How Create a DRP (Disaster Recovery Plan)
Wowser! The ransomware attack that hit the NHS among other organisations and businesses late last week, wreaked potentially catastrophic results across the world. It’s something that tends to go to the bottom of the priority list, but a DRP (Disaster Recovery Plan) is an essential item for any business. You need it not just to protect you from cyber attack, which is definitely on the rise, but also from the possibility of physical disasters, like a fire on your premises. So how do you put one in place? Follow these steps.
7 Steps Towards a DRP
1. What are the main risks to your business? You can’t predict the future, but it’s worth thinking through what are the most likely disaster scenarios your business is vulnerable to? Is it fire? Data-theft? Flood? Plan in most detail for the most likely scenario, but don’t rule out other possibilities.
2. Make a list of jobs and key personnel. Identify which jobs you need to have up and running as quickly as possible and which are less critical to the immediate functioning of the business.
3. Work out a communication fan-out system. Who is responsible for notifying all your employees of the implementation of a DPR and keeping them updated? Larger firms break this out into several smaller lists. Ensure that your employee contact details are kept up to date and that printed lists are kept off-site. Keep copies with every member of your fan-out system. Also, decide who will front with the public about updates. Figuring all this out in advance will save you time and stress if the worst happens.
4. Plan how the immediate functioning would work. In the case of physical disaster where can key personnel work from in the first stages following a disaster? Are they all able to work from home? Will they need office furniture, phones, laptops etc. to do so? If so, make a list of what will be required in the first instance. This will save you time.
5. Think about temporary office space. It obviously wouldn’t be possible to rent out an alternative office, just in case, but have some ideas of what to do next. A list of local estate agents that manage office spaces and a list of shared working spaces near your office or in a central location where most employees can travel to relatively easily, are a good start.
6. Budget for what you need. Once you know who the key personnel are and what they will need immediately to keep the business running, list it clearly and cost it. This will make life easier in the early stages when dealing with your insurer about what you need to tread water.
7. Keep your DRP safe. Once you have completed your plan, make sure you share it with key personnel and arrange for copies to be stored off-site. There’s no point in making your plan if it goes up in flames with the rest of your office!
What Else Should You Do?
In addition to your DRP, there are some other measures you should take to protect your business. They include switching to cloud computing and data back-up.
1. Cloud computing. Although the cloud is not any more safe from ransomware attacks if security measures are not adhered to, it does allow you to access your data and files from anywhere. So, if your computers have been destroyed and your key personnel are forced to work from home, they will be immediately able to access the files and data they need to pick up and carry on.
2. For your online accounts, use extra security features such as two-step authentication where possible. Don’t share logins and know who your users are.
3. Make sure you invest in a sound data back-up process that makes sure your essential records are as up-to-date as possible, at all times.
4. As the NHS has learned the hard way, make sure you install security updates promptly and use the latest version of your chosen software, as well as appropriate anti-virus and browsing protection.
Related from Artisan Accounts