11 Key Elements of a Business Disaster Recovery Plan

 

Hurricane season is upon us, while we’ve been lucky in the Tampa Bay Area these past few years, the threat of a major storm could be weeks away. You may not need to start boarding up your windows or raiding Publix for dry food, water and batteries but you do need to start thinking proactively about how you’re preparing your business for a potential disaster. Many of us remember Hurricane Irma which rocked the South East United States in 2017, potentially disrupting 2,108,378 (yes – 2.1 million) businesses in Florida alone. Of these 145,415 businesses were in located Hillsborough county.

While some business survived unscathed, many were not so lucky. Businesses experienced downtime that lasted days or weeks. Without power, phone service and internet – your business is already hanging in the balance. Just add water or fire damage which could easily wipe out the precious data your laptops, workstations or servers contain, and you’ll have a recipe for a business disaster you might not be able to recover from.

Ensuring that your assets, data and hardware are protected is only part of a disaster recovery plan – the rest is done by determining a process for how quickly you can get back online and operational again. Rather than scrambling to put the pieces back together after a major storm, it’s time to put a plan in place. Here are 11 key elements of a disaster recovery plan:

Communication Plan

  • When your business faces the unexpected, stress levels will be at their highest and things are going to get hectic. You’ll need a communication plan that effectively keeps everyone on the same page. Your communication plan should include documents that have each employees’ updated contact information. We recommend creating email templates for internal employees, in the event of a disaster you’ll be able to quickly let your internal stakeholders know the status of your office and systems, whether they are expected to show up to work, and timelines to set expectations. During high-stress times, people need reassurances and to know what the next steps are, considering including the following:
    • Depending on the circumstances, advise staff to avoid discussing the disaster until they’ve been directed to
    • Make sure employees understand they still have jobs
    • When and where personnel should report for work
    • How duties may change during the disaster recovery process
    • Any precautions that employees should be mindful
    • Key client communication strategies (if they are contacted by clients, how should they respond)
    • If employees will be paid the same way, when and how they can expect to be paid

You’ll likely have client deliverables and projects in the works – if your business encounters a situation that that prevents you from delivering on time, you need to let your clients know as soon as possible. Having clear, concise and honest emails ready to update your clients in the event of business downtime will go a long distance in building and maintaining your existing relationships. Ensure that these messages set expectations, minimize confusion, and garner trust that when your team is back online, your company will deliver on any open projects as soon as operations are restored.

Disaster Recovery Role Assignments

  • Employees have a critical role to play in reestablishing operations following a disaster. The effectiveness of your communication and role assignments can increase or decrease your Recovery Time Objectives (RTO), the projected duration your business needs to restore operations within. Your employees need to understand exactly what their role is and who is responsible for setting up workstations, procuring equipment that was damaged, redirecting phone services, assessing damages, and updating clients, as well as assessing data loss. With clear assignments and expectations in place, your team can work more efficiently to bring systems back online and minimize negative impacts following a disaster.

Disaster Plan for Physical Equipment

  • For businesses located in areas with seasonal natural disasters like hurricanes or tornados. It’s important to have a plan in place that protects your equipment from adverse weather. The first step is safeguarding your electronics from water damage, which means moving any equipment off the floor, into a room without windows, and creating a barrier against water by wrapping electronic securely with heavy-duty plastic wrap. If able, we recommend sealing your equipment in waterproof containers or bringing critical hardware like servers off-site to a safer location.

Data Continuity Plan for Information Systems

  • Data continuity is essential for every company, large or small, as it provides business systems resilience in every aspect. Taking an inventory of your data storage locations is a critical step when creating your disaster and recovery plan. You’ll need to document and understand where exactly your data is stored, who has access, and what data is vital to business operations versus non-critical files or systems. For a truly effective data continuity plan, you’ll need to ensure that your business is utilizing regularly scheduled image backups of your servers and critical workstations, preferably in the cloud or off-site, to ensure a backup copy is always available and unaffected by a local event.

Backup Testing and Validation Procedure

  • Your Disaster Recovery Plan is only as good as the outcome of your last test. Be sure to backup your data in regular intervals, we recommend completing a full backup of all servers at least on a weekly basis. Also be sure to follow what is known as the “3-2-1 data backup rule”: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite. Why do we need redundancies? Simple – technology fails and accidents happen. By following the 3-2-1 data backup rule, you reduce vulnerabilities from a corrupt backup, hardware failure or a disaster.

Temporary Backup Server Strategy

  • Any Disaster Recovery as a Service (DRaaS) provider worth their weight will implement off-site cloud-based backups using a system like Veeam which allows your team to take advantage of Instant-On Server technology to spin up an exact clone of your server in the cloud so that your employees can support business goals and continue working in the wake of a disaster. Server replication can cut your hardware recovery times from days to less than 15-minutes, potentially saving your brand image and company thousands in lost productivity.

Emergency Backup Power System

  • Your business may not be able to control the power grid but installing a generator is an option, for most businesses, in the event of a power outage. A generator could help save your company thousands in the long-term considering an average hour of downtime costs $8,000 for a small company, between short-term local outages to power outages caused by natural disasters that could last day or weeks, a backup generator will often provide an ROI just after handful of interruptions. Before you purchase a generator, be sure to work closely with a certified electrician to help you identify the right system for your business needs.

Internet and Communications Failover

  • Outside of power, your high-speed internet connection is the lifeline of your business. A resilient, redundant, backup communications network is essential to business continuity and disaster recovery plans. From unplanned temporary Internet outages to longer-term natural disasters and man-made threats, losing Internet connectivity and mission-critical communications can jeopardize business and organization operations, productivity, and safety. Internet failover is best achieved by having a second Internet service provider (ISP) network as a backup when your primary ISP provider goes down. In the event of such a failure, businesses can manually redirect their IP addresses to the secondary failover network or automate the failover process. For absolute protection, consider implementing a 4G LTE or 5G wireless internet failover to avoid disruption from cut fiber optic or major disasters that could affect your primary and secondary Internet Service Providers.

