All businesses should develop a clearly defined Backup and Disaster Recovery (BDR) plan for their data in the event of business continuity issues such as hardware or infrastructure failure, fire or flood.
There are some essential questions which should be considered when outlining a Disaster Recovery plan, including;
Who holds overall responsibility for managing the business data backups & their integrity?
Who is responsible for recovery of business data in the event of any disaster?
How long would it take to recover data from the current backup solution?
Can the data be restored to different devices/hardware models?
What is the software and process used to reconstruct a working system?
Depending on the scenario do we need to reconfigure any hardware or software manually?
We recommend ensuring all procedures are up to date and have been tested by more than one member of staff. Ideally your Managed Service Provider will have a plan or policy on your behalf to restore and test data as we do for our clients.
Step 1. Assess the risks to the business
These are not likely to be aliens, even floods and fires can be unlikely. The most likely business disasters are failures that include hardware, software and infrastructure, with fire and flood proving less likely. Statistics point in recent months to increased likelihood of cybercrime including fraud and virus attack being the most likely loss of data and service to SME businesses.
Typical risk assessment areas include;
1. Review of current data backup policy
2. Assess aging hardware assets purchase dates and warranty periods
3. Log all software licence info, collating expiry dates, version and support life details
4. Gather all data on your current systems, passwords and user permission details
5. Collate data on externally provided items e.g. hosting, domain details, website login details
Step 2. Review the current data backup policy
Ensure there is a current data backup policy in place. Review and test the policy, checking that data can be recovered in a suitable period of time from a business continuity perspective.
Step 3. Develop replacement hardware policy
Assess aging hardware purchase dates and warranty periods. Using your risk assessment coupled with age and warranty periods, develop a rolling hardware replacement policy. Ensure that budgets are allowed for future replacements
Step 4. Assess software age, licences, version information and end of life schedules
Using your risk assessment, identify software which is no longer licenced or supported. Ensure you have budgeted costs for the replacement of the software. Consider your update schedules and how regularly software is updated within the business. Often industry specific software is updated regularly due to legislative amendments, where other software can fall behind and become outdated or obsolete without updates being applied.
Step 5. Create a list of users, facilities and permissions for regular review
Gather your user details, their permissions, usernames, email addresses and passwords. Ensure that you know which users have access to which areas of the business systems. Verify user restrictions and be prepared to review policy information on password changes and to include staff departures from the business.
Step 6. Collate data on externally provided services
Gather your business information for externally provided services such as domain names, website information, logins and access details. This should include relevant registrant and hosting details, along with permissions and email addresses for administrative details. This information is critical to protect the business against leaving staff and malicious lock outs from various accounts. It should include social media accounts on all platforms, removal of staff links to personal accounts and the creation of a business account for all aspects which is not accessible for only one member of staff, but for a team.
From risk assessment to development of initial Disaster Recovery information an outline plan can be created within six relatively straightforward steps.
If you would like a Workbook which allows you to complete the relevant steps easily, contact me and I will forward it to you allowing you to complete the form and retain the data gathered.
Jacqui Offen is Director of J&J Systems Limited
It is recommended for businesses to develop a clear backup and disaster recovery plan, especially for their data in such event that a big disaster would come in their place or areas like fire or flood. It’s always better to be safe than sorry after all.