There is one thing which is certain in business and that is that things will go wrong at some point. It’s a matter of when, not if, disaster will strike. The key to recovering from any disaster is to be prepared. Taking a proactive approach in business can be the difference between an organisation surviving or folding. This is why having an effective disaster recovery (DR) plan is imperative to the survival of your business.
Why every enterprise needs a DR plan
Disaster can take many forms. It could be a natural disaster like a flood, earthquake or fire, or a human-related one such as suddenly losing key personnel. The most likely however, is an IT or computing-relating disaster. Virus infections, ransomware, targeted cyber attacks, hardware or server failure, cloud failure can all cause damaging and potentially catastrophic downtime.
We continue to see an increase in IT disasters. The average number of targeted cyber attacks have almost doubled in Australia over the past year. Microsoft report Australian organisations with more than 500 employees could be confronted with direct losses caused by cyber attacks of AU$35.9 million each, and the total direct economic loss to Australian businesses could be as much as AU$29 billion just this year.
Compounding this, downtime not only affects productivity and loss of sales but also a tarnishing of reputation. Diminishment of a brand is a figure much more difficult to measure, but arguably may be just as costly as the direct losses.
So every enterprise should be doing what they can to avoid or minimise costly downtime. This is where a disaster recovery plan comes in.
Procedures and steps
Protecting your organisation’s ability to conduct business, is the goal of any disaster recovery plan. The plan is broken down into a series of steps and procedures to help recover systems and networks quickly.
The bulk of a DR plan consists of determining an emergency response to different identified potential risks. These include how the threats are identified and how the DR plan should be activated.
Another key part of the plan is to identify the disaster recovery team, with the contact information of each member.
While many people will have important roles in planning and maintaining the plan, the specific roles of the disaster recovery team is to oversee the plan’s implementation immediately after a disaster. Each team member will have a specific and clearly defined role, with the chain of command clearly identified in the plan. Working under the CIO or senior IT manager, the team needs to work with different business units and stakeholders to ensure operations resume as quickly as possible.
Other elements of the DR plan include a plan overview, insurance details and how to deal with the media if required. Any financial or legal implications should also be highlighted.
DR plan tips
One of the keys to an effective DR plan is that it is aligned with business strategy. Business impact analysis will prioritise the critical IT systems which the DR plan sets to protect.
An IT DR plan should be kept relatively short and simple. In an emergency, information should be easy to find, current and accurate.
One of the most important parts of having an effective DR plan is not to lock it away in a drawer in case of emergency but to audit and test it regularly, through trial runs, planned outages and staff training. Depending on the results of testing, the plan should be flexible and able to be updated easily.
Businesses make big investments in their infrastructure and personnel, so it makes sense to protect those resources from destructive events and ensure business continuity as much as possible. If you’d like to discuss more about how to best protect your business or receive a free assessment, call EMPR Solutions on 1300 289 867 (AU), 0508 278 769 (NZ) or email us at firstname.lastname@example.org.