Why Disaster Planning Matters & How to Create an Effective Recovery Plan

Business Continuity
Written By Callie Sierra
DR Plan.png

We don’t know who said it but we like it: If disasters strike when least expected, then make sure you always expect one.

While applicable in countless facets of life, the adage certainly rings true for your small or medium-sized business (SMB). A robust disaster recovery (DR) plan is a critical component of expecting the unexpected and improving your overall business continuity and security posture. We can’t predict when disaster will strike—or even what it will be—but we can certainly plan for one. 

An effective DR plan will minimise your overall risk and reduce costly downtime and reputational damage in the event the unexpected happens. One source suggests that four-fifths of businesses who suffer a major incident will fail within a year and a half. But with the proper planning, it doesn’t have to be this way.

So, in this spirit, we present a “crash course” in disaster planning for your business. We define the key components of an effective DR plan and share a few common methodologies to follow so that your business can not only learn how to prepare for a disaster, but also rapidly recover from one.

What is disaster recovery?

Before we talk recovery, we should first ask, what is a disaster? Let’s begin with a clear definition. A “disaster” is any unforeseen incident that could put your business at significant risk because it interferes with normal and necessary operations. This could range from natural disasters like flood or fire to an event caused by an internal or external person (whether it’s a well-intentioned mistake or a malicious act) to a power outage, pandemic or a sophisticated cyber-intrusion such as a ransomware attack. 

We suggest you pause here and ask yourself: What are the most likely sources of disaster facing my business? You’ll likely identify multiple potential disaster scenarios. As you answer this question, consider everything from your industry and customers to your competitive landscape and physical location to the regulatory environment in which you operate, as well as any recent or historical events (such as a previous cyberattack). What threats pose the greatest risk (e.g., what could shutter your entire operations versus partially or temporarily slowing a noncritical process)?

Disaster recovery is the method and plan for how you’ll resume regular operations following a disaster. For many businesses, recovery will equate to the resumption of essential activities and operations. Exactly where disaster recovery happens is important, too. A successful DR plan will depend on replicating data and essential processes at locations that will not be impacted by a given disaster, such as a secondary, off site location where data is backed up.

What are the key elements of a good disaster recovery plan?

While every DR plan will be unique to your specific business needs, there are several shared elements of a strong and effective strategy. We outline five such components here.

  • Form a DR dream team: A plan is only effective if people can properly carry it out. Early on, identify a specific list of people who will be responsible for developing, implementing, testing and managing the DR plan. While different people—or even different business units—may be responsible for various components of the plan, it should also have an overall “owner”. This is also an opportunity to involve key leadership around your plan for maximum buy-in and investment. 

  • Evaluate your risk: As mentioned above, you’ll also need to identify early on the various hazards that are likely to necessitate a DR plan. What are these events and how do you plan for them? A response to an on-premise fire, for example, may differ from a response to a ransomware intrusion. A theft at a retail location might be a nuisance, but does it warrant a disaster recovery plan? 

  • Identify business-critical assets: What are your critical IT functions? Catalogue everything—including tools, applications, data, platforms, processes, resources and infrastructure—that is critical to your operations and to ensure business continuity. 

  • Backups: While every DR plan is unique, a key part of it will undoubtedly be backups. What assets and information is critical, and how will you back this data up now to ensure you can access it later, following a disaster? Where does this data live, who uses it and who will need quick access to it following a disruption? You may also want to think through optimal recovery times. How long could you continue to safely operate without a particular asset? One week? One day? One hour? Recovery time objectives can be a helpful framework from which to build your DR plan. NOTE: Wherever possible, strive for automation for more consistent and predictable backups.

  • Test, test, test and optimise: Disaster, by definition, is unpredictable. The severity and source of a disaster can and will change over time. Once you’ve developed and implemented a DR plan, test it at least annually (or following every disaster) to be sure it still provides an optimal level of business continuity and recovery. Even if it does, there may be improvements over time (such as machine learning or automation) to improve an already-strong plan. One source suggests that more than half of businesses with a DR plan do not regularly test it!

