Are Your Disaster Recovery Testing Strategies Up to Date?
Every business needs to have a solid disaster recovery/testing strategy in place.
No matter how much you might presume that the likelihood of a large-scale disaster is slim, even a more benign cyberattack is a possibility. Sometimes these threats could even come from within. Regardless of the origin, cyber sabotage can severely compromise the security of your business data.
If you've been attacked, how do you come back from such a setback? With a variety of disaster recovery products and features on the market, the best ones incorporate backups, plans, and alternatives to restore operations in case of a major IT disaster.
We recommend performing a comprehensive disaster recovery exercise monthly, but we're aware this isn't necessarily the most practical method if you want to check in on smaller specifics on a more frequent basis.
Here are some smaller scale testing methods you can use between official monthly checks:
1- Plan review. This basic approach puts the people responsible for business continuity and disaster recovery in a room to meet and review existing process documentation and pinpoint any areas that need changing or updating.
2- Tabletop exercise. Key players play out a scenario so that you can fully explore response times and procedures. All team members describe how they will act, given the scenario's circumstances, under the guidance of a trained facilitator. This approach can prove especially effective in uncovering any gaps or planning errors in protocol and execution.
3- Full-scale exercise. The goal here is to simulate a real-life disaster and to involve the company at large. Such an exercise generally requires actual system and employee downtime, just as would occur in a real emergency situation.
4- Assemble a team. In some businesses, a single individual is often charged with key continuity and recovery duties. But if that person is off sick or away on vacation? The business is left powerless if no one else knows how to execute the recovery plan. That's why several people should take on an active part of planning and testing, even if they're not in IT. Train several individuals in essential business continuity and disaster recovery responsibilities. Redundant backups can be people, too!
5- Document everything. Keep an audit trail off all your findings. There's little value to testing if you don't document every aspect of the exercise, such as issues that turn up (expected and unexpected) and why those issues arose, the length of time required to successfully complete the test, and anticipated costs related to system and personnel downtime. The more details, the better.