“By failing to prepare, you are preparing to fail.”
This quote is frequently attributed to Benjamin Franklin, and while it may not have actually been said by the Founding Father, it still teaches a valuable lesson – especially where disaster recovery is concerned. In other words, you need to make sure you have a working disaster recovery strategy – working being the key point.
To do that, you need to make sure that your backup and disaster recovery plans are effective, which in turn means you need to test them.
What Kind of Disasters Do You Need to Prepare For?
The first step to an effective disaster recovery strategy is to be prepared for as many scenarios as possible, as there are a wide variety of circumstances that could create a problem for your business.
- User Errors – While many user errors may be viewed as minor inconveniences, there are plenty of ways that a disaster can result from a simple mistake on the part of one of your users. Accidental deletions, shadow IT, and other common enough scenarios can all put your business in a bad place if you aren’t prepared.
- Key Staff Unavailability – What would happen if someone with exclusive access to key data was suddenly kept from the office, either due to some accident, a personal emergency, or some other situation? If they had exclusive access to critical business information or documents, you may find yourself stuck.
- Equipment Failures – Any business today relies on a lot of equipment, from the machines that power their processes to the infrastructure that supports them, the technologies they use to maintain communications to the basic functions of their location like lighting and HVAC. There are also a lot of ways that the equipment you rely upon could fall short, interrupting your processes.
- Malware – Malware has been a threat to businesses for a long time, evolving from the basic viruses that once plagued systems to the advanced threats that we see today. Adding to the threat is the fact that these attack vectors are constantly updated, meaning you have to stay vigilant against these threats.
- Natural Disasters – These are likely the first threats that pop into your mind when you think of a disaster that needs to be recovered from. Every place on the planet is susceptible to some kind of natural disaster, whether it’s a hurricane, earthquake, flood, high winds… you just need to identify your biggest risk, based on your location, and prioritize your preparations accordingly.
- The Unexpected – There are plenty of potential situations that don’t really fit into any of the other types we went over, but can still cause big problems for your business. While these scenarios are hard to predict by definition, you should do your best to be prepared for any situation.
How to Be Sure You’re Properly Prepared
In a word: testing.
There are a variety of preparations and evaluations you should routinely go through in order to be sure that your disaster recovery strategy is sufficient. Why routinely? Simple – while it may be the one that is updated the quickest, malware isn’t the only threat that develops over time. Take user errors, for example: new employees are likely going to be unaware of many threats at first, and the most accurate way to find out what they know is to evaluate them. There are even different means of evaluating your employees, which should be combined into a comprehensive test and delivered on a periodic basis.
These tests should be designed to evaluate both the technical side of your disaster recovery process and your team’s ability to carry it out. As you collect data from these tests, you should update the plan to resolve any issues that may have become apparent, as well as keep your test airtight and devoid of any weak points.
Tests that You Should Run
Like we said, there are assorted evaluation processes that your employees should all go through on a semi-regular basis. These include the following:
- Walkthrough Test: This is simply a basic review of the plan, reading it over to ensure that everyone involved remains updated to any possible changes that may have been made.
- Tabletop Test: Similar to a tabletop game, someone from each department comes in and is given a hypothetical disaster scenario. Each team member should explain what they would do in their given scenario. This is useful in revealing possible shortcomings in a business’ existing strategy.
- Parallel Test: These tests are meant to evaluate how well the restoration process works, using a virtual machine to “restore” your system, which continues to run in your usual infrastructure.
- Full Interruption Testing: This test is one of the most in-depth, but also the most risk-laden, as it could lead to actual downtime. In fact, some industries have regulations barring this kind of test, so be sure to double-check with your IT resource that this option is available to you.