When it comes to disaster recovery in the coming years, it’s safe to say businesses will become more focused on this area – not less. If you need a few examples of how all heck can break loose, just look at 2020. The COVID-19 pandemic, more devastating wildfires in California, hurricanes in Louisiana and Texas, and ongoing cyberattacks from state-actors like Russia and China. Plus, cyberattacks from experienced scammers are getting more sophisticated by the minute. One group recently made off with $15 million from a U.S. company after carefully running a layered, multi-step email scam that took months to complete. Another hacker organization in 2020 successfully compromised a mobile network operator’s eCommerce platform to steal credit card info. The nefarious phishing-and-skimming-combo scheme was quite refined, according to digital analysts.
It’s these examples that have compelled many organizations to rethink disaster recovery. Threats are growing increasingly advanced and unpredictable, meaning leading organizations need to stay one step ahead to mitigate risks. But, easier said than done right? We all don’t have the cybersecurity firepower of Fortune 500 companies. And, even if we do, they don’t always get it right either. Let’s go over the five best practices of disaster recovery plans so your organization will be best prepared no matter what.
- Integrate planning into daily life – Creating a disaster recovery plan requires making sure all stakeholders are aware of best practices, and that capabilities match to expectations. It’s also critical that disaster recovery plans represent all areas across the IT infrastructure, including applications, networks, servers, and storage. During planning, teams should remember that while responding to a disaster is an exception, preparing for a disaster shouldn’t be a one-time intensive exercise. Instead, teams should talk about DR frequently, integrating it with day-to-day priorities.
- Perform a Business Impact Assessment – The best way to prepare for a disaster is to understand the effect it might have on your IT environment, including applications and data, and your business. Business assessment includes looking at items such as loss of sales and income, increased expenses, and lowered customer satisfaction. DR team leaders should play out critical “what-if” scenarios as part of the planning process allowing business leaders to decide loss tolerances, or what levels of ‘disruption’ will constitute a disaster. Also, consider other business functions. For example, how long it will take to get your supply chain running ‘back to full capacity’ after an event? Or your utility and telecommunications services?
- Map out recovery speeds – It’s critical to set realistic Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) to minimize surprises and give everyone a high level of confidence prioritized services and applications will be recovered as expected. RTOs should be planned well in advance to help determine your optimal methods for disaster recovery, which may include off-site data storage or cloud-based disaster recovery solutions.
- Consider cloud-based backup – There are various methods you can use for cloud-based backup and recovery of data. You may opt for help from a managed service provider (MSP) to handle your disaster recovery needs. Other organizations opt to backup and restore data directly from the cloud or to replicate virtual machines in the cloud. Regardless of the option you choose, understand how data recovery and continuity will work. Ask to know the timeline and reliability of each solution, and to know if you should expect to lose some data, and explore what that will mean to your business.
- Evaluate the location of your ‘backup’ environment – The location of your data is also a significant consideration. Some data centers can keep operating at 100 percent during a disaster because they have the proper plans and procedures in place and they are built for resiliency and business continuity. Consider your data center provider carefully and where your ‘backup’ IT infrastructure resides. Disaster recovery planners should make sure their primary and secondary backup data centers are far enough apart to avoid a single event impacting both. For example, during 9/11 some organizations had a backup copy of their data off-site, however, IT backup sites were close to the World Trade Centre site, and staff couldn’t access the site for weeks.
Wrap up
A common thread in all good disaster recovery plans is also communication. You should have a clearly outlined communication strategy that outlines the details of your plan, such as expectations during a disaster, the timeline for disaster recovery, and what’s expected to tell customers. Finally, review your plan often with key decision-makers and employees. As your organization grows, you need to dedicate time to updating your DR plan to reflect the changes to your business.