Do you know what you would do if a fire were to engulf your building? Would you be able to survive it with little to no struggle or would you be running helter-skelter, wondering what you should be doing? Whether you are dealing with a physical disaster or a cyber disaster, having a simple disaster recovery plan checklist that covers just about any scenario imaginable is a must!
Why Disaster Recovery is so important
According to this year’s Fire-Eye’s M-Trends 2020 report, threat dwell times are falling but still have a median time of 30 days in 2019. That means that on an average, attackers dwell inside the system without being detected for an entire month!
However, to combat this, the 2019 Crowdstrike Global Threat Report talks about a ‘1-10-60’ rule to combat these advanced cyber threats. You must be able to detect an incident in one minute, investigate and scope that incident in ten minutes (or less), and respond and remediate the incident within 60 minutes. Without a reputable disaster recovery plan, you will fail every time.
What should be on your disaster recovery plan checklist
1. Check the business impact and assess risk
It is essential to first identify the threat/ risk before creating any type of disaster recovery plan (DRP). It is easy to identify the most likely threats and to calculate risk by performing a risk assessment and business impact analysis.
2. Set recovery objectives
To reduce downtime and the cost of data loss, it important that this step is a part of your DRP checklist. Set key objectives with RTO (Recovery Time Objective) and RPO (Recovery Point Objective), so that you can build an optimal data recovery plan.
3. Get the team involved – assign roles and responsibilities
Identify all necessary members of a successful DRP. This may include both internal and external members. Create a list of who should be contacted first in the various threat scenarios. Keep the assigned member informed and trained on how to deal with the incident, should it arise.
4. Take extra precaution with critical documents
Every disaster recovery plan checklist should account for this step to ensure document security. These days, even the smallest businesses deal with the transfer and storage of data. It the face of an incident, it is possible that the company might face an expected loss of critical data. Recovery of such data is challenging (not to mention expensive) to do so. By storing all critical documents in a remote location, you inadvertently save your business from business disruption.
5. Recognize equipment must-haves
Create a list of tools that you will need in the face of an incident. With the list, ensure that you have a pre-approved budget for resources (recovery tools and services) to help ease flow and build a successful disaster recovery plan.
6. Keep all stakeholders informed
There have been many cases where organizations have faced incidents and not kept stakeholders informed. Such cases have led to high payouts and reputational damage, some even making headlines (not for the right reasons). Avoid the ruckus and keep all stakeholders informed at all times.
7. Regularly update the disaster recovery plan
A disaster recovery plan is crucial for every business, irrespective of a small or big enterprise. It enables you to contain the breach and ensure that the business operations are not affected. While there are many risks to not having a DRP, the foremost benefit of having a disaster recovery plan is that you will gain the support and trust of your clients, stakeholders, and law enforcement.
8. Test the disaster recovery plan to ensure totality
As technology advances, so do hacking methodologies and compliance policies. To create a sound DRP, regularly test it to ensure that the latest recommended strategies are implemented in line with the latest in the industry and the constant changes within the organization.