Just like it’s no good purchasing a deluxe security system for your office after it’s been burgled, there’s not much point making your disaster recovery plans after your organization has been compromised by a hacker.
Disaster recovery (DR) is about coming back from the brink: getting your system back up, recovering all your data (or as much of it as you can), and putting in place the practices and measures that will ensure you don’t repeat the same mistake(s).
Every business is to some degree vulnerable to being hacked. You have as much chance of achieving 100 per cent “guaranteed airtight” security as you have of securing a 100 per cent market share. It’s just not going to happen. Having said that, there are things you can tackle in your DR plan to minimize the threat and damage should disaster strike, including:
- Covering as many bases as possible. It’s not possible to analyze every possible scenario. However, your company can put in the work to analyzing as many possible threats as possible, and establishing how you will react in every single case. Example: if your Vancouver office is attacked, what’s your plan for bringing it back? This element of DR planning calls not for perfection, only your best effort at covering as many bases as you can.
- Keeping people in mind. In building their DR plans, many companies will place too much emphasis and focus on technology and not enough on the people who use and oversee that tech. It’s better to think in terms of context — i.e., “What kind of DR plan works for our organization?” In going this route, you must answer questions around behaviour (“How do we want our people to react in disaster scenarios?”) resources (“What will our people need to quickly get us up and running after a disaster?”) Link specific people and roles to specific tasks. Let there be no guesswork involved as to who should be doing what when disaster strikes.
- Don’t let things get stale. Plans don’t have to be set in stone. They are not immutable. They must be updated regularly, or at least as frequently as is appropriate. DR plans are neither relevant nor complete unless they take all facets of your business into account — all tech, systems, and applications you are currently using. How often your DR plan is updated depends on many factors, but given the pace of technological change in general, it’s a safe bet that you will be updating your plan frequently.
The saying “He who hesitates is lost” certainly applies in the case of any organization that wishes to stay on top of its DR efforts. There is no room for hesitation and complacency when it comes to security and disaster recovery. Unfortunately, far too many companies will put in the hard work only after being hit with a disaster. A truly modern enterprise thinks ahead. By doing its heaviest work on the front end, it can boldly face the future, come what may.
Feel free to download the TeraGo DR Best Practice Guide. This one-pager offers seven steps for an effective DR plan and a quick but concise “Are you prepared?” checklist.
