Cyber-attack. Hurricane. Earthquake. Fire. Flood.
Disaster strikes. You have no access to your network and your data. What do you do?
Here in the Carolinas, we can throw a dart at a dartboard to see what kind of disaster will hit us next, so we have to be prepared for anything. Let’s say it the disaster is not man-made but natural: a hurricane, fire, flood or earthquake (thank heavens we don’t get many severe earthquakes here).
After ensuring the safety of family, the next big question is “How do you keep your business going?” The answer is: Have a solid business continuity plan in place.
What is meant by business continuity?
It's one of those things that’s exactly what it sounds like: the ability to continue doing business after a disruption. Technically, business continuity can best be defined as 'the processes, procedures, decisions and activities that ensure that an organization can continue to function through an operational interruption.' There is, however, a lot more to it than that.
What we’re talking about is the ‘Big Picture’ plan, but it includes other plans - the crucial, but smaller Backup and Disaster Recovery Plan, and the smaller Incident Response Plan.
Here's how we experience these plans:
1: Something happens, like a phishing attack. Whether it’s successful or not, an Incident Report must be generated and sent immediately to management, or straight to your IT support, where if action needs to be taken, the recovery begins.
2: A successful attack, like ransomware initiates the protocols and procedures in the Backup and Disaster Recovery Plan to initiate the full recovery.
3: While for cyber-attacks, the threat and recovery are contained without referencing the big Business Continuity Plan, that plan comes into play for natural disasters. For example, this plan will establish the steps for an orderly evacuation in the case of a fire.
How does cloud computing support business continuity?
It depends on how much of your operational infrastructure you have placed in the cloud. Regardless of what happens to your physical office, either:
1: Your data and operations are still there in the cloud, and anyone who accessed it before can still do so – from anywhere on any connected device – from desktops, laptops, notebooks, or smartphones, while any affected devices are ‘cleaned up.’
2: If you only use the cloud for data storage, your operations will lag behind while you restore functionality to affected works stations by retrieving data from the cloud.
With full operations in the cloud, even if your office is destroyed, you can simply have your employees work from home. They will only need their login credentials to access your cloud and keep working. This unfortunately does nothing for destroyed inventory or manufacturing machinery. For that part, you will still have to deal with your insurance company.
You can rely on the cloud to save you from a man-made disaster, like a data breach or Ransomware, which falls more directly under your Backup and Disaster Recovery plan, where the only restoration necessary is to restore your data and operations while the office remains intact.
What happens after a data breach?
As noted above the very first step is generating the Incident Report. The employee alerts the manager to call IT support, whether an in-house department or a 3rd party IT consulting service. One of the benefits of using a top-notch Managed IT Services firm like ITFIRM.COM, is that with their proactive monitoring, their Help Desk technicians should already be getting alarms that your system has been breached.
However, if your IT team is not yet aware of the breach, inform them right away so they can stem the tide of the attack, isolate and lock down the malware involved and assess what data needs to be restored.
ITFIRM.COM configures our clients’ cybersecurity to isolate and trap the malware in the initially infected device to prevent spread. Any reputable and experienced member of the Charlotte IT Community should have these policies and procedures in place.
But it’s not over yet - these are only the first steps, and they are only a small part of a comprehensive Backup and Disaster Recovery Plan. This is the point where the plan is implemented. Your IT services team, in conjunction with management, will now do the heavy lifting to restore normalcy to your network operations.
How do you write a disaster recovery plan?
Refer back to that old saying, “If you fail to plan, you are planning to fail.” This is of paramount importance when it comes to a Backup and Disaster Recovery Plan. Putting an effective plan together requires a thorough process with pinpoint attention to detail.
Here are the basic steps required to put together an all-inclusive and reliable plan:
1: Commitment from Top Management
If the boss isn’t committed to it, workers probably won’t be. From the top down, everyone must be on board with the plan. The IT support crew will do the behind-the-scenes work, but it is company management that must coordinate the plan with the employees, so their involvement and commitment to the plan is the first absolute necessity.
2: Establish a Planning Committee
Be sure to include all department heads, especially the head of IT, whether internal or outsourced. All areas of the company that would be affected by the disaster must be represented. The committee will define and delegate duties and define the scope pf the plan and will set the standards for those activities listed below.
