Disasters happen, and they can affect your organization. Do you have a disaster recovery plan in place?
Why should you have a disaster recovery plan?
The goal of a disaster recovery plan is to get your business or organization operating normally again as soon as possible after a disaster takes place.
Disasters that affect businesses or organizations come in many forms. To name a few examples:
- Natural disasters like fires, flooding, earthquakes, tornadoes, and so on.
- Unexpected local or worldwide events that affect your organization, like terrorist attacks or pandemics.
- Digital or data disasters: computer system failures, data center failures, or data corrupted through hacks.
- Theft of devices, documents, or data.
- A key person in the organization becomes unavailable due to serious illness or family emergencies, or even passes away.
What aspects of disaster recovery should you consider?
- If data or devices are stolen, how will you prevent access to your accounts? How will you recover those accounts? Do you have a list of those accounts somewhere?
- If data systems fail, how can you restore the data? Do you have backups?
- What if you or another key person in your organization is incapacitated? Who can take over those responsibilities? How will the new person be able to access accounts or documents they need? Who will notify clients about the situation, and what should they say?
You may also hear this called a business continuity plan. The idea is to keep your organization ticking along in spite of difficulties that arise. If there isn’t overlap in team members’ responsibilities, and you haven’t designated a person to be in charge, don’t waste another minute.
In March 2021, major European host OVH had a fire at one of their data centers. This wreaked havoc on their own business, but also on their clients’ business. If something like this affected your business, how would you recover?
How can I create a good disaster recovery plan?
Consider the disasters that may arise and the consequences they could have on your organization. Some examples:
- If the risk is a loss of data, consider how to create and store backups so the files are accessible and can be restored quickly.
- If a device is stolen, think about how you can block access to accounts the device has access to. Use a password manager like Dashlane, 1Password, or LastPass to store your passwords, to make this step easier since you can see which sites you have saved.
- If data is stolen through a website breach or other system breach, how will you inform the affected parties? Do you need to notify authorities? Do you need to take other legal action?
- Before a key person in the business becomes unable to perform his or her role, list out the responsibilities of that role and who would take over in case of problems. Then make sure the substitute is trained and has access to files, passwords, or anything else required to perform the duties of the position.
- If your web host’s servers go down, would you be able to restore the site elsewhere relatively quickly? Keeping your domain name registrar separate from your web host may also help in this type of situation.
- Make a plan. If your office building is damaged, can your employees work from home? Do they have computers and access for a remote work situation? Are they trained in security and do they use a VPN?
You might consider making a table like this one, listing out potential disasters and risks and the corresponding mitigating measures you can take ahead of time. Then if you need it, all you have to do is pull it out and follow the steps you’ve outlined.
This example is a high-level overview provided as a suggested starting point, but we recommend you make more detailed steps for each item. Make sure you include as much information as possible on how to handle each item so that if the need arises, you are prepared. We also recommend reviewing your plan at least once a year to update it as required.
The second most important part of a disaster recovery plan – the first being the creation of the plan itself – is backups. You need to back up your data on a regular basis, redundantly, and off-site. We cover the basics of a good backup plan here.
Make a communication plan
How will you communicate with your team in case of emergency? If other people or organizations outside your own are affected by the incident through your organization, how will you inform them of the incident and keep them apprised of new developments? OVH put up information on their website to inform clients of the incident and progress on restoration. They also emailed customers and suspended billing for those affected. As part of your disaster recovery plan, make a detailed communication plan as well to inform your stakeholders and / or clients.
Know who you can call on for help. If your website’s server goes down, call on your web developer for reaching out to your host to find out what’s going on, or for help getting your site back up elsewhere if the host is down for an extended period or has recurring downtime. If your computer system goes down, make sure you have IT people you can call on to fix it. Know who your experts are for each situation and how to reach them.
Consider a quick start list
A quick start list is a checklist of what your organization needs to have or to do to get up and running again as quickly as possible. Items it might include:
- A contact list of your employees and technical or service contacts (building manager, accountant, web hosts, web developer, IT consultant…)
- A list of who is responsible for what during the emergency
- Email accounts you need to access or re-configure
- Programs and license keys for installation
Creating a disaster recovery plan takes time. It’s difficult to make time to handle it when we have work every day that seems more important. But without a plan in place, your organization could suffer needlessly from an incident it would otherwise be able to recover from.
Note: Some links on this page may be affiliate links, and we may gain a small commission should you purchase a product through these links. We only recommend products we like and use.