If COVID-19 taught us anything, it’s the need for businesses to be able to adapt to the unexpected. So, what’s the answer to creating a robust disaster recovery strategy?
Tim Mercer, CEO at secure cloud technology specialist Vapour, offers his thoughts…
1. Make a plan
It sounds like a flippant comment to make but when formulating an effective disaster recovery strategy, the clue’s in the title. A strategy is very much that – strategic, planned.
So, for a DR strategy to take shape, organisations need to look ahead and consider different scenarios. It’s impossible to predict every eventuality but a sense of preparedness is key.
2. Test the plan
That strategy then needs to be rolled out and tested. Otherwise there’s no way of knowing its likely effectiveness and what needs to be tweaked to better protect the business should disaster really strike.
Some organisations – pre-lockdown – had already prepared for what would happen if the office ever became out of bounds, for instance. But the devil is in the detail. So, imagine the shock – and impact – if colleagues’ tech hadn’t been set up or was later found to be faulty when the pandemic struck.
It could be something as simple as this or far more complex, which has the potential to cause unnecessary disruption when business continuity is crucial.
3. Consider the equipment required
Recent tech headlines revealed how difficult it became for many firms – even resellers – to obtain kit when lockdown was announced. A number of businesses didn’t have a complete DR strategy in place for this type of scenario, which generated unprecedented demand levels in an extremely short space of time.
In an ideal world, a tech inventory would be drawn up way in advance of any type of potential disaster occurring – from a virus outbreak to a cyber attack or workplace fire. And that inventory should list everything colleagues will need to be productive and maintain ‘business as usual’ as best they can, including IT and voice equipment – and perhaps even video collaboration technology. ‘Bring your own device’ (BYOD) protocol is also advised.
4. Be clear on connectivity
Secure network connectivity is even more crucial than the physical hardware that will be required, and this may be where specialist input is required.
For example, organisations need to think about their server location and bandwidth to enable easy data access. If servers are physically based at a company’s HQ rather than in the cloud, there’s a risk that the internet pipe won’t be big enough to support the many employees trying to access data remotely. Consequently, they won’t be able to retrieve the information required to do their jobs.
Also consider the impact of VPNs, which may allow employees to bypass standard office-based internet restrictions, even accidentally. This could present potential security issues.
5. Balance budget with expectations
The DR strategy needs to be not just embraced but driven by an organisation’s most senior figures, and budgets should reflect expectation. All too often, companies want the slickest, most fool-proofed solution available, yet won’t dedicate financial resources to match.
Sadly – and perhaps unsurprisingly – you get what you pay for, so cut IT spend at your peril. Yes, cost control is important, but what about the cost of an outage? A hack? A staggering drop in productivity? Customer dissatisfaction? Business non-recovery? These numbers are far tougher to accommodate.
The DR plan itself should be clearly communicated to staff in advance, if applicable, but ongoing conversation is just as important – if only to maintain morale when the workforce has the potential to feel disconnected. Employee engagement may be deemed a ‘softer’ side of the strategy, but a company is nothing without its people, especially during difficult times.
7. Be clear
Specific policies need to be clearly defined and circulated. Such documents can offer guidance and/or stipulate protocol, on everything from browsing habits, to the usage of personal devices, rules on social media accounts and company equipment being used by people who aren’t employed by the business.
8. Beware of cybercriminals
Fraud, hacks and scams are all too common, particularly during times of widespread crisis. COVID-19 phishing emails professing to offer much-needed information on the pandemic are reportedly up by 40%, and messages seemingly directed to remote workers from employers’ IT departments will also be frequently received. Employees need to be educated on cyber safety so that they can remain vigilant against such threats.
There are some fantastic services out there, including ones that send simulated phishing emails to unsuspecting users to test how they respond in a controlled and safe environment. This helps identify which colleagues are most in need of training.
It goes without saying that the implementation of firewalls – as well as up-to-date patches – is also critical.
9. Enlist the right support
Does the organisation have the right level of IT support either internally or on an outsourced basis, to help activate and continually manage the DR strategy? Does the skill-set exist to investigate and fix an outage quickly? Will charges be incurred to try and retrieve data from the cloud?
Resources need to be carefully evaluated and ideally secured in advance. If it becomes clear they don’t exist when the DR plan is activated, the appointment of an outsourced tech firm is probably the quickest way to fill any gaps.
10. Evaluate experience
A DR strategy should achieve multiple business objectives, with the priority invariably being to keep the organisation running. But customer experience must be a close second.
Can customers contact the people they need to? What are the waiting times? And call abandonment rates? Keep an eye on the metrics that matter and don’t ignore the data if it depicts worrying trends.