By Dominick Scafidi
From hurricanes and earthquakes, to human error and malicious cyberattacks, businesses of all sizes and in all industries are vulnerable to costly disruptions and even business-ending disasters. Large businesses and organizations classically plan for the worst, but all too often, small businesses fail to put a disaster recovery plan in place before it’s too late.
If a natural disaster hits tomorrow, what protocols are in place to keep your company running? How about a ransomware attack? Keep reading to make sure your disaster recovery plan can guarantee business availability and business continuity in the event of the unthinkable.
#1: Identify the Risks
Brainstorm all potential risks to your business and use your imagination. This list needs to encompass everything from ransomware and other cyber-attacks to tornados, hurricanes and power outages, as well as potential human error. Now, those are the risks we commonly discuss, but what about the less popular or unknown risks?
Consider this, according to a 2019 report from Optiv Security, “31 percent of respondents [CISOs CSOs and senior IT decision makers] believe that organized crime and politically motivated acts are seen as the greatest threats to cybersecurity, while 28 percent believe this to be hacktivists.” Are these risks on your radar?
Do some research to find out what could be looming in the future. Be specific to your industry and don’t forget about factors like geographic location and the specific technology you use in everyday business operations.
#2: Prioritize Business Needs
Understanding what the risk is only the beginning of understanding how you will recover from the consequences of a breach. Disasters of any kind will impact wide areas of your business including financials, overall safety, legal and regulatory compliance, operations and your reputation, just to name a few.
Create a prioritized list ranking the most important areas of your business based on what areas will need to be addressed first. In the event of a disaster, you must act quickly. With this initial step already complete, your recovery team will know where their attention is needed first.
#3: Build a Recovery Team
When disaster strikes, most of your team members will want to help. While the enthusiasm is appreciated, recovery needs to be collaborative, thoughtful and organized. Proactively build your recovery team by determining employee roles based on essential skills and expertise. Having these responsibilities identified in advance speeds up the in-house and reduces the length and impact of any downtime.
Identify a point person to communicate with the team during the disaster and as the state of recovery efforts progress. Communication and accountability ensure transparency into the situation, which can save time and resources during recovery.
#4: Pre-Plan Business Continuity
Even in times of disaster your obligations to customers must be met. Pre-plan your business continuity solutions, processes and procedures to make sure you’re communicating with, and servicing your clients. If critical software goes down, how will you continue to deliver? If you’re hit with a cyber-attack, what is your policy around ransomware recovery? A clear and consistent approach will not only help you recover, but help you avoid the same attacks in the future.
#5: Establish Emergency Accounting and Payroll
While in recovery mode, bills need to be paid and employees can’t go without their paychecks. Consider a cloud-based payroll or third-party option to ensure financial operations don’t come to a complete halt.
#6: Run Drills
Practice makes perfect, so don’t leave these safeguards to chance. Just having a plan is not enough – seeing it in motion is what will really make you feel confident in the effectiveness of your disaster recovery plan.
Start with scheduled drills that allow your recovery team to methodically proceed with protocols and identify any necessary updates. Then, move to unscheduled drills that turn up the pressure. Failures and shortcomings should be discussed for the purpose of perfecting recovery regardless of if the real thing ever hits (and statistically, it will).
Of course, it’s not just the disaster recovery team who needs to be aware and prepared. Empower your employees to be the first line of cyber defense using similar drills, department and role-specific training, and communication transparency for a united front.
When you change applications, locations and personnel, you need to update your plan to make sure it reflects new protocols. Even while you’re vetting new solutions, it’s a good idea to consider how the change will affect the disaster recovery plan you have in place. Since you can’t predict when an attack will occur, updates should be at the top of your priorities when making business changes.
#8: Include Built-in Backup
Your disaster recovery plan isn’t complete without backup. Cloud based DRaaS, or Disaster Recovery as a Service, might be the best way to ensure your business gets up and running quickly and efficiently after disaster strikes. With near instant recovery now possible, cloud security is of the utmost importance.
Make sure you’re using a vetted, reliable and highly rated cloud provider who can put you and your clients at ease. SecurityScorecard, an independent third-party that rates cybersecurity, compares seven different cloud providers across 10 risk indicators. How does your solution measure up?
Experience Axcient for yourself
Try Axcient FREE for 14 days and experience the Axcient suite for yourself.