Blog

6 Best Practices for Business Continuity and Disaster Recovery Planning

What is disaster recovery?

These days, organizations must be prepared for everything and anything: from cyber-threats to natural disasters. A BC/DR plan is your detailed process foundation, focused on resuming critical business functionality while minimizing losses in revenue (or other business operations).

6 Best Practices for Business Continuity and Disaster Recovery Planning

Business leaders forget how hard it is to think clearly under the intense pressure of a sudden and unexpected disaster event, especially one that has the potential to severely impact the success of an organization. With the number of threat vectors looming today, it’s critical to protect your organization against future threats and prepare for recovery from the worst. Below are six best practice tips for creating a BC/DR plan that encompasses all areas of your business.

1. Devise a consistent plan, and ensure all plan components are fully accessible in the event of a major disaster.

You may prepare for weeks or even months, creating the best documentation and establishing resources to run to in a time of crisis. However, if those resources are useless if they’re unavailable when most needed. Many companies document their BC/DR plan in Excel, Visio, Word, or as PDFs. And while this isn’t a bad approach, the files need to be stored in a consistently available location—whether that’s in the cloud, on physical paper, or in a DR planning system. Ensuring unhindered access should be a top priority; an inaccessible BC/DR plan is just as bad as not having a plan at all.

2. Maintain full copies of critical data OUTSIDE your production region.

If your organization keeps its primary data center in Houston, don’t build a secondary backup data center 30 miles down the road. Recent events have taught us that closely located data centers are all severely impacted by disaster, and business services and data availability are hindered across nearby locations.

A general rule for maintaining a full copy of critical data and services is to keep it at least 150 miles from the primary data center. Of course, cases may exist where keeping a secondary data center close to its primary is recommended. However, these cases should be assessed by an expert consultant prior to pursuing this approach.

3. Keep your BC/DR plan up to date and ensure any production changes are reflected.

A lot may change between the inception of your BC/DR plan and the moment disaster strikes. For this reason, it should be a priority for your organization to maintain an up-to-date plan as production changes come into play.

Consider: your organization has successfully implemented a new plan, with recovery points and time all proven to work. Six months later, you’ve deployed a new application system that runs in the cloud instead of on-premise. Without an updated BC/DR plan, all your hard work would have been for nothing since you wouldn’t be able to quickly recover anything. Keeping your plan in alignment with the production environment, and practicing change management are important methods for staying on top of your latest additions.

4. Test your plan in a realistic way to make sure it works.

Without testing, a plan will never have successful execution to back itself up. In the chaos of a crisis, your untested plan will likely fail since people won’t know which parts of the plan work and which don’t. Your testing should encompass all possibilities—from a small process failing, to the entire facility being wiped out by a tornado. Included with these tests should be detailed explanations describing what’s working in the plan and what isn’t. These will develop and mature your plan over time, until business continuity is maintained even if something small is failing, and your organization doesn’t suffer any losses in revenue or customer trust. Testing also allows for recovery practice training, which will also reduce recovery time when real chaos occurs.

5. Leverage the use of virtualization

Load-balancing and failover systems are becoming more popular in the technology sector as cyber threats and natural disasters continue to affect business operations. Ensuring users are seamlessly transferred to a secondary environment creates the illusion that nothing is actually happening to your environment, allowing users to continue enjoying your services without disruption.

6. Create your plan with the mentality that anything can happen.

Regardless of how many times you test your plan, review each recovery process, or go over the points of failure, something may still go awry when the real thing happens. Always have a trusted team or experienced partner who can assist you in covering any gaps, and swiftly pull your organization out of a jam. Be sure to compose a list of priorities and, for each one, ask yourself: if this fails, what will we need to do to recover? Assume necessary personnel are not available and even make your team trade roles during the recovery period in order to spread awareness. Keep your team innovative and sharp for when something goes wrong so at least one person is aware of the right steps to take in each specific area.

How confident are you in your organization’s disaster recovery plan? Try taking our free Disaster Readiness Assessment to see how your company stacks up. Anexinet would love to help make your journey to a robust disaster recovery plan as smooth and successful as possible. To that end, check out our Disaster Recovery Kickstart and upgrade your DR Plan to eliminate vulnerabilities in just three short weeks.

Steve Silvestri
Steve Silvestri Information Security Consultant

Steve Silvestri is a consultant of Anexinet’s ISG team, focusing on Cyber Security issues, including Data Loss Prevention, Digital Forensics, Penetration Testing, and Incident Response.