Expecting the unexpected is rule number one in disaster planning. It’s incredibly difficult to predict exactly when and how an issue will arise that may affect business continuity, but it’s a virtual certainty that sooner or later a crucial system, network, or data repository will be compromised in some way.
Whether that problem stems from inclement weather like a fire or flood, an internal human error like a misconfigured or unpatched server, or from an external threat like phishing and ransomware, the end result is costly downtime and the potential loss of sensitive data.
A recovery plan helps businesses prepare for these events, undo any damage they cause (to the greatest extent possible), and minimize downtime while bringing systems back online. But, like any good plan, it needs to be frequently reviewed to make sure it’s up to date, addresses all major risks, including emerging threats, and can be implemented effectively on a moment’s notice.
A Recovery Plan Is a Living Document That Adapts to Internal and External Changes
If being prepared for anything and everything is rule number one, the second biggest priority of disaster planning is regularly inspecting the plan to make sure that it is still designed to address all of an organization’s needs. For example:
- Is it up to date, meaning does it discuss modern challenges like the rise of remote workforces?
- Does it take into account the various configuration and hardware changes that have occurred since it was first instituted?
- Are all the parties with key roles and responsibilities listed in the plan still in place and capable of performing their function if disaster strikes?
Time Is of the Essence
Restoring malfunctioning systems, rebooting complex servers, reconfiguring applications, bringing backups online, and reauthorizing users all takes time — and the longer it takes the more reputational and economic damage that a business is exposed to.
Additionally, increasingly stringent government regulations regarding the storage and transit of personally identifiable information and other types of private data creates a compliance issue when businesses fail to recover from a technology outage within a reasonable time frame. An effective disaster recovery plan will guarantee that all important data, including configuration files, is securely backed up in a manner that prevents against intrusions and mitigates the risk of data corruption.
The plan should also specify the rate at which backups are recorded. Some businesses can survive losing a day’s worth of customer and user data and thus opt for daily backups. Others are less risk tolerant and choose an hourly schedule. Even more protective real-time backups are sometimes deployed for extremely mission critical operations, but the cost and complexity they entail make them fairly uncommon.
Along with the type of backup technologies in place, the location of all critical data to be backed up, and the frequency of backups, a recovery plan must also name all the internal personnel and/or third parties who are on-call to respond and initiate the plan in the event of a disaster.
The plan should specify various contingencies and the recommended procedure to respond to them. For example, if the issue stems from a cloud outage, then on-premises backups should be accessed, and vice versa if onsite infrastructure fails. That’s why the 3-2-1 backup rule (three copies of all critical data, two onsite in different storage mediums, and one offsite, often in the cloud) is still recommended for virtually every digitally-empowered organization.
Review, Test, Repeat
Data disasters can doom a business. A report by Cisco and the National Center for the Middle Market found that 40-60% of small businesses that lose access to operational systems and data without a recovery plan in place go under within six months after suffering their digital outage. Yet, according to asset management firm Mercer, when the COVID pandemic hit in early 2020, less than half of companies had a business continuity plan in place to respond to a global emergency.
By now, many companies have realized just how catastrophic that lapse in planning can be and have taken steps to protect themselves. However, just as important as having a well-designed backup plan is routinely reviewing and testing it to ensure it is able to rapidly recover files free of errors in a secure manner.
That process starts with auditing all backup hardware and software, checking the integrity of backed up files, and semi-regularly updating the chosen backup solution in light of development of new technologies that can improve security, throughput, reliability, and speed of restoration — as well as in respect to the changing needs of the organization and the ever-evolving threats it faces.
Though much of that audit will pertain to hardware and software, it’s also important to double check that the actual people who manage backups are still available and able to perform their duties. That will answer key questions like: has there been high turnover in the organization? Did anyone holding an essential role leave? Was anyone who should be involved in managing the plan brought on board and are they up to speed on its inner workings? Is a third party service provider living up to its service level agreements?
These and all other recovery plan issues should be addressed throughout the year systematically. Very proactive organizations review their recovery plan monthly and others examine them once a quarter, but at the minimum, they should be inspected annually. The key items a recovery review should look at include the areas that have changed within the organization and external factors that are in flux:
Internal
- Hardware and Software
- Staffing
- Deprecated Applications
- New Facilities
External
- Regulatory Frameworks
- Global Emergencies
- Vendor Partners
- Cyberthreats
Conclusion
Lastly, disaster planning is only effective when communicated to the proper channels. It’s vital that all recovery procedures are securely recorded, independently backed up (separate from the rest of the organization’s backups), and accessible on a moment’s notice should an outage occur.
The middle of an emergency is the wrong time to wonder who is in charge and how to respond. As many possible contingencies as possible should be prepared for well ahead of time so that services can be restored as quickly as possible.
Razor Technology is your trusted IT managed service provider. Save time and money on your IT and cloud services by calling Razor Tech today.
Razor Technology has been recognized as one of Top 10 Top Managed Service Providers by DesignRush” .
Leave a Reply