Disaster Recovery Plans for Remote Working

When outages and systems go down in the office, the effect is immediate. A sudden buzz of activity, your team leader or supervisor cascading directions–you see the organisation bristling to life to defend itself in the event of a natural disaster or cyberattack.

Over the past year, the pandemic has thrown a wrench into the disaster recovery plans of most companies. Most, if not all businesses, have found a large portion of their workforce suddenly working from home. Many have had to use devices outside of the company network, sacrificing security for function. “The challenge COVID presented was the speed at which companies had to enable their employees to work remotely. It is possible that some security controls were bypassed, shortchanged, or not anticipated as a result,” says Nasrin Rezai, CIO at Verizon.

And bad actors have eagerly exploited the new vulnerabilities and confusion following lockdowns and mass work from home directives. Half of manufacturers have reported being targeted by cyber-crime, according to Make UK. A third of businesses now feel more at risk as a direct result of work from home arrangements.

Revise and Test Systems

Remote work is unlikely to go away, now that employers and employees have seen–albeit by necessity–that it’s feasible. Around 73 percent would like to continue working from home some of the time. 

That means companies will need to revise existing DR procedures to account for the risks created by a more hybrid working arrangement. The first step would be to stress test the existing plan to identify new pain points, especially if your employees were not working from home prior to the pandemic.

Update Your Documentation

Buying and integrating software is typically a long process of evaluating business cases, securing buy-ins from management, and training and onboarding users. However, some of these procedures may have been bypassed in the sprint to get operations online last year.

As a result, some data or apps may not be protected by the same robust backup systems from before the pandemic. Companies need to pull these assets back into the fold to mitigate the risk of catastrophic data loss and minimise disruptions in the event of the loss of employee-owned devices. 

In addition, the importance of new technology will also have to be re-evaluated. One of the key performance metrics of a DR plan is how long systems can stay down before a company suffers irreversible damage. Identifying which of the new apps are mission critical will let you know what to prioritise and help you stay a comfortable distance away from your point of critical failure.

Make Sure Employees Understand Their Roles

Your disaster recovery plan and security is only as strong as the weakest point in your network. Often, that means the person sitting behind the screen. “One of the biggest challenges during a real-life event is finding yourself in a situation where key personnel do not understand their roles in the overall process,” says Nicholas Merizzi, a principal analyst at research firm Deloitte.

In the office, checking in with people could be as simple as dropping by their cubicle. With people working from home, the logistics are a bit more complicated. Managers will need to take a more proactive approach. For instance, by setting up video meetings to check in individually. There also needs to be more accessible visibility into the schedules of everyone on the team, to make coordination easier in the event of an outage or security breach.

Roles will need to be clearly defined. Businesses need to know who has access to backup files and resources in order to minimise the time it takes to activate disaster recovery procedures.

Plan Around People

Normally, you’ll have most of your cloud backups or native cloud applications hosted by a data centre closest to your place of work. With remote working, your employees might be checking in from numerous areas around the country.

You’ll want to look at backup options as failsafes. Plans should also account for regional power outages or disasters. “Are the right people with the right skills actually available, healthy, and able to get to a technology facility? And secondly, are they able to access and enter an office or data center, and is it possible to safely work and maintain the correct COVID-19 protocols within that space?,” says Merizzi. Establishing a plan of action per area will help reduce the confusion and back and forth emailing when outages occur.

There’s also the availability of your point people to consider. While most restrictions are being eased across the UK, the more contagious Delta variant has seen cases ticking upwards again. Vaccinations lower the likelihood of death. It won’t, however, guarantee immunity against the disease. Businesses need to appoint alternates in case any of the key executors of the plan fall ill.

The pandemic has plunged the world into a remote working experiment. More than a year later, the findings for many organisations are clear: it’s viable, and a majority of employees want to permanently work from home at least some of the time. Current disaster recovery plans have to be re-evaluated against these developments, or companies risk placing themselves under undue risk, even after people return to the office. 
Evolvit can help you restructure your recovery strategies and help you figure out how to strengthen your organisation’s resilience and information security in these more uncertain times. Book a free consultation today.