How to Create an Effective Disaster Recovery Plan

March 8, 2018 Eric Dosal Eric Dosal

When most people think of disaster recovery, they tend to think of big natural disasters, such as fires, floods, or earthquakes. However, in the cybersecurity space, not all disasters are natural. Many businesses are struck by man-made disasters in the form of cyberattacks that corrupt data or render vital assets nonfunctional.

Whether your business faces a natural disaster or a man-made one, having a disaster recovery plan (also known as a “DR plan” or DRP) in place is vital for ensuring a quick recovery after the disaster occurs. But, how can you create an effective disaster recovery plan for your business?

Here are a few simple steps you can follow:

Step 1: Audit All of Your IT Resources

Before you can plan for returning everything to “normal,” you need to know what normal looks like for your business. Part of this is knowing what all of the disparate assets are that exist on your business’ network infrastructure.

By creating an inventory of all of the IT resources on your network—and what data each resource holds—you can begin to consolidate and streamline things to make it easier to backup and recover information in the future.

Step 2: Find a Remote Data Storage Solution

When your business is hit with a disaster that wipes out your primary data storage solution, that data may be lost forever if you don’t have some kind of remote backup.

For example, say a ransomware attack hits your business and all of the data on your primary database gets encrypted. If you have a remote backup of all the data on that database, then you can simply reformat and sanitize the corrupted drives, and restore the data from the backup.

While time-consuming, it’s better than losing all of the information you had—and paying a ransom doesn’t necessarily mean the criminals will actually give you the encryption key to restore your data.

Also, if the assets storing your data are physically damaged, such as by fire, flood, or physical tampering, you can use the data stored on the backup to cover for the loss. This helps to minimize business disruptions.

Right now, the gold standard for remote data backup would be cloud-based solutions that can automatically download and copy data every few days (or even every few hours). Unlike older, manual backup methods where users would have to copy data to a disk or USB drive, backups via a cloud-based solution can be carried out at any time, and without having to dig out a piece of physical media.

However, physical media backups, while slower and more cumbersome to deploy, are also easier to isolate from infected systems by keeping them offline until they’re needed. This makes them less likely to be corrupted by ransomware malware and the like than auto-updating cloud storage.

Of course, there are more robust solutions than simple data storage. Some companies that offer disaster recovery solutions have complete cloud computing environments that can handle traffic while your primary network is down to minimize disruptions.

Step 3: Determine What’s “Mission-Critical”

Odds are that your business processes and stores a lot more data than you might think, and that much of that data is redundant or not really crucial for you to keep things running. During the course of your IT asset audit, you’ll likely have come across a lot of data sets that just aren’t that important.

If you try to copy every bit of data from every IT asset in your network to a backup server, that’s going to take a lot of processing power to handle. By sorting out the unnecessary or redundant data, you can reduce the size of the backup file that you have to make—saving storage space and expense later.

This is also a good chance to exercise some good data hygiene by removing extraneous files from endpoints they don’t need to be stored on.

Step 4: Create a Test for the Recovery Plan

Creating a DR plan for your business is one thing—it’s another thing altogether to know that plan will work when you need it. For this reason, it’s vital to have a method for periodically testing your disaster recovery plan.

When creating this test, consider the following:

  • Single Points of Failure. Are there any systems that lack redundancy in your recovery plan? If these single points of failure encounter a problem, can you still carry on with your recovery plan?
  • Recovery Time. How long from the start of the test does it take to restore bare minimum functionality? How much longer for things to return to normal? Consider these recovery times and investigate how you could make them faster.
  • The Type of “Disaster” Being Simulated. Are you running a test that assumes that data on your network is corrupted, or is the data inaccessible because of damage to the assets at your office/datacenter? Consider how different types of disasters may affect your recovery options and needs.

Keeping the above in mind when creating a test can help you find ways to improve your disaster recovery plan in the long run—which can help make your business more resilient against disasters large and small, natural or manmade.

Need help setting up a disaster recovery solution to make your business more resilient? Contact the experts at Compuquip Cybersecurity for more helpful advice!

back-to-cybersecurity-basics