According to Techopedia, disaster recovery is defined as:
a set of policies and procedures which focus on protecting an organization from any significant effects in case of a negative event, which may include cyberattacks, natural disasters or building or device failures. Disaster recovery helps in designing strategies that can restore hardware, applications and data quickly for business continuity.
Albert Einstein famously said, “In theory, theory and practice are the same. In practice, they’re different.” We bring that up here because, in the case of cyberattacks, natural disasters, or building or device failures, designing strategies isn’t going to help. The only thing that’s going to help is getting the business up and running again as quickly as possible while mitigating damage, risk, and the potential for recurrence.
Should you incur what Techopedia refers to as a negative event, you need to triage — to prioritize things in order of importance. You need to minimize your losses of time, data, money, and credibility:
- Shut down your compromised network and get it rebuilt on new hardware.
- Identify your critical IT assets and determine their maximum allowable outage time.
- Protect and secure your vital assets while minimizing the effects of the attack.
- Find and eliminate the attackers.
- Conduct the necessary crisis communications, including notifying all affected employees and customers.
- Assign specific roles and responsibilities to your employees during the recovery process.
- Contact your cyber liability insurer to make sure any claims incurred are adjudicated appropriately.
- Contact your legal counsel to gauge potential liability and help with breach notifications to credit monitoring agencies.
No one can predict when cyberattacks, natural disasters, or device failures will take place. But given the increasing prevalence of cyberattacks and the proliferation of cyber criminals, operating a business without a disaster-recovery plan in place — or operating a business without a trusted business partner to create and execute that plan — is like driving a convertible through Sniper Training School: You might actually make it through unscathed, but why in the world would you even try?
Be safe. Look ahead. Strive for the best but plan for the worst.
As Robin Williams said, “Reality. What a concept.”