When did you last test your business resilience? Do you have a Disaster Recovery Plan in place? How long could your business survive with no access to your systems and data? If you’re not sure how to answer these questions, now is the time to act. Read on for the 6 steps you need to take to develop a robust Disaster Recovery Plan.
In our last blog, we explained the vital importance of Business Continuity. We investigated the main causes of IT downtime and the potential damage it can inflict on your business: power cuts, cyber attacks, unplanned IT downtime, floods, supply chain failures or losing a key employee – disruptions to your business can happen at any moment.
We know some of what we told you was very scary indeed, especially if you are one of the many small or medium-sized businesses (SMEs) that does not back up its data regularly and has no Disaster Recovery Plan in place.
Not convinced? Use our calculator to find out what an unforeseen incident could mean for your business.
Business Continuity is about having a plan to deal with these difficult situations, so your organisation can continue to function with as little disruption as possible. Every organisation needs to plan for the worst, so a critical component of your Business Continuity Plan will be a Business Data Backup and Disaster Recovery Plan.
But we also told you there are actions you can take now to keep your business’s systems and data safe and minimise the risk of unplanned downtime. Here’s our checklist:
(1) Test your current business resilience
SpecTronics’ Business Continuity Health Check will test the current health of your IT infrastructure to identify areas that need improvement. Following the health check, we’ll discuss the results with you and recommend the steps we think you need to take to protect your business. We can test your current resilience and devise and implement a plan to ensure:
- Your business stays online 24/7
- Your data and applications are safe, and
- Your customers can always reach you when they need to.
(2) Run Proactive Preventative Maintenance
Many businesses take a reactive approach to their IT systems: when there is a problem they will get it fixed, but they don’t consider taking any proactive actions to prevent problems in the future.
SpecTronics’ experts will help you discover how to keep things from breaking in the first place, rather than just fixing them when they do. For example, we’ll make sure you don’t miss any software or firmware updates so your systems run smoothly and securely with no crashes or loss of data. Our ongoing maintenance will keep your computers operational for longer periods of time, and proactively help you avoid downtime problems before they happen.
(3) Set up a Data Backup and Disaster Recovery Plan
Steps (1) and (2) will go a long way towards protecting your systems and data and avoiding unnecessary IT downtime, but they cannot offer 100% prevention. A recent report by Beaming found that the average cost of a cyber-attack for small businesses was £65,000 per victim. This accounts for damaged assets, financial penalties and business downtime.
So, whether it’s cybercrime, employee error, network outages or some kind of natural disaster, it’s essential to be prepared for the worst. From large-scale enterprises to small companies, no business is immune.
What Is a Disaster Recovery Plan?
A disaster recovery plan (DRP) is a documented approach that focuses on business continuity when natural or man-made security incidents take place. It includes a set of policies, tools and procedures that, when acted on together, will enable the recovery of lost data and the continuation of daily operations of a business.
A good Disaster Recovery Plan will
- Reduce the impact of cyber attacks
- Keep clients’ confidential data safe, and
- Protect data against the after-effects of power outages and natural disasters.
6 steps to a successful Disaster Recovery Plan
- Set clear recovery objectives
The primary motive to develop a successful disaster recovery plan is to reduce downtime and the cost of data loss. Setting key objectives that include your Recovery Time Objective (RTO) and Recovery Point Objective (RPO) will help you build an optimal data recovery plan and decide how quickly you need to take steps to recover the data.
According to SpecTronics’ Business Manager Ash Asghar, “a good example of setting an RPO is to imagine that you are writing an important, yet lengthy, report. Think to yourself that eventually your computer will crash and the content written after your last save will be lost. How much time can you tolerate having to try to recover, or rewrite that missing content?”
- Identify involved professionals
Your plan should include a full list of all personnel (internal staff and external contractors) who will be involved in actioning your DRP, with their contact details. Set out how and when to contact each member and describe their assigned responsibilities in detail.
- Provide detailed documentation on network infrastructure
A step-by-step guide to your network configurations will help with the execution of the data recovery process. Detailed documentation will increase the chances of successfully reconstructing corrupted network infrastructure.
We strongly advise you to keep all the documents offline and in a private cloud, and to make sure it’s easy for all personnel to access.
- Set out your chosen data recovery technique
There are many types of data recovery solutions, such as hard drive recovery, RAID recovery software, tape recovery, optical recovery, and more. Each method has a different set of capabilities so selecting the right one for your business and budget is critical. SpecTronics’ experts can help you make the right decision.
- Define what is a disaster and what’s not
Every organisation faces temporary outages, but these incidents do not always constitute a disaster. For example, no business would carry out a recovery procedure for a short power cut, but IT downtime caused by a major phishing incident would be a different matter. Creating an all-inclusive checklist for identifying a disaster will help the recovery team to execute DRP as quickly as possible. This checklist will differ for every organisation, depending on their goals and budget for data recovery.
- Document your entire Disaster Recovery Plan
When a disaster recovery incident is identified, a fully documented set of procedures will play a crucial part in carrying out the disaster recovery strategy. The DRP should align with the already established RTO and RPO standards.
It’s important that at the end of the disaster recovery procedure, all the recovered data should be in an operational state.
To ensure your Disaster Recovery Plan is always in full working order you must:
- Regularly test your Disaster Recovery Plan.
- Review and update your recovery plan on a regular basis, we suggest every six months as a minimum but ideally quarterly.
Disasters are unavoidable but having a tried and tested Disaster Recovery Plan in place will help to limit potential damage, enabling your business to get back to operational mode quickly, and lower the damage cost.
Do you have a managed IT supplier who can help you navigate the minefield of disaster recovery? Have they talked to you about these issues? If not, we can help. The SpecTronics team has a reputation for friendly, informative and reliable services. We aim to make IT solutions simple and easy.
How resilient is your business?
Fill out our Downtime Cost Calculator or complete our Business Continuity Health Check and one of our team will be in touch to work with you to devise a bespoke Business Data Backup and Disaster Recovery Plan.
And don't forget to check out the last blog in our Business Continuity series: Keep your business running in the face of COVID-19.