8 Steps Toward Effective Disaster Recovery
Disasters are increasing in frequency and costing more than ever before. When was the last time you updated your plan?
![park bench in a flood park bench in a flood](https://eu-images.contentstack.com/v3/assets/blt69509c9116440be8/bltaf180ecf5fb67f84/657c69335a1ba6040a26d849/00DRIntro.jpg?width=700&auto=webp&quality=80&disable=upscale)
Pixabay
In order to create or update an effective disaster recovery plan for your business, you must first be aware of the disaster related risks that your business faces These potential disasters may include IT system crashes, power failures, data breaches, supply chain disruptions, pandemics, natural disasters, and many others. Different businesses face different risks, so in order to properly prepare for a disaster, an organization must properly assess which disasters are likely to occur given their current organizational structure and geographic locations. This will often require looking at a wide range of factors whether they be financial, economic, geographical, or technological. Don’t forget to also assess the likelihood of disasters in areas where your service providers are located, particularly your cloud computing providers. Because many of these factors can be constantly changing, it is important to reassess risks regularly.
After assessing the risk of disasters, think about what you need to protect and how the assets your company already has can be used to guard against or mitigate disasters. Identify the core technologies and business processes needed to keep your business afloat. This process involves often identifying your organization’s hardware and software systems, keeping a detailed inventory of these systems, and constantly updating this inventory as your systems change. Understanding these systems and how they relate to one another makes it easier to see the effect that the loss of an asset would have on the business as a whole. This in turn gives you vital information you need to formulate a successful plan.
One of the most important benefits of being able to identify assets and business functions is that it enables organizations to set clear objectives when it comes to the recovery of a particular asset. When it comes to designing a disaster recovery plan, there are at least two such objectives that a company ought to define: Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO refers to the time frame in which a team must restore an asset after it goes down, while RPO refers to the amount of data that an organization can tolerate losing, in other words how far back in time your last backup was. When setting these metrics, you’ll need to consider a variety of different factors including indispensability for everyday business functioning, dependencies between processes, legal regulations, costs, and resource availability.
While you want to be prepared for worst-case scenarios, it is obviously better if you are able to take steps to ensure that a disaster doesn’t happen in the first place. Doing so can decrease the likelihood and severity of a disruptive event and save an enormous amount of time and money. You can’t prevent a hurricane or earthquake from happening, but you can prevent many of the human-caused sources of downtime. Examples of preventative measures that can guard against IT disasters include installing an uninterruptible back up power unit, having well-structured maintenance schedules to identify flaws in hardware, and implementing effective data security software.
One of the most effective ways to both prevent an incident from occurring and recover from an incident if it does occur is to have an effective backup plan for your organization’s data. This usually means finding ways to boost data redundancy and leveraging public cloud services. Data experts usually recommend following the 3-2-1 backup strategy, in which you make at least three total copies of the data to be protected, store these copies on at least two different types of storage media, and store at least one copy off-site. Organizations should determine the specific backup system that works best for them, then regularly test this system to ensure it works as intended. Failing to properly backup data is often what renders businesses to be unable to properly recover from a disaster.
You also need a dedicated team or group of teams to implement the disaster recovery plan should an incident occur. Within these teams everyone should be assigned clear responsibilities and immediately know how to respond to each incident that might occur. It is a good idea to have separate emergency response and disaster recovery teams. After an incident occurs how the organization responds in the first 24 hours is often the most important part of the disaster recovery process. An emergency response team that is trained to respond at any moment and take the necessary steps to recover during this crucial time frame, can stop an incident from becoming a full-fledged disaster and make the difference between whether the company survives or fails. On the other hand, a disaster recovery team would work over the entire disaster recovery process and doesn’t necessarily need to specialize in performing the difficult and high-pressure tasks that are required at the beginning of a disaster.
