Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. View our editorial policy here.

17 Musts to Drive Your Disaster Recovery Strategy

Determine what customers can and can’t live without. “Some applications and infrastructure are must-haves, some are unimportant and some are might-have-to-haves,” says Edward Minyard, a Certified Continuity Manager with consulting firm Accenture.

2No Title

Continuously exercise your plan, testing it for flaws and weak points. A disaster or imminent crisis is not the time to be hoping and praying that your plan is effective. “All the best technology in the world can be defeated by one end-user that isn’t up to speed on policies or threats, isn’t paying attention or is duped by social engineering,” says Bruce Tucker, President and Founder of Network security solution provider Patriot Technologies.

3No Title

In the military, the term is "hotwash," which is a debriefing that takes place immediately after an incident, says Minyard. After-incident reports are integrated into plans to address similar incidents were they to occur in the future. “There needs to be a constant cycle of plan, test, evaluate, modify that is continuously running in the background as situations arise.”

4No Title

Having a neutral go-between that can deliver the results of vulnerability assessments to potentially sensitive administrators and executives objectively is incredibly valuable. “It doesn’t happen often, but sometimes folks in charge can be very political and can get extremely defensive about their decisions” and they can be afraid of losing their jobs if certain weaknesses are exposed, Minyard says.

5No Title

Preparedness means assessing potential situations and making adjustments to mitigate disasters. For instance, in a call center with hundreds of employees seated two feet from each other is rife for the spread of disease, and measures should be put in place to protect employees in the event of infection. “You are not going to be able to get your business done and keep running without personnel,” Minyard says.

6No Title

Many organizations assess the risk of various individual threats and base security strategy and risk assessment on the average probability of these events occurring. “This is unacceptable,” Minyard says. Instead, plans and responses must be developed to address each individual threat.

7No Title

It’s a pretty common refrain in the security industry, but it bears repeating – take a holistic approach to securing people, technology and processes. “Without looking at all of the components, a security strategy is about as useful as patching one side of a levy,” Minyard says.

Subscribe for updates!

You must input a valid work email address.
You must agree to our terms.