A disaster recovery plan is just one step in an approach to keeping your business running well. Cyberthreats aren’t going away and new threats emerge all the time. Complete data protection requires a robust plan that includes everything from backup and disaster recovery to business continuity.
If you’re serious about crafting a disaster recovery plan that will protect your business, there are some common mistakes you’ll want to avoid. Here are 7 pitfalls we see businesses get sidelined by on a regular basis—and how you can overcome them.
1. Not having a plan at all
The only thing worse than a disaster is a disaster you’re totally unprepared for. If disaster recovery is totally new for you, don’t sweat it. Start by reading our guide to completing a disaster recovery plan.
2. Not clearly noting who is responsible for what
It’s natural to focus your data recovery plan on the data, itself, including the hardware and cloud storage you depend on. But what will keep your business going is your people.
If you have a managed IT services provider, they can certainly help, but it’s not all on them. That’s because this is about your business.
For each step of data recovery, you need to know who will be affected and who will be responsible. Consider management, employees, departments and sometimes even customers.
3. Not having a plan for communication (internally & externally)
An easy mistake to make is assigning roles for each task but not considering how people will be notified of the step in the process.
Your communication plan can take many forms, from modern solutions like mass notification through SMS messages to an old-fashioned phone tree. The specific tools you use doesn’t matter nearly as much as having a clearly-outlined plan well in advance.
Make sure everyone in your organization, as well as your managed IT services provider, is included and informed.
4. Not identifying critical processes
It’s easy to get stuck in the weeds. You know the systems you use, as well as the pitfalls and obstacles associated with each. But don’t forget the goal: business continuity.
Everything you do isn’t critical. Evaluate each process your company relies on and ask yourself what will happen if each of these processes goes offline. Having taken into account the risk associated with each process, decide which processes absolutely have to stay up and running.
Those are your critical processes. Your business continuity plan should focus on maintaining them.
5. Not having key buy-in
Disaster recovery plans affect the whole business. Because that’s true, it’s important to keep leadership in the loop about the plans and the risks.
If you’re not sure where to start, consider checking out this resource: 4 cybersecurity facts your company’s leadership team should know.
But don’t stop with the leadership. From there, make sure that everyone in the organization knows what your business continuity plan is and why it matters.
6. Not monitoring, testing & updating
A good disaster recovery plan is active.
You should be monitoring and testing. Monitoring your network will make you aware of potential issues before they have a chance to take your network offline. Proactive in testing also helps to identify potential, as well as giving you a better picture of overall risk. And system updates mitigate vulnerabilities and ensure functionality.
As your system updates, don’t forget to update your recovery plan to match your newly patched system.
7. Not mitigating risk
Disaster recovery isn’t just about preparing an inevitable emergency. It’s also about mitigating negative impact whenever possible.
A recent example of the power of mitigation is the MyHeritage breach over the summer. It affected a massive 92 million customers. But through smart, thoughtful systems design and preparation, the damage was minimal. MyHeritage didn’t store passwords directly, but rather in a one-way hash unique to each user. As a result, the breach did not actually compromise the passwords. Further, they didn’t store personal information (like credit card numbers or family tree information) that they didn’t need to maintain.
This kind of thorough, thoughtful systems approach lowered their overall risk well ahead of time. The breach they experienced could have been devastating. But their strategy turned it into a relatively minor inconvenience rather than a true emergency.