3 common mistakes your peers make with their disaster recovery plans

May 29, 2019

Have a disaster recovery (DR) plan? That puts you ahead of many of your peers.

But that doesn’t mean you can – or should – stop there.

In fact, companies are making some serious mistakeswhen it comes to the way they set up and maintain their program.

And that can cost you in everything from time wasted to customers lost.

Hard-learned lessons

Take a look at where other companies are coming up short, so you don’t, too.

Mistake #1: Not enough “data redundancy.” That sounds like it’d be a good thing, but it’s not. For the sake of business continuity, you want to have the same data stored multiple ways, both on- and offline.

Consider the 3-2-1 strategy:

  • 3 copies of your data
  • 2 different environments to store them, with
  • 1 copy offsite.

Mistake #2: Inadequate recovery capabilities. This is when the cloud can cause trouble for some. If you’re using the cloud simply for storage, you may run into recovery issues.

The best use for the cloud in DR? As a service provider so that it manages your data, which should keep downtime to a minimum.

Mistake #3: Over-backing-up. Fact: You don’t need backups of everything. If data isn’t changing you only need to archive it. And there’s probably plenty you can toss.

What’s left is what needs continuous backup so that if the worst happens you aren’t caught short.

Best practices for testing

Even the most carefully-crafted disaster recovery plans need to be tested.

To ensure your disaster recovery plan won’t come up short when you need it most, consider these three testing best practices:

  1. Have “unexpected” people run it. Sure, your payroll manager knows how to get paychecks out the door, even in less-than-ideal conditions. But what about your A/R clerk? She may be one of the only people to make it in to the office during a disaster. So you want to rotate the folks who test your plan to make sure it’s usable to anyone.
  2. Create very specific scenarios. Many DR plans focus on what happens in “an emergency.” But there are plenty of different things that can go wrong. Make sure your company’s plan is being tested under a variety of possible scenarios: The server is down, power is out for a short period of time, your phone systems are down, etc. How would you react in each?
  3. Don’t trust “smooth” results. Disaster Recovery test go A-OK? You may not want to stop there. Experts say that’s a pretty good sign that you may not have dug deeply enough. The whole point of DR testing is to find weaknesses you can shore up – no one is ready for everything. If your test came up clean, think about making some adjustments and running it again.

Of course IRS also wants you to take certain steps  to safeguard your data from disaster so you’ll want to incorporate those in your plan.

This article originally appeared in May 16, 2019 in the CFO Daily News email and was written by Jennifer Azara.

Posted in Security