No matter how much we analyze your network activity, or how many cyber-security conferences we attend, nothing educates us like the missteps of real-world businesses. Learning from example is by far the best way to beef up any disaster recovery plan (DRP), and the recent audit of a state government office gifted us plenty of useful information. Read on for our three takeaways from the report.
Hosting certain types of data, or managing a government network, legally binds you to maintain DRPs. After an audit of the Michigan Department of Technology and Budget, several failures lead to a trove of helpful tips for small- and medium-sized businesses attempting to create a bulletproof disaster recovery plan.
Update and test your plan frequently
One of the first and most obvious failures of the department’s DRP was that it didn’t include plans to restore an essential piece of their infrastructure. The plan didn’t include steps to restore the department’s intranet, which would leave employees unable to complete even the most basic of tasks.
The reason for the oversight? The last time the plan was updated was in 2011 — leaving out more than six years of IT advancements. If annual revisions sounds like too much work, just consider all of the IT upgrades and improvements you’ve made in this year alone. If they’re not accounted for in your plan, you’re destined to fail.
Keep your DRP in an easy-to-find location
It may seem a bit ironic that the best way to store your top-of-the-line business continuity solution is in a binder, but the Michigan Department of Technology and Budget learned the hard way that the alternatives don’t work. Auditors found the DRP stored on the same network it was meant to restore. Which means if something had happened to the network, the plan would be totally inaccessible.
Your company would do well to store electronic copies on more than one network in addition to physical copies around the office and off-site.
Always prepare for a doomsday scenario
The government office made suitable plans for restoring the local area network, but beyond that, there was no way for employees to get back to work within the 24-hour recovery time objective.
Your organization needs to be prepared for the possibility that there may not be a local area network to go back to. Cloud backups and software are the best way to keep everything up and running when your office is flooded or crushed beneath a pile of rubble.
DRPs are more than just an annoying legal requirement, they’re the insurance plan that will keep you in business when disaster strikes. Our professionals know the importance of combining both academic and real-world resources to make your plan airtight when either auditors or blizzards strike. Message us today about bringing that expertise to your business.
Published with permission from TechAdvisory.org. Source.