Planning for the Worst – Making sure your Business has a Disaster Recovery Plan
“Fail to plan, plan to fail”, isn’t that what they always say?
Planning for the worst is never fun but it is one of those necessary evils in life that we can only dodge for so long before it’s too late. ‘Data’ is a word that gets bandied about a great deal in modern business circles and with good reason. In a world that is becoming more computerised by the day, digital data is more important now than it ever has been and is the systems which store that data and keep our businesses afloat are to fail, the fallout can be potentially catastrophic! As an example. One of the data centres that stores all of the operational data for Google recently failed and it took technicians 5 minutes to recover the server. In those 5 minutes it’s estimated that the company lost over half a million dollars! Now obviously your business probably (ok definitely) won’t be as large as Google, but the figures speak for themselves. Technological disasters can and will strike and when they do the costs can be extraordinary.
Obviously the primary causes of digital data based disasters are software based. This could include hackers, viruses or even random software failure (especially problematic if you’re using outdated software). As systems become more complex and networks are under more strain there are simply more things that can go wrong. It’s not just rogue viruses, hackers and data centre faults that can result in IT system disasters though. Real world disasters can also have a significant effect. For example, after the bombings earlier this year, during the marathon in Boston, IT services in the city were thrown into complete chaos. Whilst the loss of human life on the day is obviously far more tragic, the far reaching implications meant that millions of dollars in business were lost across the city. It’s impossible to plan for these kind of disasters so we must always be prepared!
What is a Disaster Recovery Plan?
There isn’t one exact definition of a DRP, generally it all depends on the business. In general though the three basic strategies that should be a part of all plans are ‘preventative measures’, ‘detective measures’ and ‘corrective measures’. Obviously when it comes to securing data, preventative measures generally involve backing up data either in physical form or via cloud storage and making sure that the systems are secure with full password protection and stable firewalls. In recent times, DRP’s have become increasingly more complex to keep up with ever advancing technology but the benefits of having one in place haven’t changed. Namely to provide a sense of security in the workplace, to minimise the risk of delays, to guarantee the system’s reliability, to minimise complex decision making and to reduce legal liabilities.
How to write a DRP
Drawing up a detailed and precise DRP is a task that should be handled by the businesses IT department and the manager. The plans will need to explain in exact detail how to recover the businesses IT systems into a state fit enough to support the business (at least temporarily) after a disaster. First you’ll need to perform a risk assessment, either yourselves or with the help of an outside specialist. Once the risks have been accurately assessed you should group your critical systems into categories. For example ‘accounts’ and ‘security’ should be two separate categories. All of this data should be backed up
The questions every business should be asking themselves when it comes to disaster recovery are:-
Do we already have a disaster recovery plan in place? If so, are all the parties who need to know about it completely aware of it?
What is the RTO (recovery time objective) for our system? How long do we expect our data recovery to take?
Are we vulnerable to a disaster? If so, what can we be doing to make ourselves more secure?
Are our assets secure?
Are there numerous secure backups of all our important data and is there a copy of said data stored in an offsite location?
Have we made a backup recently?
Have we attempted a test restore at any point in the past year?
How often do we run anti-virus software and do we have a firewall installed?
If you can’t answer all of these questions without hesitation then you’re simply not ready and you might want to hire a firm who specialise in IT support to help you put together a plan that adequately protects your business. It’s estimated that only around half of businesses operating in the United States today have an active disaster recovery plan, a shocking figure considering the tumultuous age we live in.
So if your business is one of those yet to put pen to paper and draw up a sensible and logical DRP, there’s no time like the present. Right?
About the author:
Jeremy S is a freelance copywriter from the UK. His disaster recovery plan has been in effect for months, but then he is notoriously paranoid.