Disaster Recovery: Practice and Planning Make Perfect
Following a hacking event, cyber-attack, or natural disaster, you’re going to want to get back online as quickly as possible. That’s why it’s absolutely critical to have a well-tested disaster recovery plan waiting in the event of the worst-case scenario. In doing so, you are ensuring that you can get your business technology back up and running ASAP.
A disaster recovery plan is an integral part of your business continuity plan. By identifying your weak points and coming up with a clear contingency plan, you are helping to ensure that your business is able to bounce back after a disastrous event.
It starts with creating a set of preventative measures. These are the steps that you take to prevent the event from occurring in the first place. This would include securing networks by developing security protocols that all users receive training on, keeping your physical assets behind locked doors, and keeping funds readily available to purchase lost or damaged equipment in the event that physical damage occurs.
You will also want to pursue detection measures, which help you predict when an event is going to occur and mitigate the damage. Firewalls, a robust cybersecurity platform, and cameras that monitor your building and your equipment can help you and your cybersecurity partner detect when someone is trying to harm your business. In doing so, you are setting yourself up to find small problems before they become big problems.
Finally, you want a disaster recovery plan in the event that your preventative and detection measures are not able to stop an unavoidable event.
These recovery plans are extensive and require a significant team effort. Everyone in your company has a job to do when a disaster occurs. Your recovery plan should include, at the minimum:
- The goals of your plan
- Printed lists of personnel information, particularly those who process data. If your networks are offline, it may be hard to contact people if you don’t have their information stored externally.
- A list of all applications that your business uses and their purpose.
- A list of all physical inventory.
- A system save log. This should contain accountability data about who is responsible for data retention, where they are being saved, and how often.
- Recovery plan for your website and your mobile site, if applicable
- Recovery plan for your social media profiles, in the event of a cyberattack or hacking attempt
- Instructions on system restoration
- Reconstruction of the data center plan
- Infrastructure rebuilding plan
- Testing protocols
Once these plans and protocols are in place, you want to run regular tests and verifications that check whether all personnel and systems are prepared for a disastrous event. These tests do not need to test all aspects of your recovery plan every time. It is just as valuable to run highly critical tests more often and complete full tests annually or semi-annually.