8 Tips for Optimizing Your Disaster Recovery Plan
From hurricanes and earthquakes, to human error or malicious cyberattacks, businesses of all sizes and in all industries are vulnerable to costly disruptions and even business-ending disasters. Large businesses and organizations classically plan for the worst, but all too often, small businesses fail to put a disaster recovery plan in place before it’s too late.
If a natural disaster hits tomorrow, what protocols are in place for your incidence response plan to keep your company running? How about if your client(s) are targeted with a ransomware attack? Keep reading to make sure your disaster recovery plan can guarantee business availability and business continuity in the event of the unthinkable.
Consider these resources in preparing your incidence response plan:
- National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity: This Framework enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improve the security and resilience of critical infrastructure. This cybersecurity infrastructure is bucketed into 5 pillars: Identify, Protect, Detect, Respond and Recover.
- Axcient Incident Response Checklist: This is a practical checklist of steps for an MSP to take as part of an incident response plan. First, it covers steps to take before you contact your clients – the Business/Professional measures to take to prepare as the party responsible for critical decision making and communications. Second, it covers the Technical steps to take for containment, isolation, and restoration.
#1: Identify the Risks
Brainstorm all potential risks to your business and use your imagination. This list needs to encompass everything from ransomware and other cyber-attacks to tornados, hurricanes, and power outages, as well as potential human error. Now, those are the risks we commonly discuss, but what about the less popular or unknown risks?
Consider this, according to a report from Optiv Security, “31 percent of respondents [CISOs CSOs and senior IT decision makers] believe that organized crime and politically motivated acts are seen as the greatest threats to cybersecurity, while 28 percent believe this to be hacktivists.” Are these risks on your radar?
Do some research to find out what could be looming in the future. Be specific to your industry and don’t forget about factors like geographic location and the specific technology you use in everyday business operations.
#2: Prioritize Business Needs
Understanding what the risk is only the beginning of understanding how you will recover from the consequences of a breach. Disasters of any kind will impact wide areas of your business including financials, overall safety, legal and regulatory compliance, operations, and your reputation, just to name a few.
Create a prioritized list ranking the most important areas of your business based on what areas will need to be addressed first. Regular risk assessment is critical. In the event of a disaster, you must act quickly. With this initial step already complete, your recovery team will know where their attention is needed first.
#3: Build a Recovery Team
When disaster strikes, most of your team members will want to help. While the enthusiasm is appreciated, recovery needs to be collaborative, thoughtful, and organized. Proactively build your recovery team by determining employee roles based on essential skills and expertise. Having these responsibilities identified in advance speeds up the in-house and reduces the length and impact of any downtime.
Identify a point person to communicate with the team during the disaster and as the state of recovery efforts progress. Communication and accountability ensure transparency into the situation, which can save time and resources during recovery.
#4: Pre-Plan Business Continuity
Even in times of disaster, your obligations to customers must be met. Pre-plan your business continuity solutions, processes, and procedures to make sure you’re communicating with, and servicing your clients. If critical software goes down, how will you continue to deliver? If you’re hit with a cyber-attack, what is your policy around ransomware recovery? A clear and consistent approach will not only help you recover, but help you avoid the same attacks in the future.
#5: Establish Emergency Accounting and Payroll
While in recovery mode, bills need to be paid and employees can’t go without their paychecks. Consider a cloud-based payroll or third-party option to ensure financial operations don’t come to a complete halt. Consider this MSP story where Enterprise Data Concepts was able to be the hero who helped clients who were affected by Hurricane Ida deliver payroll on time by delivering on their business continuity plan.
#6: Run Drills
Practice makes perfect, so don’t leave these safeguards to chance. Just having a plan is not enough – seeing it in motion is what will really make you feel confident in the effectiveness of your disaster recovery plan.
Start with scheduled drills that allow your recovery team to methodically proceed with protocols and identify any necessary updates. Then, move to unscheduled drills that turn up the pressure. Failures and shortcomings should be discussed for the purpose of perfecting recovery regardless of if the real thing ever hits (and statistically, it will).
Of course, it’s not just the disaster recovery team who needs to be aware and prepared. Empower your employees to be the first line of cyber defense using similar drills, department and role-specific training, and communication transparency for a united front.
When you change applications, locations and personnel, you need to update your plan to make sure it reflects new protocols. Even while you’re vetting new solutions, it’s a good idea to consider how the change will affect the disaster recovery plan you have in place. Since you can’t predict when an attack will occur, updates should be at the top of your priorities when making business changes.
#8: Include Built-in Backup
Your disaster recovery plan isn’t complete without backup. Cloud-based DRaaS, or Disaster Recovery as a Service, might be the best way to ensure your business gets up and running quickly and efficiently after disaster strikes. With near-instant recovery now possible, cloud security is of the utmost importance.
Make sure you’re using a vetted, reliable, and highly rated cloud provider who can put you and your clients at ease. SecurityScorecard, an independent third-party that rates cybersecurity, compares seven different cloud providers across 10 risk indicators. How does your solution measure up?
More Great Stuff From Our Blog:
Check out some other interesting pieces from our blog: Is Microsoft 365 or Google Workspace data the big hole in your business continuity plan as Ransomware attacks spike, we dove into how chain-based backup works and why chain-free is the way to be, we talked with Jason Phelps from Huntress Labs about planning for the next ransomware attack, our CEO David Bennett explains why the current cybersecurity landscape means traditional backup is dead, or learn how you can ditch pricey on-site appliances with Local Cache for Direct-to-Cloud BCDR.