Janus Associates Blog - Bringing You Cybersecutity Industrty News and Threat Reports

Effective Disaster Recovery Tips for Your Organization

Written by Janus Associates | Oct 4, 2022 6:19:06 PM

When it comes to disaster recovery, planning is essential. In reality, however, each emergency situation can differ. No matter how organized the plan may be, it is not always possible for an organization to cover each and every variable or extended outlier during an attack.

An organization's planning process should be looked at as a way to teach your internal team about the various needs of your business, enabling them to effectively deal with any oncoming emergencies. Building an emergency response plan that works under any condition, as a result, can be a good form of action when dealing with a potential threat.

Recovery planning Efforts and Examples

What are some of the recovery preparation traps that planners often fall into? One of the most important but often overlooked concepts in emergency management and recovery planning is the assumption that the necessary people will be there when needed, which is not the case.

This means that when constructing a successful emergency recovery plan your organization is encouraged to not build its strategy or implementation around people, but rather around the process. 

During the 1994 Northridge, California earthquake, one company immediately mandated that all personnel go home, see to their family’s needs and return when they were comfortable that their loved ones were out of danger. This company believed that the employees on-site when the earthquake occurred would be able to recover their business systems more effectively and be more clear-minded knowing their families were out of harm’s way. Their decision proved to be wise since the company's systems were recovered and functional almost a full day ahead of the most optimistic predictions.  

The management of this company believed that several factors contributed to its success:

  • Most employees with critical skills were back at work within a day of the event. They were better able to function, perform complex tasks and solve problems because they were not preoccupied with family concerns.
  • There was no reason to deal with the confusion and clutter of non-critical personnel. Employees who had recovery functions to perform returned, and those who did not directly contribute to critical systems’ recovery were deemed non-essential personnel.
  • Employees were motivated by the company's concern for their family’s welfare and clearly demonstrated their appreciation with renewed enthusiasm and dedication to the recovery effort.

Recovery Tips 

During a major disaster, your organization can prepare and plan by:

  • Designing a strategy that is employee-independent. Plan for people to be absent. Identify skills, not individuals needed, and maintain a separate list of personnel who have those skills. Do not depend on any single individual to be available when they are needed. If they are present during a real emergency, consider it a bonus. Always keep in mind; real emergencies are not selective about the damage inflicted, bodily injury, hazards created, etc.
  • Throwing away the organizational chart. The best people to lead teams, organize emergency actions, and get things moving are often the ones that know the situation, know the facility, and know the system. Some managers and directors may be the best at strategic planning and administration functions, but it is usually the people in the line organization who know how to reconnect the communication links. Think about who really knows how to bring back all proper functions. Remember: Real emergencies do not respect titles.
  • Expecting and planning for a period of standstill. Knowing there is some lag time between the actual event and when people finally get over the shock, assembling, communicating, and organizing will reduce the panic of not seeing immediate coordinated activity. It also allows time for the emergency to run its course. Acting too soon after an event can waste more time (and lives). Take time to assess the situation. Real emergencies usually unfold over time.  
  • Planning for the smaller emergencies. While emergency management plans should focus on regional or cataclysmic disasters, they should also include smaller events such as an isolated fires.  Many larger events are made of a series of smaller emergencies. Hurricanes, tornadoes, and earthquakes cause fires, ruptured pipes, and damaged buildings—each an emergency situation of its own. Breaking the larger event into smaller pieces makes the situation more manageable and less mentally challenging.
  • Making all live tests as realistic as possible. Plan scenarios to include realistic variables—and do not forget to change the rules in the mid-test. You must teach people to prepare for the unexpected.  Real emergencies do not follow rules.
  • Keeping the actual time, location, and test scenario highly confidential. Only share details of what is going to happen with people who absolutely must know. Reveal the scenario in pieces throughout the test.  Real emergencies do not publish schedules or scripts.
  • Developing more inventive methods of training staff. During live testing, tap out key personnel to watch what happens.  Randomly select personnel during the test (possibly as they arrive at the scene) to be observers. They are not to participate nor advise, only observe. They will be more valuable in the post-analysis if they are not up to their eyes in the events. Real emergencies do not wait until everyone is present to happen.

No matter how well you prepare, you will encounter problems, difficulties, and hurdles. Your strategy must be devised in a way that fosters analytical thought, requiring careful planning and innovative processes.

CONTACT JANUS ASSOCIATES

Contact JANUS Associates for best-in-industry vulnerability risk assessments and more. Since 1988, JANUS Associates has helped hundreds of government agencies, commercial entities, educational institutions, and non-profits protect their infrastructure through specialized services and assessments such as penetration testing. Our decades-long experience has allowed us to achieve deep expertise in every sector and specialty that exists, including yours. 

To learn more about how a team of affordable professionals can help you secure your organization, contact our Corporate Director, Chris Kniffin.