Employee Remote Work Plan

  • In some cases, it may not be feasible for some or all employees to return to the office. In this event, having a post-disaster “Remote Work Policy” in place will help ease the burden for your valued staff who want to work but may not be able to return to the office. Make sure everyone understands the security guidelines for connecting from off-site (like only connecting to your shared networks through a VPN, not saving secure documents directly to their personal drive, or saving all work to saved networks for access by the rest of the team later).

IT Vendor Communication & Service Restoration Process

  • Every business has vendors and service providers that are essential to operations which is why it’s important to have an updated vendor contact list, you’ll know who to call and reach out to for support in the event of a post-disaster recovery. We recommend businesses update their vendor list at least once a quarter and store this off-site or in the cloud. Create an Excel spreadsheet (or Google Sheet) and store online, you can then share with each department head to update as needed.

Before and After Pictures of Your Office and Equipment

  • An often-overlooked item in a disaster recovery plan is having up-to-date images of your business, both internal and external. You’ll want to have before and after images on hand to prove that the items affected were actively in use by your employees and that you proactively took the diligent steps to protect your equipment while preparing for a storm. It’s important that your team takes images before clearing any debris and damages before you start cleaning up. Be sure to include as many images as possible from all angles before clearing debris and of your existing inventory or equipment and an itemized list of the value for everything your filing in your insurance claim. Generally, you should not throw away any damaged items until the claim’s adjuster has visited.

While hurricane season doesn’t affect every business across the United States, local and national disasters may. What disasters does your team need to prepare for? Keep reading as we help your business prepare to tackle any disaster the unexpected might throw your way.

What Kind of Disasters Do You Need to Prepare For?

First, you’ll need to outline the disasters that you should be prepared for. As they say, you should always plan for the worst-case scenario, and no event should be kept from consideration.

  • User Error: Everyone makes mistakes, and the results vary wildly from minor inconveniences to major problems that affect multiple users. This includes accidental deletions, shadow IT, and other issues that could place your business in a bad spot if unprepared for.
  • Key Staff Unavailability: What would happen if someone with important knowledge or permissions were to suddenly be away from the office due to some accident, personal emergency, or other reason? If this access is exclusive, your business could be placed in a precarious situation.
  • Equipment Failure: Most modern businesses rely heavily on technology of some sort, and that technology requires an infrastructure. If these were to fail, what would you do? Important processes and procedures could be interrupted.
  • Malware: Malware is a constant threat to businesses, and it has evolved over the years to become a force to be reckoned with. Considering how many different ways there are for hackers to initiate threats, you need to be vigilant at all times to avoid it from becoming an issue. Check out our cybercrime report to learn more about how cybercriminals are disrupting businesses and industries.
  • Natural Disasters: Most businesses fear natural disasters of certain types, and it’s largely due to their geographic location. Hurricanes, earthquakes, floods, electrical storms… these are all risks that businesses need to consider when planning out their disaster recovery plan. While not all organizations will be susceptible to the same types of disasters, they all need to have a plan to address the specific situations they might find themselves in.
  • The Unexpected: Some scenarios are impossible to imagine, so it’s best to simply prepare for anything.

How to Be Sure You’re Properly Prepared

When it comes to preparing and evaluating your data backup solutions, you should regularly go through the process to make sure that the strategy is sufficient. You need to make a routine out of it so that the plan can be administered in a moment’s notice. Malware, natural disasters, and other threats aren’t going to wait until you’re prepared, so take time to evaluate your processes and ensure your employees are aware of them, too.

This frequent testing should be designed to evaluate the technical aspect of your disaster recovery plan, as well as your team’s ability to carry it out. As you collect data from these tests, you need to update the plan and resolve any issues that become known. There is no room for error in your recovery tests, as the future of your business depends on it.

Tests to Run

Here are some of the types of backup tests that you should administer on a semi-regular basis:

  • Walkthrough Test: This is simply a basic review of the plan, reading it over to ensure that everyone involved remains updated to any possible changes that may have been made.
  • Tabletop Test: Similar to a tabletop game, someone from each department comes in and is given a hypothetical disaster scenario. Each team member should explain what they would do in their given scenario. This is useful in revealing possible shortcomings in a business’ existing strategy.
  • Parallel Test: These tests are meant to evaluate how well the restoration process works, using a virtual machine to “restore” your system, which continues to run in your usual infrastructure.
  • Full Interruption Testing: This test is one of the most in-depth, but also the most risk-laden, as it could lead to actual downtime. In fact, some industries have regulations barring this kind of test, so be sure to double-check with your IT resource that this option is available to you.

Disaster recovery is such an important part of the success of your business that you can’t take any chances with it. The elements we’ve covered today provide a great foundation that every business needs to consider when developing a disaster recovery plan. If your company is ready to take the necessary steps to protect your business and ensure can completely recovery in the wake of a disaster, call IT Support Guys today to learn how our right-sized Disaster Recovery as a Service (DRaaS) solution will safeguard your company from the unexpected. Speak with a Disaster Recovery Engineer today at 855-4IT-GUYS (855-448-4897).

About the Author

Michael Yantz

Michael Yantz is the Marketing Manager at IT Support Guys, with a passion for data, marketing and technology, you'll find him writing about the latest IT news, security alerts, crafting copy, creating emails or tinkering with integrations. Unless sleeping, he's probably in front of a few screens or at the dog park with his Shiba Inu named Raiden.