Will your disaster recovery plan stand up to the modern risks you face? Does it include data recovery? Find out how to develop a plan and reduce disaster costs.
It’s not just about recovering from a natural disaster anymore. 60% of companies fail within six months after a major data breach disaster. And no one is immune. Big names like Equifax, JP Morgan, Netflix and Target have all suffered a major data disaster. Aside from company size, the big difference between them and those who fail is that companies like these invest in comprehensive disaster recovery plans that help them reduce risk and the financial impacts of disasters. Whether we’re speaking about a traditional disaster like a fire or a virtual threat like a ransomware attack, you need a solid plan to recovery. These steps will guide you.
1. Delineate Critical Operations
Today disaster recovery isn’t just about picking up the pieces after and event. It’s about planning ahead to reduce costs associated with disaster and keep critical operations functioning. Start by doing a business impact analysis using FEMA’s worksheet. Make sure you understand the impacts and costs of different downtime durations in your various departments. You can then prioritize both business continuity and disaster recovery efforts.
These days, this not only includes a physical space, but also the ability of staff to access data they use to manage customer relationships and more. Where is this data? How is it housed? How is it protected?
2. Write Out Recovery Solutions
A solid disaster recovery plan is written and may be lengthy. It lays out these critical operations, prioritizes them and explains the strategies and solutions that you’ll deploy in the event of a disaster. It takes stock of resources available and any gaps that may exist. These gaps may need to be addressed to effectively implement the strategies in the disaster recovery plan.
In regard to data, this plan should describe how employees will physically access data (temporary off-site work stations, home offices, etc.) and how you’ll quickly restore access in the event of data loss, ransom or breach. When creating your initial draft, make sure you’ve consulted all the VIPs in your company to avoid dangerous gaps in your recovery strategy.
3. Create a Communications Plan
Your people are your most important assets. They’re the ones who can execute a plan and adapt as needed when the unexpected happens. Keep an up-to-date contact list with key contact information (via multiple methods) and roles as well as a plan for keeping key disaster recovery personnel, employees, business partners and customers informed, as applicable.
Assign specific roles for individuals, including a backup to ensure that every element of your plan gets executed in a timely manner.
4. Secure a Site
In many cases, disaster recovery involves a temporary work site from which you continue critical functions. This may be the corporate offices, a conference room, a rent-a-desk company, etc. Don’t wait until disaster strikes to determine where people will work.
5. Train Employees & Key Leaders
While you may not share the full plan with all employees, it’s important that employees know that you have a plan. Share key data security and physical security measures. As needed, train employees on contingency measures. Certain employees will need extra training on an annual or bi-annual basis to ensure they know what to do in the event of a disaster.
6. Review and Update Your Plan
Things change. Key disaster recovery leaders will leave their roles. You have new technologies, roles, regulations and human resources to consider. Review your plan frequently. Update your disaster recovery VIPs and post updated versions on a secure intranet. Make sure everyone is on the same page, understands their role and is prepared to jump into action.
7. Test, Test, Test Again
Don’t leave your plan to theory and hypothesis. Run regular tests. Use sandboxes to simulate disaster scenarios. Make sure you have the right people and technology in place to execute your strategy.
8. Measure and Refine
Measure the outcomes. How fast were you able to restore data? How quickly were key leaders able to mobilize to deploy disaster recovery strategies? Take what you learn to refine your disaster recovery plan.