Most companies have some sort of disaster recovery plan in place, but many plans don’t survive an actual disaster. Recovery procedures are often filed away and forgotten about, with plan drafters carrying on with day-to-day work believing they’ll refer to the plan if the worst occurs. But, because these plans are often not tested, updated, or reviewed, companies tend to overlook big problems with their disaster responses until a flood, theft, fire or hack happens and it’s time to put the plan into action.
This is an important situation to solve – your business can’t simply stop just because something happened. After a disastrous event, you and your employees need to keep working to maintain cash flow and client relationships. You won’t have extra time to figure out how to rebuild the business. Take it from us at Prime Secured, we've been there ourselves!
On the other hand, it’s easy to see how something like disaster recovery planning can fall to the wayside. We would venture to say most companies either don’t believe a plan is needed or think they don’t have the time to spend on something that doesn’t bring in revenue.
Some companies believe they’ll just figure things out if a disaster happens. Others make the mistake of believing their firm is not important enough to be the target of something like a ransomware attack—but hackers don’t care what your data is or who else may be interested in it; they believe your data is important to you and you’ll pay to get it back.
Even when disaster plans ARE in place, not everyone knows about them. Would your teams know what to do in their departments when things go wrong?
Preparing for disaster recovery needs to be more than a set of steps written on an obscure document. Your plan needs to be tested, updated, and reviewed so your company is ready to act and maintain operations.
The following are the three biggest mistakes we believe most companies make when preparing for a catastrophe. As you read, ask yourself if your company is making these mistakes and how you might mitigate the problems so you can rest assured that your disaster plan will actually help when the time comes.
Problem 1 — The Disaster Plan Hasn't Been Tested
Disaster recovery plans can often be theoretical. The realities of a catastrophic system failure, natural disaster or ransomware attack catch many people off guard, even if they believe they’re prepared. For that reason, it’s important that any plan be tested, so you can be confident it functions. You need real-world testing to know your plan will really work.
For example, many organizations already back up important data—but they don’t realize the realities of retrieving it. “Some companies just back up to the cloud.” Explains Justin Ekstein, Solution Engineer with Prime. “But if your server crashes and you need to get the data quickly, it can take days or even weeks to get that information back. Is that acceptable? Some businesses can’t last if they lose days or clients over delays.”
Companies also sometimes fail to consider where data will be downloaded to. Where will you get replacement equipment if your office is destroyed or inaccessible? If you lose most of the equipment in your building—how long will it really take to get back up to speed? It’s important to find out.
No matter how you decide to prepare, every aspect of your disaster recovery plan should be tested. That way, you and your team will know for sure what to do and you’ll spot any potential problems well ahead of time. Not sure how to test your plan? Ask your managed services provider (MSP) to help (see more about this below). They’ve seen plans fail and know how to help you avoid it.
Problem 2 — The Disaster Plan is Out-of-Date
Another common mistake is assuming that because you made a plan, it will stay relevant. But while the plan sits filed away, things about your business change. You might introduce new systems or important employees might move on, leaving your plan with a missing link.
For this reason, your disaster recovery plan should be regularly reviewed. You could list it in your annual operations plan. And make sure your disaster plan is comprehensive enough in the first place to cover any major changes in your business, so you don’t lose vital functions if something happens. When making significant changes in the way you operate, consider how those changes should be reflected in your disaster plan, and make any necessary adjustments.
Problem 3 — No One Knows What the Disaster Plan Is
When things go awry, you won’t have time for an impromptu training session. If employees don’t know the plan , on the day a disaster hits the plan may do little good! As a group, you need to know what to do as soon as something goes wrong.
For one thing, if employees don’t know what to do, they may make snap judgements, which often do more harm than good. “It’s easy to panic and just start doing things,” says Ekstein. “If you know your plan, you have a clear decision and all you have to do is run through the steps. Having the process all laid out helps you have a clear head.”
For instance, some people’s first reaction to a ransomware attack is to reset all the equipment. However, this deletes important information that can tell you what happened. Among other problems this presents, you may find that without direct evidence of a hack it will be difficult to get your insurance company to cover damages.
The solution is periodic review of the plan with all employees—maybe even consider providing opportunities for practice with mock disaster events. You can’t act totally on instinct during a disaster. Make sure your entire staff is mentally prepared and knows what the plan is, so everyone can move forward with a cool head.
A Solution to Disaster Planning Problems: Managed Services
Whatever the disaster, an MSP has probably seen it before (or something like it) and knows exactly what to do. A firm such as Prime Secured can use the extensive knowledge and experience of its staff to get you operating again in no time, so you can continue to focus on your normal daily operations.
“When something happens, any organization will need an army of IT people to be up and running in a reasonable time,” says Brandon Nyffeler, director of MSP operations at Prime. “They’ll be overwhelmed with so many different people to talk to and problems to solve on top of their normal operation, and if they don’t have a sizable IT staff, it can be a problem. An MSP can help with recovery. They’ll have the experience and knowledge you need to get up and running faster."
A managed services provider can also store your data in a secure location and ensure you have ready access when you need it. In addition, Prime for example has extra equipment on hand, ready to use if you need fast replacements. If you engage a provider that offers a virtual chief information officer, that person can provide the executive expertise to help you prepare for disaster and plan steps to recovery.
You don’t need to face disaster alone. And if you wait for a disaster to strike, it will be too late. Consider working with a managed services team that can share its experience bringing businesses back from destruction, whether it’s the weather, malicious hackers, or major hardware failure. Don’t get caught off-guard—get a functional plan in place so a disaster doesn’t spell the end of your business.
If you believe it would help your organization to draw on the expertise of a managed services provider for your disaster plan, consider giving Prime Secured a call. Visit us at www.primesecured.com and we’ll show you how working with a managed services provider could help you protect your business.