4th Mar 2019

What makes a good Disaster Recovery plan?

A successful organisation is the one that is prepared for every eventuality. Disasters can befall any business, big or small, and you had best be prepared to deal with the fallout or you will get swept away in the tide. This means it’s key to have a Disaster Recovery plan. Why? What should go into it? This blog post explains all you need to know by asking: What makes a good Disaster Recovery plan?

It’s a total disaster

Your organisation can be hit by natural or man-made disasters at any time. Whatever the cause, both can be a nightmare to recover from and damage your bottom line. Natural disasters include the likes of floods and fires. To illustrate how damaging this can be, numbers show that the financial cost of natural disasters in the US during 2017 climbed to a record high of US$306 billion.

Man-made disasters can be just as bad. Examples of these include hacks – for instance, the average cost of phishing and social engineering attacks for UK businesses is now £960,000, and it takes at least 20 days to deal with them. Various other things fall under this umbrella from infrastructure failure to hardware damage, as well as the loss of staff due to illness.

Cyber-threats everywhere

Even employees can pose a risk. A UK government study shows that over half (54%) of businesses and charities have a basic cyber-security skills gap. Given the inherent nature of cyber-threats to a digital economy, such a gap isn’t sustainable. It means that anything managed on-site by your staff will be more vulnerable to attack because there’s a shortage of skilled cyber-security professionals.

These professionals are expensive to hire, and the tools used to monitor online environments for cyber-threats are costly, compounding the issue further. Keep in mind that according to data, insider threats account for 74% of business cyber-security incidents, so the danger of this kind of disaster is all too real. It’s exactly this type of thing that Disaster Recovery plans are designed to address.

The Threat from Within – It’s getting easier to commit internal fraud, and they know it!
Learn how to improve security and reduce the risk of fraud when it comes to business payments.

Disaster Recovery plans

This brings us to a key question. What is a Disaster Recovery Plan? It does what it says on the tin. Disaster Recovery plans allow you to recover from a disaster and get operations live again, with minimal damage, as quickly as possible. Disaster Recovery statistics gathered by global IT services firm Phoenix Nap show that 96% of businesses with a Disaster Recovery solution in place fully recover operations, illustrating why it’s so important to have one in place for your organisation.

The need for speed

There’s one vital component that any Disaster Recovery plan needs to have, to be effective. Speed. Just think. Customers, staff and suppliers expect organisations to respond quickly in this high tech, interconnected age, and if you don’t, they’re often all too willing to go elsewhere. Say your social media channels have gone down. There’s evidence to suggest that 60% of users expect a response from brands on Twitter within an hour, so if they have to wait they won’t be too happy will they?

Here’s the rub. People expect speed, but unless you’re prepared, it’s hard to recover from a disaster quickly. Those statistics gathered by Phoenix Nap indicate that over 50% of organisations have experienced a downtime event in the past five years, that was longer than a full workday.

The objective: business continuity

The need for speed demands that Disaster Recovery plans do one thing. Enable business continuity so you can operate again as normal as soon as possible. How can you reach this objective?

There are a variety of common-sense measures you can include in your Disaster Recovery plan, depending on the requirements of your organisation. This ranges from taking out the appropriate insurance (e.g. contents insurance to safeguard against flood damage) to identifying and planning for the most likely risk factors. It’s also wise to set up remote working solutions; that way if disaster renders your office uninhabitable, your employees can work from home.

You can include various solutions into your plan for man-made disasters too. Perhaps a member of staff is sick. Having an affordable freelancer on the books may help you account for this. What about if someone makes a mistake – say while they’re putting together a payment file. Segregation of Duties can be used to solve this issue, as no payment will be processed with a second pair of eyes signing it off.

There are several common-sense ways you can address cyber-breaches in your plan. This includes offering your IT team regular training to keep up with hackers, creating an effective communication strategy to manage the reputational damage and updating security settings on your devices when news of cyber-attack breaks so you’re not left vulnerable. It’s also a good idea to educate staff generally about how to avoid cyber-attacks with online educational resources such as uSecure.

Live in the cloud

We would also argue that data protection and recovery is a key consideration when looking into Disaster Recovery. For this, it’s wise to embrace a cloud-based solution.

The consequences of not including data protection and recovery strategies are serious. Those Phoenix Nap numbers show that 93% of companies without Disaster Recovery who suffer a major data disaster go out of business within a single year. So how can the cloud be leveraged for this?

The cloud is an ideal solution for storing and backing up data – protecting against even hardware failure (something that’s responsible for 45% of total unplanned downtime). This is because the data is stored on servers held in extremely secure locations. With this, you can make sure you don’t lose key customer details in a disaster for instance, so you can start trading again as quickly as possible. The AccessPay platform is cloud-based so you can keep processing payments whatever happens.

Time for contingency payments

Speaking of payments, any effective Disaster Recovery plan must include contingency payments solutions – Always have a Plan B. By taking this action, you can still pay suppliers on time, receive customer payments etc., making sure your cash flow remains stable. There will be serious consequences if you can’t process payments. As an example, say due to a disaster you’re forced to pay a supplier late. This could do everything from damage your supply chain to ruin your organisation’s credit rating.

Key payments solutions

This brings us to a pivotal question. What are the contingency payments solutions you should be looking at? To put our answers into context, let’s say you submit payments via bank portals at the moment. If you experience a hack that stops you from accessing your portal, things will get difficult, as most banks don’t offer alternative payment options other than telephone banking.

One thing to consider is setting up payments automation via straight through processing instead of using bank portals. The benefit of this strategy is that it lends speed and predictability to your payment operations. You can process countless transactions in just a few minutes instead of hours, and once automation is set up you don’t have to physically be there to green-light payments.

Watch Webinar – Our product and implementation specialists share their industry expertise on the best practices for a payments automation or business transformation project.

You need to think about how you’re going to authorise payments in the event of a disaster too. This is traditionally done via smart cards, but these are physical devices which can be lost, stolen etc. You also have to install on-premise software (often Gemalto) and you’re restricted to doing submissions from one device in your office. If you can’t access your office due to disaster – or the smart card device is compromised – you may not be able to authorise payments. HSM is a good alternative.

HSM (Hardware Security Module) is “a hardware-based security device that generates, stores and protects cryptographic keys that authorise individuals to submit payments”. There are several advantages to authorising payments with HSM. This tech lives in the cloud – meaning it can be accessed remotely. HSMs are also attributed to an organisation, not just one staff member like with smart cards, providing you with more flexibility.

The best defense is a good offense

The solutions we’ve gone over in this article are crucial for a Disaster Recovery planning if you want to get up and running again as quickly as possible. But the best defense is a good offence.

The best strategy for dealing with disasters is to get preventative. It’s wise to invest in security and fraud prevention tools that reduce the likelihood of disasters in the first place. AccessPay offers the best-in-class security features like 2FA enhanced workflows and data masking (which can be integrated easily into your back-office systems), that you require to stave off disasters like fraud.