Is your firm ready for disaster? Ensure these 3 elements are in place before a crisis occurs
Disasters arise in many ways. While common storms often cause business-disrupting catastrophes, other surprising and bewildering disasters occur, too.
Many businesses and professionals rightfully associate trouble-inducing crises with fires, floods, hurricanes and tornados. But companies often must also recover operations arising from disruptions caused by numerous other catastrophes. Disgruntled employees, hardware failures, electrical spikes, lightning strikes and a variety of other scenarios—including vehicles accidentally driven into buildings, ransomware attacks and ice and wind storms—have all resulted in having to recover operations resulting from events damaging equipment and networks and sparking unplanned outages. Sometimes operations must be recovered from alternative locations, too, due to the original site proving unavailable or unsafe.
Just what can your organization do to protect against data loss, prolonged unplanned outages and business operations disruptions? Plenty. Taking three steps goes a long way in helping prepare for a disaster.
1. Regularly review and update your company’s disaster plan
Your company does have a comprehensive written disaster plan, right? If not, make creating a proper disaster plan and implementing corresponding supporting practices a priority.
If your organization has already implemented a plan, consider when the corresponding elements were last reviewed and updated. One of the most common disaster planning mistakes is forgetting to revisit and update such plans. Neglecting even the best considered initiatives often causes them to become dated and, subsequently, ineffective.
Whether your firm is creating or updating its preparations, a proper Business Continuity and Disaster Recovery (BCDR) plan includes multiple components and should address numerous elements, including:
- Conducting a Business Impact Analysis (BIA) to identify operational risks, identify methods for minimizing vulnerabilities and confirming the proper data and systems are being backed up
- Determining business recovery (including systems, data and time frame requirements) needs
- Determining communications plans
- Documenting business continuity and disaster recovery steps
- Determining key personnel responsible for performing specific tasks should an emergency arise
- Identifying and recording key personnel contact information
- Determining alternative recovery site requirements (and any corresponding hardware, software and network requirements)
- Scheduling regular reviews and testing of the BCDR plan
When building a disaster plan, it’s also important to include key vendor information. Internet Service Providers (ISPs), Managed Service Providers (MSPs) and telecommunications partners all play key roles in supporting recovery initiatives. Their information—including account numbers, technical representatives and their contact information—should all be included within a written BCDR plan.
2. Implement and Maintain a capable 3-2-1 backup strategy
Long upheld as a sensible backup standard, the 3-2-1 backup strategy is a commonly accepted best practice. The strategy advocates creating at least three backups of your organization’s data, hence the “3” in the 3-2-1 strategy moniker.
The “2” indicates the backups should be stored on two different backup media, as hardware components can fail. Keeping two copies is the only true method of providing some redundancy for your office’s data backups.
The “1” represents a single copy of your organization’s data that is housed offsite. Only by storing a copy at an independent site—the more geographically dispersed the better—can you best protect against data loss due to a widespread catastrophe, such as occurred with Hurricane Katrina.
Several options are available for creating, monitoring and administering backups. Cloud services—including disaster recovery as a service (DRaaS) options from Acronis, Axcient, Datto and Microsoft, assist automatically saving data offsite. Potentially just as important, DRaaS solutions also enable recovering business operations from an alternative location, should circumstances require.
3. Plan and test an alternative location for recovering business operations
When developing and testing a disaster plan, it’s important to include provisions for automating data backup protections to offsite locations and identifying an alternative location from which operations can be recovered, should a crisis render an existing site inoperative and uninhabitable, such as occurs with fires, floods and other natural disasters.
The National Institute of Standards and Technology’s (NIST) Computer Security Resource Center provides free and thorough disaster plan testing recommendations—within its Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities. The recommendations include tests and exercises organizations can implement to help ensure emergency plans work as required when needed. Though published in 2006, the guide’s many tenets and principles remain relevant today.
The institution’s guidance emphasizes the importance of maintaining IT systems and operational recovery readiness. The guide notes disaster plans “should include having personnel trained to fulfill their roles and responsibilities within a plan, having plans exercised to validate their content, and having systems and system components tested to ensure their operability in an operational environment specified in a plan.”
Recommended testing includes regularly performing both tabletop and functional exercises. Such activities offer numerous advantages.
During tabletop tests, key personnel review and discuss actual planned roles and responses to events that could occur. The occasion naturally provides opportunities to better coordinate responsibilities and surface potential issues.
Functional exercises, on the other hand, involve validating readiness preparations by performing recovery tasks within simulated or actual production and operational environments. As with tabletop activities, functional testing assists familiarizing key contacts with their actual roles, better coordinating response and adjusting for any potential errors or issues that arise during the operational or production testing.
Plan for disasters before trouble occurs
These three BCDR steps are effective in helping recover operations and protect against prolonged disruptions. But these preparations must be taken before a crisis occurs. If you or your organization need assistance developing, implementing or maintaining a business continuity and disaster recovery plan, Louisville Geek can help. Email us at [email protected] or call 502-897-7577.
Don’t wait until it’s too late. Act before trouble occurs to ensure you’re ready before a disaster arises.