8 Tips for Optimizing Your Disaster Recovery Plan
Boost your MSP Disaster Recovery Playbook
Whether you are an MSP just getting started or a seasoned pro, you already know that you need a rock-solid disaster recovery plan, or DR plan, for your clients. Equally as important as having a plan is revisiting your DR plans and testing frequently.
Table of Contents
From hurricanes and earthquakes to human error and malicious cyberattacks, businesses of all sizes and in all industries are vulnerable to costly disruptions and business-ending disasters. Large businesses and organizations classically plan for the worst, but all too often, small businesses are considered the easier target. Bad actors assume that small to medium-sized businesses (SMBs) won’t have robust cybersecurity defenses or disaster recovery plan offenses in place. Unfortunately, they’ve been right a lot of times in recent years.
If a natural disaster hits tomorrow, what protocols are in place to keep your clients running? How about a ransomware attack? Quick, who do you call first?!?! Keep reading for high-level tips to reinforce your disaster recovery plan to guarantee data availability and business continuity in the event of the unthinkable.
Identify Cybersecurity Risks
Brainstorm all potential risks to your client’s business and use your imagination. This list must encompass everything from ransomware and other cyberattacks to tornados, hurricanes, power outages, and potential human error. Those are the risks we commonly discuss, but what about the less popular or unknown risks?
Consider this example, according to a report from Optiv, “31 percent of respondents (CISOs CSOs and senior IT decision makers) believe that organized crime and politically motivated acts are seen as the greatest threats to cybersecurity, while 28 percent believe this to be hacktivists.” Are these risks on your radar?
Do your research to find out what could be looming in the future. Be specific to your client’s industries, and don’t forget about factors like geographic location and the specific technology you use in everyday business operations.
Prioritize Business Needs
Gaining awareness of risks is only the beginning of understanding how you will recover from the consequences of a breach. Disasters of any kind impact wide areas of your business, including financials, overall safety, legal and regulatory compliance, operations, and reputations, just to name a few.
Create a prioritized list ranking the most important areas of your client’s businesses based on the areas that must be addressed first. In the event of a disaster, you must act quickly. With this initial step already complete, your recovery team will know where their attention is needed first.
Build a Disaster Recovery Team
When disaster strikes, most of your team members will want to help. While the enthusiasm is appreciated, recovery must be collaborative, thoughtful, and organized. Follow best practices in disaster recovery and testing by proactively building your recovery team. Consider employee roles, essential skills, and expertise in amassing a comprehensive and capable group. Identify and describe member responsibilities in detail to accelerate the in-house tactical response and reduce the likelihood and impact of downtime.
A point person should be named to communicate with the team during the disaster and as the state of recovery efforts progress. Clear, accurate, and concise communication and accountability ensure transparency to save time and resources during recovery.
Pre-Plan Business Continuity
Even in times of disaster, you must meet your obligations to customers. Be ready to keep business moving using the tools in your backup and disaster recovery (BDR) solutions, the processes you’ve practiced to “stop the bleeding,” and the procedures necessary for failback and data restoration. At the same time, you must communicate with and serve your clients.
If critical software goes down, how will you continue doing business? How will you inform clients? Or communicate with your disaster recovery team? What is your plan for overcoming today’s cyberattacks like ransomware and phishing? A clear and consistent approach to all the what-ifs helps you recover and avoid suffering the same attacks in the future.
“Business continuity plans are most effective when your communication to internal staff and clients is clear and consistent. Confusion and miscommunication from both parties in the case of a malicious cyberattack may make data loss even worse and extend recovery times.” – Adam Preeo, Director of Product Management / Axcient
Emergency Accounting & Payroll
Due to the personal nature of the information held in finance departments, it’s of the utmost importance to assess potential losses immediately – and that might mean freezing operational accounts. Everything from social security numbers and bank account details to birthdays and passwords could be breached.
Regardless, bills and employees still need to be paid when a business is in recovery mode – even after natural disasters. Give yourself time to assess the situation thoughtfully while continuing to meet financial demands with a cloud-based payroll or third-party option. Make sure your backup systems comply with regulations and quality management standards, as well as highly restricted access only available to select recovery team members.
Run Disaster Recovery Drills
Practice makes perfect, so don’t leave these safeguards to chance. Just having a plan is not enough – disaster recovery planning and testing lets you experience your DR Plan in motion. It helps you to asses disaster recovery readiness and provides confidence for your MSP and your clients that you are ready to recover.
Start with scheduled drills that allow your recovery team to proceed with protocols and identify any necessary updates methodically. Then, move to unscheduled drills that turn up the pressure. Failures and shortcomings should be discussed for the purpose of perfecting recovery regardless of if the real thing ever hits (and statistically, it will).
Of course, it’s not just the disaster recovery team who needs to be aware and prepared. Empower your employees to be the first line of cyber defense with a strong security playbook. Using similar drills, department and role-specific training, and communication transparency, employees act as an extension of your recovery team to form a united front.
Update Disaster Recovery Plans
When you change applications, locations, and personnel, you must update your plan to reflect new protocols. New employees should be trained on the disaster recovery plan as part of their onboarding process. Additionally, a regular review schedule should be in place to ensure this vital piece of business continuity never falls by the wayside.
While vetting new solutions, consider how the change will affect your disaster recovery plan and testing practices. Each step of the plan must be tested and validated, along with standard operating procedures (SOPs) to document the processes in place. Since you can’t predict when an attack will occur, updates should be at the top of your priorities when making business changes.
“The best disaster recovery plans become living documents that are everchanging with the rapid pace of technology. As businesses purchase new software and dump old ones, it’s extremely important that these changes are reflected in their DR plan. What good is a DR plan that was built during the on-prem days in the era of cloud-based Office 365?” – Tim Sheehan, VP / Axcient
Include Built-in Backup
Your disaster recovery plan isn’t complete without backup. Cloud-based‑DRaaS, or Disaster Recovery as a Service, might be the best way to ensure your business gets up and running quickly and efficiently after a cyber incident. With near-instant recovery now possible, cloud security is of the utmost importance.
Use a vetted, reliable, and highly rated cloud provider who can put you and your clients at ease. SecurityScorecard, an independent third party that rates cybersecurity by analyzing seven cloud providers across ten risk indicators to generate an apples-to-apples comparison. How does your current solution measure up?
Want More DR Planning Resources Just for MSPs? Get the Complete Playbook!
- The key components of a resilient DR plan
- A structured planning and testing framework
- A curated list of current security policies, frameworks, and standards
- A list of common pitfalls to avoid
- Guidance for supporting remote workforces
- DR testing tips, tricks, and free tools
About the Author: Carissa Johnson // Product Marketing Manager, Axcient
Carissa Kohn-Johnson has a background in healthcare technology and information technology, and is now the Product Marketing Manager for Axcient. She has a lot of MSP Channel experience from planning and attending hundreds of conferences and tradeshows, and found her passion in IT. Carissa is also an elected official in Cary NC, a town chock full of technology-forward people. Connect with her on LinkedIn – perhaps you can contribute to the Axcient blog?