impact analysis), classifies and evaluates the damage potential of an interruption to critical business operations. By establishing the objectives of your DR plan with a BIA, your recovery strategy will be as efficient as possible.
You can find BIA templates and questionnaires online from Ready.gov and the National Institute of Standards and Technology, among other sources.
People, people, people
Recovering data is usually the first thing a business will focus on when disaster strikes, but data is useless if people and process are neglected. Build your DR plan around the entire association: What resources will employees need to remain effective after a disaster? How will production be impacted?Assemble a team selected to manage the aftermath. Prearrange who will work during an emergency and have all the contact information of parties involved easily attainable. Know who you’ll call for help, such as your managed service provider, and if possible establish a relationship with authorities. Further, decide who speak to the public if victims or employees need to be formally addressed.
Your internal systems are constantly changing and ignoring this fact is setting you up for a meltdown. Your plan won’t be complete until it takes all systems and applications in your IT environment currently in use into account.Plus, it is highly likely upgrades have become available since your DR plan was made. DR plans are based on assumptions about the processes and tools available at the time the plans are finalized, but those assumptions can change significantly with time.
Not everything can be or is worth saving in your business. Any PII (personally identifiable information) about your employees should be priority #1, but any information that is publicly available is not as significant. If your house was on fire, what would you grab as you run out the door?
Practice makes perfect
Simply having a plan is not enough – religiously test your emergency plan like a fire drill. If not regularly practiced, the plan is ineffective.
If you wait until after the aftermath of a cyberattack or emergency to figure out the next step, your chances of recovery have already been cut in half. Don’t be a part of the 25% of businesses who shut down after a disaster, be pro-active!