Information Technology (IT) disaster recovery planning (DRP) is a critical component of any successful business in today’s digital age. However, many Los Angeles investment advisor firms make mistakes while planning and implementing their plans — and some of these errors can be attributed to avoidance.
Because disaster planning is not a pleasant outlook, it sometimes gets rushed or managers simply believe that their organization will be lucky enough to avoid a catastrophe. Other issues arise due to poor documentation and unrealistic recovery expectations. However, recovery planning is important and should begin with the creation of an inventory of IT hardware, software applications, and data, as well as the development of recovery strategies.
Let’s address four of the most common mistakes that are made by LA investment advisors when developing their disaster recovery plans.
1. There is No Written Disaster Recovery Plan In Place
When IT departments concentrate their attention on complicated tasks, such as data replication and virtual infrastructure mapping, they may forget one simple but crucial step: putting together a written disaster recovery plan.
Survey research shows that 40% of organizations don’t have a document disaster recovery plan in place, and only 40% of the companies that do have a plan test it at least once each year. This disturbing trend highlights the lack of preparedness of many companies when it comes to the event of any type of disaster, including cyberattacks.
A thoroughly thought-out and documented plan is key to successful recovery. Managers need to know in advance which steps to take and who is responsible for each component — these are not tasks and issues that should be decided while in panic mode. All written plans also should be stored off-site for easy access in the event of an emergency.
2. Only Having On-Site Backup
Although an on-site backup is a critical part of any good IT disaster recovery plan, backups also should be stored at a different location for an added layer of protection. If a natural disaster strikes your office, such as a fire or flood, or the company server crashes, having secure, easily accessible and restorable backups at an alternate location will be the only way to get your firm back on its feet again.
3. Failing to Backup Data Not Stored Centrally
LA investment firms, particularly larger firms, tend to forget about outlying data repositories. This means that critical business data that may be stored on desktop computers, laptops, tablets, and smartphones may be at risk of becoming lost, stolen, or destroyed. Even before bring-your-own-device (BYOD) policies became standard, it was not uncommon for companies to overlook PC networks and branch offices in their data protection plans.
4. Planning Tests Instead of Testing Plans
Many recovery tests are inadequate because they are controlled from start to finish and also are limited to an individual system. Disasters, on the other hand, are events that defy control and there’s no way to predict which systems will be affected. When recovery tests are set up for success, there’s no way to confirm they’ll survive an actual disaster scenario until one occurs.
The amount of planning surrounding a test should be minimized — with only management being informed in advance — in order to achieve more realistic responses and so that the plan’s feasibility can be accurately assessed.
The Bottom Line
When done properly, disaster planning is a complicated and time-consuming process, which is likely why mistakes are relatively common and relatively few companies have continuity plans. According to the 2018 Global State of Information Security Survey, 44% of more than 9,500 executives in 122 countries don’t have an overall IT security strategy, and 54% say they don’t have an incident-response process in place.
Does your company have an IT Disaster Recovery Plan in place? And has it been properly documented and tested? Share your insights in the comments box below.