IT Disaster and Recovery Planning: Steps to Take Today
IT Disaster and Recovery Planning is an absolute must for your business. Here's how to protect yourself - and how to recover if disaster strikes.
It doesn’t really matter if you’re a big IT company or a small business. All businesses rely heavily on Information Technology infrastructure and services to accomplish their work.
Today, malware, hackers, cyber attacks and computer viruses are not uncommon. IT disaster and recovery planning is mandatory for your business.
Even when there is a threat from floods, fires, earthquakes, data loss or terrorist attack, it’s imperative that you’re able to recover in a timely fashion.
If you’re not prepared, then you can suffer immense losses to the point that you may have to shut down shop.
Internet giant Yahoo was a recent victim. As many as half a billion Yahoo accounts were hacked, making it the biggest data breach in history.
That's not all. according to Federal Emergency Management Agency (FEMA), about 40% of businesses are unable to reopen after a disaster. And even if they were to stabilize after the disaster, almost 25% fail within the first year.
Disasters can come in any form and you need to be prepared with a disaster and recovery plan at all times.
That said, we know that disaster and recovery planning is hard work.
And that’s why many businesses put off writing up a recovery plan for their well-being, unaware of how devastating it can be in the future.
Well, it’s not too late to plan. We recommend you take these 5 steps towards disaster and recovery planning today.
Step 1: Define Key Assets, Scenarios, and Threats
The very first thing that you need to know is what you need to protect and its value.
This will help you determine what the best way to protect them is. You’ll probably need to consider the below assets:
- Accounting system
- Important files on your Local Area Network
- Email system and archive
- Customer information
- Paper files and documents
- Cash or valuables on the office premises
Next, you need to evaluate the potential threats to your business’ location. You need to protect your business and assets from natural disasters like flood, storm, blizzard, fire and earthquake.
Don’t forget to consider man-made disasters like hackers, malware, computer viruses, vandalism, theft, terrorism, hardware or software failure, HVAC failures, explosion, riots, and even war.
Once you’re able to identify your assets and their potential threats, you then need to define scenarios of potential disasters.
For instance, a site outage even when the facility is still intact, a major data breach or viruses in your entire computer system.
When you map out potential scenarios, you also need to determine what the likely recovery window will be. So ask yourself, how long can you go without accessing each asset?
Some of your systems may have one-hour thresholds or even lower, while others may be fine if they take a day to return to normal.
Step 2: Define Recovery Solutions
Disaster recovery solution is extremely important to ensure that in the event of a disaster – natural or man-made; you’re up and running as soon as possible.
Depending on your situation, solutions can range from offsite location, data replication, disk backup, server backups, remote recovery, continual backup or granular recovery.
Identifying the appropriate level and type of solution is in direct proportion to the business value of each asset. It also depends on how long can you go on working without it.
For instance, an e-commerce website needs to be operational at all times since its main revenue is from their customers.
In this case, an ideal solution may be continual backup. This way, your system will be backed up multiple times per day.
Step 3: Draft a Disaster Recovery Plan
Your next crucial step is to draft a recovery plan. Make a note of everything in as much detail as possible, along with the key processes and communication.
The plan also needs to include processes to assess the damage to the existing site as well as the best ways to minimize damages.
If you’re a big business and have offices across the US, then having a disaster management team in place will greatly benefit you.
All the disaster recovery responsibilities can be allocated across this team.
Even if you’re a small to medium-sized business and don’t have the resources to put a special team in place, your plan still needs to address the following questions:
- Who should be appointed to declare a disaster?
- What is the communication chain?
- What is the communication plan for your employees?
- How will you inform your customers?
- Who is responsible for recovery operations?
- Who should focus on salvaging operations?
Step 4: Invest in Network Security Services
If you want to minimize your losses considerably, you should be able to start functioning normally at the earliest, in spite of a disaster.
In this case, you need to figure out an appropriate IT security solutions and policies for your business.
This is something, which is usually taken care of by an IT department in bigger firms.
But if you don't have the resources to invest in an entire team, you can always hire a firm who are adept at offering affordable network security.
The amount of money you spend on these services will hugely depend on the kind of business that you have and the assets that need protection.
Step 5: Test, Refine, and Re-test
So how will you know that the disaster and recovery plan that you put in place will run smoothly when disaster strikes?
Well, the only way to know if the plan will work or not is by testing it even before you’re affected by any disaster.
The first test is absolutely crucial. This test will point out any glaring mistakes, gaps, errors or inconsistencies in the plan.
Without a doubt, it is better to identify any major problems in the test rather than in a live disastrous situation.
Remember that the first test needs to be carried out with a complete failback and failover of all your systems.
Ideally, an employee who did not write up the plan should execute it. This way any missing steps or weaknesses can be easily identified.
You can then refine the plan and re-test it.
Since situations keep changing, it’s imperative that you re-evaluate and re-test your disaster and recovery plan once every year.