Developing a disaster recovery plan for your business is important, no matter what industry you’re in or what how big your company is. Plenty of large companies found themselves in the headlines last year due to security breaches. Many cases due to ransomware, which quadrupled from 2015 to 2016. But the threat against small businesses continue to rise too, especially since most small businesses have limited budget, staff or time to effectively prepare for or defend against such attacks. In fact, according to Small Biz Trends, nearly half of cyber attacks are against small businesses.
The number of ransomware attacks on companies quadrupled from 2015 to 2016 Click To Tweet
Note: Before you start developing a disaster recover plan, ensure you always have reliable backups – The first step to being able to quickly recover from downtime, even with the best recovery plan, is having reliable and up to date backups. Routinely download and keep several backups, each in different locations and keep them up to date. Any good hosting company will always have backups on file, but you should also do your own full backups. If you’re with Hostwinds, we offer free restoration for all hosting plans as long as you have your own backups (free restoration with our backups on file for certain plans only).
What is a disaster recovery plan?
Often referred to as a DRP, a disaster recovery plan provides clear guidance on what should be done when something happens to disrupt your business. This could be both technical and non-technical. It could be your guide to recovering as quickly as possible after a cyber attack, data loss due to accidental deletion of important files or even a flood or power outage.
If something happens, you want your business to be prepared for it. And though the specifics of a DRP can vary greatly from one business to another and for certain situations, there are some common elements that should be considered for all of them.
What is the goal?
The first thing to realize is the goal of the disaster recovery plan you’re developing. Here are some of the main goals that every DRP should aim for. If you’d like to dive deeper into devising the perfect plan, 33 security experts share some extensive insight on Digital Guardian.
Goal #1 – Reducing your risk
A good DRP boils down to reducing your risk. And the main thing to consider here is time. The longer your service is disrupted or your product isn’t available, the worse it’s going to be. Evaluate your DRP closely and ask yourself if there’s anything missing that could stop you from getting on your feet again quickly. Is there anything else that needs to be in place for you to get up and running again safely?
Goal #2 – Remember applicable regulations
In the case of a disaster, you may be forced to work from somewhere other than your official business location. If you’re in an industry with strict regulations to adhere to, they aren’t going to let you off the hook because you’re working from home, a coffee shop or a temporary office. Make sure your DRP has steps and policies in place to ensure compliance.
Goal #3 – DRP accessibility
Keep your DRP in a safe, off-site location where you have access to it at all times. If your office is flooded, the copy on your hard drive or in the file cabinet there probably isn’t going to do much good. In the event of a hacker breaching company or customer information, there’s a good chance you won’t be able to access one stored on your server. Time is of the essence, so the last thing you want is to be jumping hurdles just to get to your plan.
Keep your disaster recovery plan in a safe, off-site location where you have access to it at all times. Click To Tweet
Creating your DRP
With the above goals in mind, now you want to work on the actual plan. You need to identify exactly what’s needed for your business to be functional again. Depending on the situation, you may need to replace hardware or find new equipment. And once you’re sure you have everything needed, you’ll probably need to do some setup, backup restoration or even scout out some temporary staff.
As I said above, it’s going to vary depending on your company and the situation. But here are some general steps for laying out an effective DRP.
Identify business needs
To help guide your DRP development, you should already know the answers to these questions. In the event of a disaster, do you have:
- Anywhere to work from if your normal work space isn’t available?
- A contact list of suppliers to turn to if you need to replace hardware or hire temporary staff?
- A backup plan for communications?
- Those data backups stored in multiple locations, readily accessible at any time?
- Safety measures in place for your staff?
Answer these questions in detail and give a copy to everyone who will be helping form this DRP. Make sure anyone who might need to step into a leadership role in times of disaster also has a copy to provide clear guidance on what’s in place and what needs to be done.
Assign a timeline
Yes, bringing up time again. Time is of the essence. The longer you’re down, the more likely it is customers will start turning to someone else for what you provide. For every step that needs to be taken, assign an estimated time.
If you had to relocate everyone, with temporary communications setup, how long would that take? If you were to be the victim of a cyber-attack, how long would it be until everything is back online and safe to use? Remember that even though you could start the process of restoring everything from backups, the time it takes to be back up and running could take some time if there’s a lot that needs to be restored.
Recovering as quickly as possible will require extensive planning, but also detailed delegation. You should have certain people assigned to do certain things along the way of carrying out the DRP. Each person should know exactly what they need to do, when it needs to be done and how to do it.
For example, “John” may be responsible for obtaining backups for quick restoration. Once he’s handed those backups off to “Jane” (who knows her stuff when it comes to getting services back online), “John” then continues to contact the suppliers needed. All the while, “Jack” is contacting customers who might be affected and “Jill” is renting temporary office space.
Also, there should be several people who know how to do each task. The DRP should clearly outline who is responsible for what and in the case that they aren’t available, the next person in line to step up and do it.
Don’t set it and forget it
Once you have a DRP in place that you’re confident in, don’t just file it away and forget about it. It should be an ever-evolving, living plan that’s adapted as-needed on an ongoing basis. A plan that you create today might work well for a while, but it’s very doubtful that it’ll be effective in three years. Or even next year. You’re bound to grow. Your services change. Your hardware and software be updated.
Pull it out from time to time and make sure it’s still current. Will the steps in this plan still get you back up and running as quickly as possible? Is everyone assigned a role even still with the company? Has anything that changed that requires the plan to be updated?
What you plan for (or don’t plan for) today will have a big impact in the future should disaster strike. Don’t be afraid to talk to your hosting provider, either. They should be able to help guide you on exactly what the best hosting plan is for your business. Maybe a shared hosting plan should suffice. Or maybe you’d be better off on a fully managed VPS or your own customized dedicated server.
Customer service and working hard to maintain zero to minimal downtime is a priority here at Hostwinds. So, if you’re a customer or would like to talk to us, please use our live chat or call 1-888-404-1279 to reach one of our friendly reps and we’d be more than happy to help. Contact us here.