Secure IT for Business

  • Perspective - Technical post

Why companies need a well thought-out IT disaster recovery plan

- and what absolutely belongs in it

Cyber-attack, flood, server failure or burglary: when IT systems stop working as they should, there is a risk of downtime and business disruption. Businesses can prepare for emergencies with an IT disaster recovery plan. However, too few companies have such a plan in place.

Organizations are under pressure as IT security incidents continue to rise. A recent IDC study found that 43 percent of German companies have seen an increase in cyber-attacks, and about 50 percent expect a further increase.

When a company comes under attack or other failures occur, time is of the essence: How quickly can the right steps be taken? The faster, the better. This minimizes damage and limits downtime. An IT disaster recovery plan is essential. “It should include all documents that support an appropriate response to crises and emergencies” according to the Federal Office for Information Security.

Yet only every second company has such an IT emergency plan, explains Bitkom. And only one in two employee in German companies knows what to do in an emergency. This is shown by the study “Cybersecurity in Numbers” by G DATA and Statista. In small businesses with fewer than 50 employees, less than one in three know what to do.

When does the emergency plan take effect?

Cyberattacks are not the only thing that can cause a partial or complete failure of the IT infrastructure. Employees can make mistakes and accidentally delete data or torpedo systems. Software can fail, and hard drives or servers can be damaged by malfunctions, technical defects, power outages, fires, or floods. Infrastructure can also be affected by break-ins or vandalism.

It doesn’t always have to be a major disaster like a targeted hacking attack or a data center fire. Smaller disruptions can also have a significant impact on critical business processes.

What is an IT Disaster Recovery Plan and what are its benefits?

The IT contingency plan is a manual with technical instructions and emergency measures that can be used in the event of IT problems. According to Bitkom, all companies should have one and “make appropriate preparations”.

The guide provides checklists and instructions for security teams to follow in the event of an emergency. It also provides organizational information, such as who needs to be notified when and who is responsible for what. This saves time by eliminating the need to gather this information. Documents must be accessible to all employees.

The goal of a disaster recovery plan is to limit damage and business disruption. It should also create transparency and help employees act in accordance with pre-defined instructions and maintain an overview.

Because companies need to be proactive about potential threats, the disaster recovery plan serves another purpose: It helps identify risks to IT infrastructure and critical business processes. Ideally, security gaps can be closed in advance.

The first step: Inventory

The foundation of the IT disaster recovery plan is complete and accurate documentation of all IT assets and configurations. This includes an inventory of hardware, peripherals such as printers, and software.

However, a disaster recovery plan should focus primarily on processes that are central to business operations. Core applications and processes should be defined and documented.

What does an IT disaster recovery plan or manual include?

An IT disaster recovery plan must be tailored to the needs of the company. It should be broken down into modules so that employees can quickly find relevant information. All wording must be precise and unambiguous.

For example, an IT disaster recovery plan should include the following

  • Listing of all IT assets and documentation
  • Definitions of possible emergencies, including prioritization by severity and potential damage
  • Checklists with instructions depending on the emergency
  • Step-by-step instructions with possible workarounds and emergency procedures
  • List of contacts with phone numbers and their specific roles and responsibilities in an emergency
  • Notification chain: Who gets notified and in what order?
  • Substitution rules: Who fills in when someone is absent?
  • Service provider and vendor emergency numbers
  • Directory of all access data, licenses, manuals, relevant contract data and codes, e.g. for doors
  • Instructions and procedures for restoring operations, where are backups located?
  • Crisis Communications Plan

The challenges: Keep your disaster recovery plan up to date

To be effective, an IT disaster recovery plan must be up-to-date and complete. If critical information is missing, or phone numbers or access credentials are incorrect or out of date, security teams will be thwarted in the event of an incident. It is critical that the incident response plan is reviewed and updated on a regular basis. The steps and scenarios should also be tested and simulated.

Not only is the refresher program a challenge for many companies, especially smaller ones, but so is the creation of the plan itself. IT security teams often don’t have the time in their day-to-day operations. In this case, it is helpful to bring external service providers on board to help with the implementation. The disaster recovery plan can also be implemented in stages. Each building block helps speed the response in the event of an incident.

The bottom line: An IT Disaster Recovery Plan protects, if it is followed

An IT disaster recovery plan prepares companies for disasters and crises, whether they are cyber-attacks, hardware failures, or fires. A structured and up-to-date manual for such scenarios helps employees stay on top of things and take the right steps immediately. This helps to avoid downtime and minimize financial losses.

Checklist for the Disaster Recovery Plan

To develop a disaster recovery plan, companies should answer the following questions:

  • What are critical processes and systems?
  • Which ones take priority to keep the business running? What is the maximum amount of time that parts of the infrastructure can be down?
  • What to do in an emergency?
  • What are the exact procedures?
  • Who is responsible for what tasks and has what role?
  • What actions should be taken for which incidents and at what time?
  • Who needs to be alerted and in what order?
  • How and when can the appropriate people be contacted?
  • What service providers are available and who are the emergency contacts?
  • What are the access credentials for internal and external services? How are systems configured and what licenses are available?
  • Where are data and backups stored? How can systems be recovered?
  • What are the rules of communication in a crisis?
  • How can services be restored as quickly as possible, or where can hardware replacement parts be obtained?

Related content

Automation for the Security Operations Center with SIEM, SOAR, and XDR

Cutting response times, minimizing the risk of damage: How innovative technologies cooperate in the automated defense against cyberattacks.

How to find the right Managed Security Service Provider (MSSP)

Support in decision-making: The challenges CIOs face when choosing and contracting a managed security service provider.
Cyberbedrohungen als Unternehmensrisiko – durch Schulungen und Trainings nachhaltige Security Awareness schaffen

Cybersecurity: Human vulnerability. How HR and IT managers can eliminate it

Cyber threats are a corporate risk – creating sustainable security awareness through training and education.

This microsite „Secure IT für Unternehmen“ is published by Heise Medien GmbH & Co. KG in cooperation with the MBmedien Group GmbH
with the friendly support of sponsors.

Imprint | Privacy

Switch The Language