What is a disaster recovery plan?
A disaster recovery plan is a document that outlines procedures to put in place in the event of a business disaster. As well as benefitting from disaster recovery services, there are many steps a business can take to ensure they are as prepared as possible, should ‘disaster’ strike, and data is at risk.
With all businesses relying on technology to run their business, a Disaster Recovery Plan allows procedures to be put in place which can limit the amount of down time your company faces following an event. Such business disasters can include;
- A data breach – Perhaps a virus or ransomware has compromised thousands of data files, or a laptop or disc has been lost or stolen which included personal client details.
For ways to ensure your network is more secure read our guide: 10 Ways to Make Your Business Network More Secure
- Technology failure – If your hardware or software fails for whatever reason, this can affect the viability of your business.
- Natural disasters – Natural disasters such as a flood or earthquake can obviously affect your business, from the building being inaccessible to server damage.
How does disaster recovery work?
The importance of disaster recovery is that it is a document of procedure, which makes it clear what should be done, by whom and in what order. Therefore, should a disaster happen – whether the building catches fire, or there is a ransomware attack – the DRP will be implemented and by following it ensures the disaster is dealt with in the quickest and most efficient way.
In its most basic form, just knowing where the back-ups are stored and how to access them can save a lot of time. Additionally, it will pinpoint which systems need to be addressed first and which can be left until later.
Why do you need a disaster recovery plan?
Ensuring your company has a disaster recovery plan is key to data protection, cyber security but also profitability of your business. According to research carried out by FEMA between 40-60% of small businesses who have to deal with a disaster never re-open and others that don’t open within five days fold within a year.
The more effective the DRP is, the quicker action will be taken, the sooner your systems can be up and running as well as reducing the risk to client and sensitive data. This in itself could save your company thousands of pounds in downtime, potential data breach fines and reputational damage.
What to include in a disaster recovery plan
In order to create an effective disaster recovery plan, it is important to identify the potential dangers that your business could face. These could include:
- Tech failure – Even with up-to-date hardware they can still fail due to a malfunction or power loss for example, or perhaps your cloud services provider goes bankrupt and stops trading.
- Criminal activities – Ransomware attacks are becoming more common and should you be a victim your data will be encrypted. To retrieve your data, you will be expected to pay the cyber-criminals the ‘ransom’.
- Denial-of-service-attacks – The cybercriminal sends thousands of requests to your website causing the server and therefore website to crash. This is particularly damaging for web-based businesses.
- Natural Disasters– Other disasters can include natural disasters (floods, earthquakes) but also fires which could affect your hardware and your premises.
Once identifying the potential risks to your business – and there may be more specific ones to your own industry and business – it is important to identify;
- Recovery Time Objective – this is the time within which the business needs to be fully functioning before it is negatively impacted.
- Recovery Point Objective – this is the time within which the business needs to be fully functioning before data could be irretrievably lost.
Next, to put together your disaster recovery plan you need to record;
- Business impact analysis – This is a calculation of the possible results of every specific disaster which could affect your business at different times of the year – for example would a pre-Christmas disaster be worse than a summer disaster.
- Critical Asset Plan – Identify what your critical assets are (e.g. reports, financial data, medical records) and devise a plan with those in mind.
- Back-up and Recovery Plan – Full back-up of all your systems and data should be carried out regularly (daily, weekly or monthly depending on the data) and stored away from your main server meaning you are able to recover data from the back-up should anything happen.
Explore CIS Ltd’s backup disaster recovery services here, or read our blog: How to Back Up Your Hard Drive
- Contact details – It may seem simple but how would you contact your staff, clients and suppliers if your network was unavailable? Ensure you have an accessible means of contacting everyone required following a disaster.
- Staff Plan – Decide who will be responsible for what and ensure they know the procedures and what their responsibilities are.
As with all procedures connected with cyber security and data it is advisable to test it to make sure everything runs smoothly, and all staff know what they should be doing. This means any weaknesses can be fixed and the plan is always fit for purpose. Additionally, it is important to review the DRP regularly to ensure it is all still relevant for potential disasters as well as the hardware you have in place.
CIS Ltd are an experinced IT support company. If you would like to learn more about our back-up and recovery services, or need guidance in creating a disaster recovery plan, contact the team at CiS today.