Don’t Be That Guy: Lessons from a Failed DRP Audit

Don’t Be That Guy: Lessons from a Failed DRP Audit

An up-to-date Disaster Recovery Plan (DRP) is not only essential to a bulletproof cyber insurance policy, but is a requirement for some businesses. Companies that host certain types of data and manage a government network are required to have a maintained DRP. Businesses that have failed their DRP audits have paid the price. Save your network some heartache by learning from their mistakes.

The Michigan Department of Technology and Budget is an excellent example of what not to do when it comes to managing small to medium-sized business DRP. Find out where they went wrong and how you can prevent their blunders from becoming your own.

They Didn't Update and Test Plans Frequently

Michigan Department of Technology and Budget's most obvious faux pas came from a simple lack of maintenance. An oversight that caused them to be unprepared when disaster struck. In this case, they were unable to restore that which kept their network running: their department’s intranet. This caused major problems for their employees and the company. Employees were unable to complete even the most basic of tasks.

As it turned out, the last time their plan was updated was 2011. This left out more than six years of IT advancements. If annual revisions sound like too much work, consider all of the IT upgrades and improvements made just in the last year. If they’re not accounted for in your DRP, you are setting yourself up for epic failure.

They Didn't Keep Their DRP in The Right Location

It may seem counter intuitive, but one of the best locations to store your business continuity solution is in a physical location, like a binder. Auditors found that the Michigan Department of Technology and Budget stored their DRP on the same network it was meant to restore. Which meant if something happened to the network, the plan would be totally inaccessible.

Keep your DRP in numerous locations. This includes electronic copies on more than one network. In addition to, physical copies around the office and off-site.

They Weren't Prepared for Doomsday 

The government office made plans for restoring the local area network (LAN), but nothing beyond that. As a result, there was no way for employees to get back to work within the 24-hour recovery time objective.

Your organization needs to be prepared for the possibility that there may not be a LAN to go back to. In the event your office is flooded or crushed beneath a pile of rubble, cloud backups and software are the best way to keep everything up and running.

Your DRP is more than just a pesky legal requirement. It’s the insurance plan that will keep you in business when disaster strikes.

Cavu Networks knows how to create a custom plan for your business in the event blizzards (or auditors) strike. Message us today.

Published with permission from TechAdvisory.org. Source.