What are the different types of disaster recovery?

As we mentioned above, every effective disaster recovery plan will be unique to your business. However, in creating a DR plan, there are several “types” of plans you can aim for. Popular and proven options include backup, Disaster-Recovery-as-a-Service (DRaaS), Backup-as-a-Service (BaaS) and virtualisation. We explain more below:

Baseline Backup Plan

A general process and plan for backing up critical data is the root of the most basic DR plan. (If you only take one action toward your DR plan, you should, at the very least, invest in a robust backup strategy.) A backup plan involves storing data either off-site or in a removable drive. Simply backing up data on its own (in your current infrastructure) is insufficient because, depending on the type of disaster you encounter, your on-site or affected network is left without with a complete recovery solution.

Backup-as-a-Service (BaaS)

A BaaS strategy leverages the expertise of a third party to manage the backing up of your essential data. Perhaps you have limited staff time or resources. Partnering with the right vendor can reduce these time and budgetary constraints. It’s a modern alternative to an in-house backup plan and one less thing for you to worry about! Which is exactly why Optec has teamed up with Assured Data Protection to offer Back-up-as-a-Service to eliminate the complexity, expense and management of in-house backup and data protection.

Disaster-Recovery-as-a-Service (DRaaS)

In this scenario, you partner with an expert third party to develop and implement your DR plan. In the event of a significant IT failure, your servers, applications and data can be brought online rapidly allowing your business to continue operating with minimum disruption. Once again, we’re excited to offer a  best-in-class DRaaS solution in partnership with Assured Data Protection. It takes our BaaS solution one step further by replicating all critical information to an offsite or protected disaster recovery location. 

Virtualisation

In this approach, your business will back up operations and data on a replica of your system, hence the name, virtualisation. In the event disaster strikes, these virtual machines are kept off-site and can be used to quickly resume operations. 

So, as you begin to identify the greatest risks facing your business and catalogue your critical functions, what “kind” of disaster recovery plan makes the most sense?

How Optec can help

Disaster recovery is an important component of your business continuity strategy. A DR plan is an affordable and achievable step to ensure that you can recover quickly, if or when disaster strikes. If the pandemic taught us anything, it is to expect the unexpected. It could be the difference between being one of the fortunate one-fifth of businesses that are able to keep the lights on—long-term—following a major incident.

Whether you have a disaster recovery plan in place but would benefit from an expert review, or are seeking help to develop a new plan, Optec is here for you. In partnering with Optec on BaaS, DRaaS or other solutions, you’ll be left with peace of mind and more time to focus on what matters: growing your business.

 

Want the latest news from Optec? Be sure to be sure to follow us on LinkedIn and Twitter.

Related posts

Blog
New: Fortify your Firewall with Optec Fortified Monitoring & Support
News, Tips & Tools
New: Fortify your Firewall with Optec Fortified Monitoring & Support
News, Tips & Tools

We’re excited to introduce the latest service from Optec, designed to protect your Fortinet Firewall systems.

Read More →
News, Tips & Tools
Optec Achieves Cyber Essentials Certification!
News
Optec Achieves Cyber Essentials Certification!
News

We're pleased to announce that Optec has achieved Cyber Essentials certification.

Read More →
News
2019 in Review & A Look Ahead to 2020
Insights
2019 in Review & A Look Ahead to 2020
Insights

We take a look back at how Optec’s evolved in the past 12 months, and preview what’s to come in the year ahead.

Read More →
Insights
New Careers and First Days: An Unexpected Journey to Optec
News
New Careers and First Days: An Unexpected Journey to Optec
News

Meet Dave Cornelius. He’s the latest addition to the growing Optec team.

Read More →
News
Callie Sierra
Previous

Strategic Defence: Preventing Ransomware in Local Government

Next

Event Recap: Pints, Pies & Data Protection