Why You Need a Disaster Recovery Plan and How to Create One
If you have a business and operate a website, you should seriously consider creating and implementing a disaster recovery plan (DRP).
If you have a business and operate a website, you should seriously consider creating and implementing a disaster recovery plan (DRP). Whether it’s from natural disasters (like the fire affecting a major datacenter in France in March), hacks or data breaches, you want to mitigate any potential losses and plan your response strategy before disaster hits.
Remember, your hosting provider will generally only be responsible for the value of the hosted service itself, and not lost revenue or the (often priceless) value of your data, so plan accordingly!
What is a Disaster Recovery Plan?
A disaster recovery plan (DRP) is essentially a roadmap outlining procedures that enable the recovery of critical systems (like your website and its data) after a human-caused or natural disaster situation. This plan should also include the people and tools involved in the recovery process to minimize loss as much as possible.
What’s at stake? You could experience revenue loss, customer attrition, and your reputation may be irrevocably damaged. The money and time involved in identifying, solving then finally ‘cleaning up’ after the disaster (including added strain on customer service) could all impact your bottom line substantially.
So how can we minimize some of these potential losses? Let’s explore how a disaster recovery plan can help.
How to Create a Disaster Recovery Plan
It’s important that you have a plan for specific situations and know how to quickly implement the steps required to reduce losses and get your website back up and running again as quickly as possible.
Here’s a simple outline on how to create a proper disaster recovery plan:
Identify potential threats
These could include:
- Natural disasters like earthquakes, typhoons and fires
- Problems with critical vendors, like your data center, CRM, backend payment system, etc.
- Data/security breach like getting your data stolen or website hacked
- Unintentional deletion/loss of data
You can also inquire with your web hosting provider, on whether or not your backups are stored within the same data center, or multiple locations. This can further mitigate any risks to complete data center losses, although a rare occurrence.
Identify a disaster response team
Your team members should be included in the disaster recovery planning process to offer their expert input, or at least be made aware of their role and trained in each disaster recovery process you’ve outlined.
The team may consist of system administrators, developers, managers, customer service agents, communications specialists, or your legal department.
Document your recovery plan
You should be identifying the following:
- Internal and external teams and/or vendors
Who should be involved in this process? - IT resources
What software, platforms, hardware and other resources do you need to implement a recovery? - Budget
How much money will it cost, for continual backups, and including man hours and downtime hours (revenue lost), to support this process? - Communication channels
How will you bring awareness to customers or respond to the public, knowing your website is likely inaccessible at this point? - Testing your process
What can you do to test your recovery process to be sure it’s sound before disaster hits? - Audit process
How will you determine whether or not you were successful? What do those markers include? Timing, budget, customer attrition rates etc. - Disaster avoidance/mitigation
What will you do to avoid these disasters altogether, or mitigate the risks further?
Document an incident response plan
As part of the DRP, you’ll likely want to create an incident response plan which includes:
- Preparation
Creating the right processes and procedures for responding to a security attack - Identification
Creating a process or system that can detect and identify when a threat occurs - Containment
Limiting the amount of damage from an attack, through timeliness and isolation - Eradication
Eliminating the root cause of the issue - Recovery
Restoring your systems and returning to your preferred system state - Lessons Learned
Highlighting what went well, or what could be improved upon in the process
As always, avoiding disasters or preventing them from happening altogether is preferred.
Prevention is always better than having to implement a cure!
How to Prevent Major Disruptions
Even with a well documented DRP, your recovery process may not be effective if you haven’t already taken the following important steps.
Invest in security
You should be aware of and invest in the proper security measures and tools to keep your website secure. This should include protecting your website with SSL certificates, and scanning your website regularly with a monitoring service, like Security Protection. Once identified, fix or patch possible bugs or vulnerabilities in a timely manner. Consider delivering regular security awareness training to your team (and yourself!).
Create frequent backups
Perform backups of your website and databases often. The backup frequency can vary based on your website’s activity, but we recommend daily backups. Your web hosting provider should be able to provide some form of automated backups.
In addition to relying on your provider’s automated backup service, consider saving a copy of all important website content and changes on your computer or on a secondary storage, in case of major disruptions. Test your backups at least once per year.
Avoid single points of failure for your website
If your website provider’s datacenter experiences a catastrophic failure, are they equipped to recover backups and get your service up and running at an alternative site? While rare, major hardware outages or more generalized networking outages or natural disasters at a single site is always possible.
As such, it’s important to choose a provider that has a presence in multiple physical locations, and that provides some level of redundancy so that your website’s data is stored across multiple redundant storage units.
CWH hosts its web hosting data on redundant storage arrays, meaning that if a single drive were to fail, others would take over automatically while the faulty drive was replaced. Furthermore, CWH operates out of multiple datacenter locations, ensuring business continuity can be maintained even in the most dire of situations.
Secure all your accounts
In addition to using separate strong passwords for all your logins, consider using a secure password manager like LastPass or 1Password and enabling 2 factor authentication for access to your account. This keeps your account information and data much more secure.
Protect your domain names
This can include enabling Domain Privacy Protection and domain locking, to prevent unauthorized transfers of your precious domain names by malicious users.
Choose a reliable provider backed by uptime guarantees
Choose a web host provider that offers a minimum of 99.9% uptime guarantee, and has the team and equipment in place to quickly respond to any incident that may arise, at any time.
So, tell us, do you have a disaster recovery process and have you ever had to use it? Let us know in the comments below!