3: Perform Risk Assessment
It's crucial to assess and analyze potential dangers to all areas of the organization for the possible impacts and consequences of each possible disaster scenario. For example, a fire will present some different consequences than a Ransomware attack. Risks and the costs involved in responding to and minimizing the exposure as a result of the various possible disasters need also be analyzed.
4: Set the Priorities
Remember, ‘first things first.’ Establish the ’pecking order’ and importance of all areas of Processing and Operations. Typically, data and communications should come first because they allow other areas of the organization to continue. In manufacturing, the shipping department goes last because they have nothing to ship if nothing is being manufactured.
5: Determine Recovery Strategies and Tactics
Each department will probably need slightly different procedures, so determine what steps will need to be taken and who will take command of ensuring those steps are performed. The objective, much as for those in ‘Priorities’ above, is to avoid confusion and enable the continuity of business while the disaster is being addressed. It is crucial to establish what is to be done and by which key personnel.
6: Write the Plan
This plan should NOT be written in stone as it needs to adapt to the evolving threat matrix, but it needs to be in writing. Usually, it’s best to start with an outline, but the final plan in a standardized format must adhere to every small detail in understandable, non-ambiguous wording. The idea that any part of the plan could be open to ‘interpretation’ must be avoided. All functions of all departments must be clearly assigned.
7: Establish Testing Criteria
Don’t expect your plan to be perfect the first time out. It’s important to test your plan and ‘tweak’ it as you go. Develop reliable testing procedures that allow you to foresee any weak spots and make adjustments. Surprises on the day of the actual disaster are a disaster of their own.
8: Test it!
Once you’ve established your testing criteria, use it. Perform the first test, based only on the plan and the testing criteria, and update the plan as needed. A plan is rarely proven ‘bulletproof’ the first time. It was 19th century Prussian Field Marshal Helmuth von Moltke who is credited with saying, “No plan of operations reaches with any certainty beyond the first encounter with the enemy's main force” – later shortened by other commanders to “No Plan Survives First Contact With the Enemy.”
Another way to look at it as Mike Tyson said, “Everyone has a plan until they get punched in the mouth.”
10: Finalize and Approve the Plan
Once all adjustments have been made based on your testing, and it has been approved by management and your IT services, finalize the plan – for now. Testing should be scheduled at regular, agreed-upon intervals. The world changes, as does technology, so follow-up tests may show inadequacies that were not present when the final plan was approved.
Cloudian offers a comprehensive guide to writing a reliable Backup & Disaster Recovery Plan HERE.
Frequently Asked Questions
What is the difference between having good backups and having a good disaster recovery plan?
Without reliable and tested data backups in place there is no real data recovery from a disaster, at least from an IT point of view. Once the data is gone, and exists nowhere else, a typical business will not survive. You need both. If you have some sort of IT support, but do not have either backups or a disaster recovery plan in place, perhaps it’s time to re-evaluate the quality of whoever is taking care of your IT.
What are the different types of data backup locations?
Local Backup – Not just on a server, but a designated storage device that is only connected to the network during data transfer.
Cloud Backup – Offers slower but more secure backups.
Cloud to Cloud Backup – Even the cloud can be hacked. Keep a spare.
What is the best method for data recovery?
Depending on the nature of the disaster, it will always be fastest to restore data from your local backups, which may not be available in the event of a fire, flood or earthquake – at that point, rely on cloud backups, which are slower, but safely offsite.
Does the cloud save you money?
At first it may look like an extra cost, but the savings are there. Shifting to the cloud does more than eliminate the need for costly hardware like servers and full workstations. It also opens a realm of savings, stretching from reduced infrastructure costs—saving companies an average of 20% annually, and the nebulous value of increased speed and productivity as well as slashing facility and cooling expenses.
How secure is your network?
As a longstanding, reputable member of the Charlotte IT Support community, ITFIRM.COM offers a FREE, no-risk network and cybersecurity assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation to ever to use our Managed IT services.
The two best defenses are next-generation network cybersecurity to protect your data from theft, and a top-notch Managed Services Provider (MSP) to ensure continued reliability and defenses against newly emerging threats.
We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
Planning an Office Move?
Contact ITFIRM.COM today! We have the experience to ensure a seamless transition. After the office move, your employees will arrive at the new location to find their IT infrastructure ready and open for business!
For more information on office moves, or to receive your FREE no-risk network and cybersecurity assessment, just fill out the form on this page or call us at:
704-565-9705
