Five Best Practices for an Incident Response Plan
Use these five best practices to create or update an IT security incident response plan.
Time to Review & Revise Your DR Plan?
One of the strategies financial advisors talk about with their clients is referred to as “set it and forget it.” The idea is that you invest funds, leave them alone and let them grow on their own. For some investors, it’s a relatively safe, low-stress approach. Some in the IT industry view the concept as a safe, low-stress strategy for disaster recovery (DR) planning as well.
That can be a disastrous line of thinking both for companies with existing DR plans and for those that are in the process of creating and implementing one.
Organizations change, as do the environments in which they work and the risks they face. Case in point: who would have thought a global pandemic would force so many companies to implement work-from-home operations and rely on web-based conferencing tools for meetings – tools that quickly became targets of hacks and security breaches?
The fact is DR plans created just last year are likely to already be outdated. As such, organizations that don’t regularly review and update their DR plan may be leaving themselves open to new threats and not taking advantage of more effective strategies.
Even for organizations that developing their initial DR plan, it’s critical to plan for periodic reviews to ensure their plans continue to cover them even as the companies themselves evolve.
Get It Now: Free DR Plan Checklist
When and Why Revisit a Disaster Recovery (DR) Plan
While there’s no prescribed timetable for reviewing and revising a DR plan, it should be done at least annually. Testing should also be included to ensure the plan works as intended.
However, there may be good reasons to revisit your DR plan more frequently, as well as to test it more often. For example, maybe your regulatory requirements have changed. Or perhaps your organization relocated to a new geographic area that puts it at risk of weather-related disasters it didn’t have to deal with previously. Even moving from a single- to multi-tenant facility can put a business at risk for manmade disasters (i.e., broken water pipes that cause flooding) caused by fellow tenants.
Staff changes may necessitate a DR plan review as well. If a key player on your DR team has left, you’ll want to make that person is replaced and new team member is up to speed. The acquisition of new IT infrastructure may also signal the need for a review, as the new assets may have introduced new application and system dependencies that need to be accounted for in the DR plan. Plus, DR best practices are always being developed. More frequent reviews of a DR plan help ensure organizations can take advantage of them.
Start Your DR Review Now
How you choose to review your DR plan ─ or plan for future reviews ─ will depend on numerous factors. However, the following are some of things to consider:
- Log changes as they occur so they can be used for reference in upcoming DR plan reviews. Those changes may include things such as new IT assets, technologies, and personnel; facility moves and changing compliance requirements.
- Conduct practical exercises to ensure all aspects of your DR plan works on-demand. If anything doesn’t work, fix it immediately.
- Provide regular training to make sure team members understand their roles and responsibilities, and provide them with opportunities to provide feedback and suggestions. That information may help you identify gaps or weaknesses in your DR plan.
- Frequently update contact information for staff, vendors, key government agencies, and emergency contacts. Make sure the information is current in your DR plan.
- If you’re handling all aspects of your DR operations internally, run cost estimates on outsourcing some or all of it. There may also be benefits other than cost savings from going with a managed DR service.
Review Your Plan with our Free Disaster Recovery Checklist
Whether you have a DR plan in place or in the process of developing one, US Signal’s DR planning checklist can help too. It covers some of the basics of good DR planning and can help you make sure you’ve covered all the essentials. You can download it for free below. If you’d like to learn more about US Signal’s DR solutions and other data protection solutions, let us know. Contact us today to get started.
Free Download: Your 12-Point DR Planning To-Do List
Additional Disaster Recovery Resources
To learn more about disaster recovery and managed DR services, check out these articles below from our blog or visit our resource center for whitepapers, e-books and more!
Related Blog Posts
Expand from Network Security to Cloud Security
Learn how to expand from on-prem network security to cloud security with these best practices and resources.
Safer Internet Day Starts with Strong IT Security
Safer Internet Day offers a reminder of steps your organization can take to enhance its IT security and combat DDoS attacks and other forms of cybercrime.