disaster recovery plan

What Makes a Good Disaster Recovery Plan?

With the potential risks to a business from natural disasters, technological failures, and cybercrime it only makes sense to have a response plan in place. Add to that the risks posed by cybercrime, ransomware attacks, and workplace accidents, formal risk management is obviously a worthwhile investment.

A good disaster recovery plan needs to reflect careful thinking about the types of threats a business faces and the appropriate responses. Remote network monitoring and other cybersecurity services can be so valuable. Managed IT services can mitigate a variety of related business risks through network monitoring services, data backup services, and remote disaster recovery.

Risk Management and Your Disaster Recovery Plan

Every business will encounter a ransomware attack, data theft by outsiders, or hardware failures that cause data loss. The Federal Emergency Management Agency estimated that 40% of small businesses affected by a natural disaster never reopened. This alone is a good argument for having a disaster recovery plan. While there are disaster recovery templates and examples online, these are only a few ways of documenting things.

Before writing a plan from scratch or completing a template, the savvy business owner will complete a few pre-planning steps:

  1. Assess risks specific to that business – This risk assessment needs to consider natural disasters, insider attacks, and various forms of cyberattack, including things like ransomware.
  2. Assess the business impact of various risk events.
  3. Create strategies for handling the risks described in Step 2.
  4. Decide what is a priority in terms of recovery after a disaster.

All this material is valuable alone and in a larger disaster recovery plan that deals with a firm’s data and IT infrastructure. That plan will reflect several natural or artificial risks to a company, including accidents, theft, external hacking, natural disasters, and external attacks like ransomware. Be sure to identify mission-critical applications so the right things are a priority if disaster ever does strike.

Bear in mind that the best defense against data loss, reputational damage, or financial loss is a good defense against cyberattacks. Remote network monitoring can be a good part of that defense strategy, especially when combined with other managed IT services.

Components of a Good Plan

Generically, the recovery plan should include goals, roles and responsibilities, a summary of risks, tips for responding to customers or dealing with the media, and financial or legal details. Action steps to take in the wake of specific scenarios should also be covered. For example, what to do if the building catches fire or hackers’ access and copy customers’ financial information. A purpose statement and list of objectives can come at the beginning and a record of updates at the end.

The body of the plan should contain these details, at a minimum:

  • Identify a disaster recovery team
  • Assign roles and responsibilities to team members
  • A communication plan
  • The data recovery plan outlined above
  • Data backup information
  • A list of specified risks and responses
  • Exact steps to follow after a data breach
  • An inventory of hardware and software
  • Information on remote storage and backup
  • Data recovery and notification rules required by applicable state or federal regulations
  • Recovery and notification guidelines outlined in relevant international standards

Beyond those general guidelines, risk responses have to be included based on risks a business would realistically face. This can vary with geography (flooding near coasts or rivers, tropical storms near the Gulf of Mexico), climate, regulatory climate, and more. Companies that handle private health information or that process an enormous number of electronic payments will need to address cybersecurity in more detail than a company that makes sportswear or a property management company.

That data recovery plan should also include two important performance indicators. The recovery period (or recovery time objective) is how long the asset in question can remain offline. You may, for example, want to ensure a backup database or app that’s mission critical boots up on a backup server or cloud in a few seconds. The plan should also specify recovery points, which data or which version of the app should be accessed as a backup, or where to find the latest backup of a database.

Disaster Prevention Through Appropriate Planning

While creating a data recovery plan or the disaster recovery plan some weaknesses in your operations may become apparent. For example, you may discover that your firewall and anti-virus software are a little out of date. The company’s cybersecurity policy may be too informal and needs to be tightened up. You may discover the need for a new IT service, like remote network monitoring that can detect and stop any potential malicious activity before your network or databases are put at risk.

Avoiding Disaster Through Planning and Monitoring

A disaster recovery plan is important, but prevention is also important. Therefore, many businesses look to managed IT services such as those that Net Works offers. Our remote network monitoring services can help prevent expensive and disruptive cyberattacks. If network monitoring and other services fail, our disaster recovery service can speed up recovery in the wake or a data breach or a ransomware attack. Contact us today to schedule a short discovery call.