Disaster recovery is a process that affects the entire business, so it is paramount that you involve everyone within the organization and communicate with them clearly and efficiently. This means communicating with every stakeholder before a disaster occurs so that you can better understand the needs of the business and how the recovery process ought to go. This helps avoid potential conflicts and misunderstanding that could arise when a disaster does occur. Communicating effectively also means establishing communication channels such as email, phone calls, collaboration platforms, and emergency notification systems. When establishing these communication channels, you should ensure that there are people responsible for communicating the relevant information, contact info is complete and regularly updated, and that multiple communication channels are used to make it easier to reach each other in case of a crisis, even if some networks are unavailable.
Brief your teams and train them in how to respond in a disaster recovery situation. Remember, this isn’t a once-and-done event. You should revisit training regularly to ensure that everyone is up to date on the latest protocols as the IT systems inevitably change and new disaster recovery plans are developed. Additionally, you should schedule regular practices drill so that everyone has practical experience performing the steps they need to take in an emergency situation, understands their particular role, and is prepared for unexpected situations that may arise. These tests can also help you determine whether the teams are able to meet the required RPO and RTO targets and if you need to either revise the plan or increase training. You should perform these tests at least once a year and probably more. Setting up and performing these tests can be costly and time consuming but because they give knowledge and experience that couldn’t otherwise be had without a real disaster, they are well worth including in the plan.
Check Out Other InformationWeek Slideshows
Brief your teams and train them in how to respond in a disaster recovery situation. Remember, this isn’t a once-and-done event. You should revisit training regularly to ensure that everyone is up to date on the latest protocols as the IT systems inevitably change and new disaster recovery plans are developed. Additionally, you should schedule regular practices drill so that everyone has practical experience performing the steps they need to take in an emergency situation, understands their particular role, and is prepared for unexpected situations that may arise. These tests can also help you determine whether the teams are able to meet the required RPO and RTO targets and if you need to either revise the plan or increase training. You should perform these tests at least once a year and probably more. Setting up and performing these tests can be costly and time consuming but because they give knowledge and experience that couldn’t otherwise be had without a real disaster, they are well worth including in the plan.
Check Out Other InformationWeek Slideshows
This year has had no shortage of disasters that have affected IT teams. In fact, according to the National Oceanic and Atmospheric Administration (NOAA), the first 10 months of the year saw 25 climate or weather events that caused $1 billion or more in losses in the United States alone: 1 drought, 2 floods, 19 severe storms, 1 tropical cyclone, 1 wildfire, and 1 winter storm. By comparison, the average number of billion-dollar disasters in a year is 8.1.
Looking beyond the US, the year has seen floods in China and Libya, hurricanes in Mexico and the Caribbean, and earthquakes in Morocco, Turkey, and Syria. Plus, we’ve had wars in Ukraine, the Middle East, Sudan, and Ethiopia.
As if all that weren’t enough, organizations also face the risk of outages from cyberattacks, equipment failure, or regular old human error. The Uptime Institute reports that most organizations have had some sort of downtime in the past three years. In addition, those outages are becoming more expensive. Two-thirds of outages result in losses of $100,000 or more.
Against this steady drumbeat of bad news, many organizations are revisiting their disaster recovery plans. Many recognize that experiencing a disaster isn’t a matter of if -- it’s a matter of when.
Now is actually a very good time for companies to re-think plans that they’ve made previously. The pandemic changed a lot of things about where, when, and how work gets done. With more employees working remotely more often, companies may need to change their backup strategies. Organizations are also relying more heavily on public cloud computing services. That means they need to consider the ramifications of disasters and outages not only in places where their own facilities are located but also where their providers are located. And the pandemic also resulted in a dramatic increase in cyberattacks. Companies need to be particularly prepared to deal with ransomware and data breaches.
If your organization is updating your disaster recovery plans or perhaps creating them for the first time, where should you start? The following slides highlight eight steps you should take to become better prepared for the next major incident.
Read more about:
Business Continuity/Disaster RecoveryAbout the Author(s)
You May Also Like