By William Long
Security Analyst Intern
What you need to know about disaster recovery in today’s climate is that it is often the difference between keeping your business operational or closing the doors permanently. Disasters are becoming stronger and more frequent. It is also important to understand that such events are not just limited to natural disasters, they can also be caused by power outages, physical theft, and even a cyber-attack.
I’m sure that we all have different perspectives on what a disaster is to us individually, but to a business, it is anything that stops our ability to serve our clients and/or impacts production. This is why having a Disaster Recovery Plan (DRP) in place is so important. It is an essential part of a sound Risk Management Program, mitigating risk and minimizing losses to revenue in the event of a disaster.
Planning for Disaster
The key to disaster recovery is to limit the damage by identifying the problem and correcting it as quickly as possible. Simply put, a Disaster Recovery Plan (DRP) consists of three elements: people, processes, and technology.
Planning requires knowing your environment and its threats.
Is your area prone to a specific disaster, like Tornado Alley or on the Atlantic Coastline?
Are your facilities secure?
Do you use or store data that may be deemed valuable to a hacker?
You may feel that the cost of developing a DRP is too much when compared to the likelihood of disaster. However, if you compare the cost of developing a DRP against projected losses due to stop in production over an average period of 6-8 weeks you understand that this mindset only increases your risk of failure.
Disasters are unpredictable and often not preventable and when they do strike it paralyzes your organization. It is better to be prepared for disaster when it strikes than not. Through proper planning, organization, and training, the impact to production and loss of revenue can be minimized.
When planning, start with your organization’s most valuable resource, the people. Not only are they the most important part of your business’s success, they are also the most important part of your Disaster Recovery Plan. The downside is that they are also the most unpredictable variable. Human error is common in the workplace and it is often the largest contributing factor in cyber-attacks. It is for this reason alone that everyone in the organization should know their roles and responsibilities with regards to Disaster Recovery. Who to contact, who does what, and the expected results of their actions.
Ensure they are intimately familiar with the processes and procedures laid out in the DRP. Training of staff is key in disaster preparedness; in fact, it is critical that everyone on staff knows the established policies and procedures of the DRP. They should also be trained and prepared to go “off script” if things do not fall in-line with every step of the DRP.
Another thing to consider is the reactions and capabilities of people during a disaster. Understand that not every employee will be available to assist in the recovery. For this reason, it is best to cross-train everyone, ensuring that there is no single point of failure in your processes. Though this may impact the recovery time for your organization, losses can be minimized through good planning and training, creating a more robust and effective DRP.
The Importance of Processes
Disaster Recovery Plans are all about processes defined by policies – a great DRP is well planned and well implemented. When disaster strikes, existing processes are disrupted. The DRP provides a path forward to restore business continuity through a series of interim policies and procedures documented in the DRP.
Threats are constantly changing and evolving; thus, you should regularly review your disaster recovery processes to ensure that they are up to date with the current risk profiles. We suggest annual reviews to adjust, add, and/or remove unneeded steps. A well thought out DRP can be the difference in recovering from the disaster or your organization going out of business.
The last element of the DRP is the technology and data used in your business. A good DRP should include data backup at a warm site to prevent data loss in the event of a disaster. Even if your technology is destroyed or stolen, having your data backed-up will help you return to normal business operations quicker.
Things happen, but a meticulously planned DRP and a well-trained staff can allow your organization to adapt to such conditions. A DRP enables you to operate under duress while you work to restore normal operations, lowering your risk and minimizing loss in revenue.
Having a Disaster Recovery Plan in place can truly be the difference between keeping your doors open or closing them forever.
Visit THA Security for more information on Healthcare Compliance, Threats, and other Cybersecurity related topics.