Why You Should Update Your Disaster Recovery Plan

Tech News

Written by:

Reading Time: 5 minutes

Circumstances change all the time. Plans you make today could be obsolete in a month’s time, and so we have to keep on re-evaluating the risks we face on a regular basis. At the start of 2020, nobody could have foreseen the events that would unfold and many businesses were unable to cope with the changes in work patterns enforced because of the lockdown and restrictions brought about by the pandemic.

This should make it clear to all businesses that disaster recovery plans have to be updated regularly to meet the challenges thrown up by worldwide events.

In this article, we look at the process of risk management and disaster recovery, and the implementation of a strategy that will meet the demands of an ever-changing world. Most importantly your processes need to be subject to review and improvement.

What sort of disasters should we consider?


A disaster in this sense is anything that will prevent a business from operating for an indeterminate length of time, resulting in potential loss of data. Short term power failures are not usually considered a disaster, but you will still have to plan for recovering data should this occur.

These are typical events that a recovery plan should consider:

  • Natural disasters, such as flood, fire, explosion, terrorist attack
  • Cyber-attack, such as phishing, ransomware, malware or internal sabotage
  • System failure, either malicious or accidental


What matters is how a company recovers from a disaster. The aim is to get things back up and running as quickly as possible and to develop a plan for this a company must first carry out an assessment of risk.

How do we quantify risk?


Understanding what threats affect your business and what the likelihood is of those threats materializing is the first step in managing risk. Risk is measured in terms of likelihood and severity and the process of assessing risk falls into four stages:

  • Identify – ask what could go wrong?
  • Evaluate – consider probability and magnitude
  • Mitigate – reduce, eliminate or put in place procedures to control
  • Review – risk management is an ongoing process, keep the recovery plan live


When working through this process it is always good to involve the workforce – they are the ones who deal with the risks on a day-to-day level and this also makes them feel valued and more likely to “own” the plan.

Most analysts like to quantify risk, in other words, give each risk a score. This helps in terms of prioritizing, but it can lead to serious risks being ignored.

Scoring does not have to be too complex – a simple 3-2-1 for high-medium-low works fine – so a risk with a high likelihood but low severity would score 3×1 = 3. Similarly, a risk with low likelihood and a high severity would also score a 3.

Therein lies the problem. If you decide to focus on the risks that score 4+ you could be in big trouble. Any risk that can impact highly on your business has to be addressed.

Carrying out a business impact analysis (BIA)


Knowing what can go wrong and the effect that might have on your business is just the first stage in the process. In order to formulate a disaster recovery plan, you must analyze the data from the risk assessment.

Look at how your business operates and what you would need to do to get things up and running as quickly as possible in the aftermath of a catastrophic event. Who are the people you would need? What are the critical systems?

A good IT service provider can help in this process and advise on how to implement the plan as well as testing it to make sure it works. There is little point in having a plan if it fails the first time it is brought into action.

Disaster recovery planning


Once you have completed the risk assessment and analyzed the impact on your business, you can then develop your plan for recovery when things do go wrong.

A disaster recovery plan is a documented set of procedures focusing on business continuity should a disaster occur and that includes recovery of lost data and minimizing downtime – the two things that can have the greatest financial impact on your business.

Backing up your files regularly is critical to this process, and backups should be stored in a remote location or on the cloud. Using disaster recovery services for small business enterprises for this would help ensure that data is continuously backed up and available immediately when needed.

Advantages of using managed IT services


Using a managed service provider (MSP) can lower costs and increase productivity so you can focus on your core business. Whilst there is an initial outlay, the cost of managing all your IT services in-house could be a lot greater.

MSPs can offer a quick response to problems as they arise, but more than that, they can proactively work to prevent IT issues by the constant monitoring of your systems from a remote location.

Networking through managed IT services will also help pull together a remote workforce and ensure that up to date information is available to everyone as and when they need it, wherever they are in the world.

Small businesses in particular benefit from the wide range of experience and knowledge offered by MSPs, who will share with them common threats and solutions. Managed IT services vary but most include network administration, data backup, cyber security, communications and general IT support. You can pick and choose all or any number of these to suit your capabilities and budget.

How working methods impact risk


Home or remote working has many benefits both for the individual and the business, but it does throw up fresh challenges that must be addressed, not least of which is security from a cyber-attack or just simple theft.

Many business models use agile working as a way of freeing up office space, particularly when some of the workforce is out of the office a lot of the time. Rather than each person having an allocated desk, they are able to sit down anywhere in the office, plug in their laptop and immediately access the files on the system. This is often tied in with remote working, allowing staff to work from home.

It can have a serious impact on your business if confidential client information falls into the wrong hands. Keeping this information on a server or the cloud rather than a laptop or memory stick is the best way of avoiding this.

Summary


Disaster recovery planning isn’t a one-off exercise. It is something that needs to be tested regularly, tweaked if required and updated in line with changes in your business environment.

As working methods change, so your disaster recovery plan should be adjusted to suit. When new risks are identified, the plan must reflect these.

By using specialist disaster recovery services for small business enterprises, you can concentrate on your core business, utilizing the skills of key staff to do what they do best.

If you haven’t looked at your disaster recovery plan in a while, now would be a good time to do it. If you have got a plan in place open up a dialogue with a professional IT service provider and get some advice.

Author BIO:Darren King is the CEO of Cygnet IT Services, a UK based community Interest Company which provides IT support in Sutton and surrounding areas. Darren has over 20 years working in Information Technology working closely with supporting charities, businesses and schools.