Latest News

10 steps to creating a robust disaster recovery strategy

COVID-19 has placed an unimaginable level of pressure on organisations large and small, the length and breadth of the country, as they try to adjust to a ‘new normal’. But when it comes to adapting to unanticipated change and protecting the business moving forward, what’s the answer to creating a robust disaster recovery strategy? Tim Mercer, CEO at secure cloud technology specialist Vapour, thinks lots can be gleaned from the country’s mass move to remote working. Here, he shares his top 10 tips…

1. Make a plan

It sounds like a flippant comment to make but when formulating an effective disaster recovery strategy, the clue is in the title. A strategy is very much that – strategic, planned.

So, for a DR strategy to take shape, organisations need to look ahead and consider different scenarios. It’s impossible to predict every eventuality but a sense of preparedness is key. Otherwise, businesses won’t be proactively forearmed in the event of the unexpected happening.

2. Test the plan

Once devised, the strategy needs to be rolled out and actually tested. Otherwise there’s no real way of knowing its likely effectiveness and what needs to be tweaked/fixed, to better protect the business should disaster really strike.

For many businesses, the need to relocate operations to remote locations, forms a very real part of a DR plan that will have been extensively prepared for. But, if such businesses had ordered headsets for the team to use when working from home for instance, and this equipment had never been tested prior to use, imagine the shock – and impact – if the headsets were later found to be faulty when colleagues came to use them in an emergency.

It could be something as simple as this or far more complex, which has the potential to cause unnecessary disruption when business continuity is really crucial.

3. Consider the equipment required

Recent tech headlines and anecdotal conversations in industry have revealed just how difficult it became for many firms – even resellers – to get their hands on kit when news of COVID-19 really hit home. That’s because a number of businesses didn’t have a complete DR strategy in place for this type of scenario, which generated unprecedented demand levels in an extremely short space of time.

In an ideal world, a tech inventory would be drawn up way in advance of any type of disaster – from a virus outbreak to a cyber attack or workplace fire – taking place. And that inventory should list everything colleagues will need to be productive and maintain ‘business as usual’ as best they can, including IT and voice equipment – and perhaps even video collaboration technology.
In the case of COVID-19, the benefit of hindsight is not very helpful. So, what’s important now is that businesses evaluate if any technology is missing, whether productivity is being hampered due to an absent headset, or a BYOD policy is being violated because the colleague doesn’t have a phone, and so on. In these circumstances, companies must test and adapt their DR strategies in real-time.

4. Be clear on connectivity

Secure network connectivity is even more crucial than the physical hardware that will be required, and this may be where some specialist input is required.

For example, organisations need to think about their server location and bandwidth to enable ease of data access. If servers are physically based at a company’s HQ rather than in the cloud, there’s a real danger that the internet pipe won’t be big enough to support dozens, sometimes hundreds, of employees trying to access data from their homes. In these circumstances they simply won’t be able to retrieve the information they need to do their jobs.

It is also important to consider how VPNs may be affected. Standard office-based internet restrictions may no longer work when a colleague is connected via a VPN, so while data access may be possible, any browsing will bypass the safeguarding measures that are usually in place, presenting a potential security issue.

5. Balance budget with expectations

The DR strategy needs to be not just embraced but driven by the most senior figures within the organisation, and budgets should reflect expectation. All too often, management teams want the slickest, most fool-proofed solution available, yet won’t dedicate the necessary financial resources to match.

Sadly – and perhaps unsurprisingly – you get what you pay for, so cut IT spend at your peril. Yes, cost control is important, but what about the cost of an outage? A hack? A staggering drop in productivity? Customer dissatisfaction? Business non-recovery? These numbers are far tougher for a business to accommodate.

6. Communicate

The DR plan itself should be clearly communicated to staff in advance, if applicable, but ongoing conversation is just as important – if only to maintain morale when the workforce has the potential to feel disconnected. Employee engagement may be deemed a ‘softer’ side of the strategy, but a company is nothing without its people, especially during difficult times.

Any likely disruptions – even temporary – should be communicated to wider stakeholders too, particularly customers. People are far more understanding and accommodating when they remain in the loop so transparency usually goes down well.

7. Be clear

Specific policies also need to be clearly defined and circulated. Such documents can offer guidance and/or stipulate protocol, on everything from browsing habits, to the usage of personal devices, rules on social media accounts and company equipment being used by people who aren’t employed by the business.
The policies may not be readily available for organisations that didn’t already have a plan for remote working before the COVID-19 outbreak, but they can and should be drafted now to help safeguard how people go about their job.

8. Beware of cyber criminals

Fraud, hacks and scams are all too common, particularly during times of widespread crisis. COVID-19 phishing emails professing to offer much-needed information on the pandemic are reportedly up by 40%, and messages seemingly directed to remote workers from employers’ IT departments will also be frequently received. Employees need to be educated on cyber safety so that they can remain vigilant against such threats.
There are some fantastic services out there, including ones that send simulated phishing emails to unsuspecting users to test how they respond in a controlled and safe environment. This helps identify which colleagues are most in need of training. This training can still be delivered remotely, and ongoing tips and reminders will also prove helpful, particularly when the pace of change – and in many cases fear – may cause a new level of distraction.
It goes without saying that the implementation of firewalls – as well as up-to-date patches – is also critical.

9. Enlist the right support

Does the organisation have the right level of IT support either internally or on an outsourced basis, to help activate and continually manage the DR strategy and uphold, in this case, a remote working operation? Does the skill-set exist to investigate and fix an outage quickly, if one happens for instance? Will charges be incurred to try and retrieve data from the cloud?

These resources need to be carefully evaluated and ideally secured in advance. If it becomes clear they don’t exist when the remote working is rolled out, the appointment of an outsourced tech firm is probably the quickest way to fill any gaps.

10. Evaluate experience

A DR strategy should achieve multiple business objectives, with the priority invariably being to keep the organisation running. But there can and should be secondary objectives at play too, in striving to maintain as much continuity as possible.

How will/has the customer experience been affected for example? Can they contact the people they need to? The right voice (telephony) infrastructure will prove crucial to routing calls to the right colleagues. Better still, a unified communications solution would allow employees to switch easily to another channel such as video conferencing or social media, to suit the needs/preferences of different individuals.

And, for bigger organisations, when customers do call, what is your ability to respond? What are the waiting times? And call abandonment rates? Keep an eye on the metrics that matter and don’t ignore the data if it starts to depict worrying trends.

Maintaining the employee experience is imperative too, but this is so often overlooked by firms. Careful attention needs to be paid to morale, engagement and wellbeing levels, to ensure colleagues don’t begin to feel disconnected or isolated. After all, a business is nothing without its people.