How good is your disaster recovery plan?

You may think you know all about disaster recovery plans (DRP) from attending conferences or reading up on the subject. But one of the best ways to learn is by example, and the following real-life case offers valuable lessons. Learn about the DPR audit of a state government office and the knowledge gained from it.

Hosting certain types of data and managing a government network legally bind you to maintain DRPs. After an audit of the Michigan Department of Technology and Budget, several failures led to a trove of helpful tips for small- and medium-sized businesses attempting to create a bulletproof disaster recovery plan.

Update and test your plan frequently
What was one of the first and most obvious failures of the department’s DRP? It didn’t include plans to restore an essential piece of their infrastructure — the department’s intranet. Without it, the employees are unable to complete even the most basic of tasks.

The reason for the oversight? The last time the plan was updated was in 2011, leaving out more than six years of IT advancements. If annual revisions sound like too much work, just consider all of the IT upgrades and improvements you’ve made in this year alone. If they’re not accounted for in your plan, you’re destined to fail.

Keep your DRP in an easy-to-find location
It may seem a bit ironic that the best way to store your top-of-the-line business continuity solution is in a binder, but the Michigan Department of Technology and Budget learned the hard way that the alternatives don’t work. Auditors found the DRP stored on the same network it was meant to restore. Which means if something had happened to the network, the plan would be totally inaccessible.

Your company would do well to store electronic copies on more than one network in addition to physical copies around the office and off-site.

Always prepare for a doomsday scenario
The government office made suitable plans for restoring the local area network (LAN), but beyond that, there was no way for employees to get back to work within the 24-hour recovery time objective.

Your organization needs to be prepared for the possibility that there may not be a LAN to go back to. Cloud backups and software are the best way to keep everything up and running when your office is flooded or crushed beneath a pile of rubble.

Your DRP is more than just a pesky legal requirement. It’s the insurance plan that will keep you in business when disaster strikes. Our professionals know the importance of combining both academic and real-world resources to make your plan airtight when either auditors or blizzards strike. Message us today about bringing that expertise to your business.

Published with permission from TechAdvisory.org. Source.


Email is the primary avenue of attack for most cybercriminals, who use it to target individuals and businesses with phishing scams, ransomware attacks, and other cyberthreats. Learn how email security maintains the integrity of your emails, accounts, and data.GET A FREE COPY NOW!
+