Floods, tornadoes, severe storms, earthquakes and hail were among the natural disasters hitting the United States in 2016. Some regions of the country, of course, are better than others when it comes to the damaging effects of Mother Nature.
But companies globally have to deal with the increasing threats caused by cyber attacks. No one is immune. These criminal acts have impacted small companies to big names as varied as Wendy’s, the FBI, Verizon, LinkedIn, CitiBank, and the Democratic National Convention, according to The Heritage Foundation.
With threats coming from all sides, companies need to focus on developing effective disaster recovery plans — ensuring that they’re updated and regularly tested to minimize the fallout caused by disastrous events. Doing so could be the difference between your company being down for days, even weeks, or being able to fully recover and operate within an hour or two of an event crippling your system.
Check these steps to ensure you’re in good shape.
Review your current DR plan
1. Make an assessment. When was the last time you checked the effectiveness of your disaster recovery response plan? Months? Years?
Only 40% of companies globally check their DR plans once a year, according to the Forrester and Disaster Recovery Journal’s “State of Enterprise Risk Management 2016” survey. About 27% test it more than once per year. Another 21% test their disaster recovery plan every two years. And 11% said they never tested their DR plans.
The report also revealed that 65% of the companies that did test their plan did not pass their requirements.
2. Check for gaps. As you review your DR plan, make sure that you have all bases covered — from applications and networks to document storage. Take the time to determine all areas that will need to be recovered.
3. Have an expert review your plan. It’s likely you have internal expertise to develop an effective disaster recovery plan. However, it’s still critical to get an objective review. An expert can help you determine your goals for recovery of any critical applications, as well as rate them in terms of priority.
An outside assessment could also help you determine more objectively where you need to make adjustments.
Develop an effective DR plan
Whether you seek outside consultation or not, your disaster recovery plan should include numerous key ingredients, including the following.
4. Take inventory. Review all of your equipment, both hardware and applications, taking note of what would need to be replaced in the event of damage during an event. This will ensure that components can be quickly addressed by contacting the vendor for replacements or solutions to help your company recover.
5. Assess your downtime tolerance. What is your level of dependence on your servers? Are you operating primarily online? Or are you operating a service agency with limited use of technology for specific functions? Depending upon your answer, you may be better able to determine your recovery point objective and recovery time objective.
6. Categorize your functions. Determine which applications should be prioritized under your disaster recovery plan. One category should include applications that are critical — and must be addressed urgently in the event of a disaster. Other categories can range from several hours to several days in priority, based on how critical they are to the success of your operations.
7. Assign roles of responsibility. Identify the members of your team who will be contacted for different roles and at different times. Critical team members should be contacted immediately to handle specific responsibilities under your disaster recovery plan. This is another reason for more frequent testing. Employees come and go. You could be in a disaster situation and a previously identified employee for your plan may no longer be with the company. Also, identify any third-party consultants who are critical to your plan.
8. Establish a communications plan. How do you plan to get the word out to employees on next steps in the wake of a natural or man-made disaster? Those guidelines should be outlined in your plan. Under challenging circumstances, how will employees receive information on where to go next? If systems are down, including phone and the internet, you may need to establish alternative methods of communication. You can also distribute protocol in writing beforehand. Ensure that employees are trained on how to access those details.
9. Develop an alternative worksite. Creating redundancies is critical as part of a disaster recovery plan. Make sure that you have a location that the critical members of your team can gather to continue performing essential functions. It could be a colocation center with the capability to house a temporary work space for a specified number of your employees.
10. Test your plan regularly. It’s not enough to test your disaster recovery plan every couple of years. Review all processes, including any changes in equipment, personnel, processes and contact information. Take the time to go through the steps under the plan, including each step outlined above. When necessary, update your plan to reflect any changes in the configuration of your equipment, as well as backup schedules and procedures.
Train your employees to ensure adoption
Engage your employees in the disaster recovery plan testing. It’s not enough to test your disaster recovery plan every couple of years. Going through the exercise may be disruptive but it could be the key to keeping your operations viable when disaster does strike.
Want to learn why EMP shielding, FedRAMP certification, and Rated-4 data centers are important?
Download our infographic series on EMP, FedRAMP, and Rated-4!