Disaster Recovery Plan Defined
You might not be able to prevent disasters from happening, but with a solid disaster recovery plan in place, you can be ready for them when they hit and ensure the least amount of impact to your business. Tornadoes, earthquakes, floods, fire, hurricanes, terrorist attacks, cyber attacks; a good DR plan should account for as many potential disasters as possible and lay out clear tactics that ensure critical systems are not only protected but kept online and that revenue loss is kept to an absolute minimum.
Identifying Potential Business Interrupters
The first thing a DR plan needs to include is a detailed analysis of potential threats or "business interrupters". All scenarios should be considered, even those that are possible but least likely to happen. Just because an earthquake hasn't occurred in your region for decades, the possibility of one occurring still needs to be taken into account.
Sadly, today it is cyber attacks that are most likely to cause the most damage, so you may want to give priority to these types of threat over natural disasters.
What Should a Disaster Recovery Plan Include?
If you type "disaster recovery plan template" into any search engine, you will be faced with hundreds of different options. However, the most important aspects of any DR plan is that it is easy to understand and implement, tested and proven and up-to-date with the latest business systems and potential threats. A good plan should include the following:
- Statement, overview and objectives of the overall plan.
- Contact details for all key disaster recovery personnel. Many organizations formulate a dedicated disaster recovery team.
- In-depth details of emergency and routine response actions to implement before, during or after a disaster. For example, if a tornado warning has been issued in your region, your emergency response may be to failover all critical systems to a data center out of state and out of harm's way.
- Details about any recovery sites, including diagrams of the IT network and instructions on how to get there.
- Details about the organization's most critical business assets and systems should also be listed, including the impact of an outage to the business and maximum outage time for each. You should also determine your Recovery Point Objective (RPO) and Recovery Time Objective (RTO) across your organization. RPO relates to the maximum age of files that must be recovered from a backup source for normal operation to resume following a disaster. If you state an RPO of four hours, you must set your systems to backup at least every four hours. The RTO relates to the maximum time a business has to recover its files and resume normal operations. If your RTO is two hours, it cannot be down for any longer.
- A detailed and up-to-date list of all software, user accounts and license keys that will be used during disaster recovery efforts.
- Technical information from third-party vendors on how to recover systems in the event of a disaster.
Summary of insurance coverage affecting hardware and any aspects of the network infrastructure.
Without a disaster recovery plan in place, you are simply left to cope with the disaster and the catastrophic fallout this can have on your business. From losing critical systems to flood or fire to falling victim to a crippling cyber attack, a disaster can strike any any moment and often without any warning.
In addition to developing a solid and proven DR plan, you need the systems in place that will ensure your data is safe whether it is in use, in motion or at rest. Forcepoint's Data Loss Prevention solution offers dynamic data protection, data leave prevention and a suite of advanced features that safeguard against data breaches across your organization.