Why You Need a Disaster Recovery Plan and How to Create One

Why You Need a Disaster Recovery Plan and How to Create One

Share this article

If you have a business and operate a website, you should seriously consider creating and implementing a disaster recovery plan (DRP). Whether it’s from natural disasters (like the fire affecting a major datacenter in France in March), hacks or data breaches, you want to mitigate any potential losses and plan your response strategy before disaster hits.

Remember, your hosting provider will generally only be responsible for the value of the hosted service itself, and not lost revenue or the (often priceless) value of your data, so plan accordingly!

Disaster preparation

What is a Disaster Recovery Plan?

A disaster recovery plan (DRP) is essentially a roadmap outlining procedures that enable the recovery of critical systems (like your website and its data) after a human-caused or natural disaster situation. This plan should also include the people and tools involved in the recovery process to minimize loss as much as possible.

What’s at stake? You could experience revenue loss, customer attrition, and your reputation may be irrevocably damaged. The money and time involved in identifying, solving then finally ‘cleaning up’ after the disaster (including added strain on customer service) could all impact your bottom line substantially. 

So how can we minimize some of these potential losses? Let’s explore how a disaster recovery plan can help.

Disaster Recovery Plan

How to Create a Disaster Recovery Plan

It’s important that you have a plan for specific situations and know how to quickly implement the steps required to reduce losses and get your website back up and running again as quickly as possible.

Here’s a simple outline on how to create a proper disaster recovery plan:

Identify potential threats

These could include:

  1. Natural disasters like earthquakes, tornadoes and fires
  2. Problems with critical vendors, like your data center, CRM, backend payment system, etc.
  3. Data/security breach like getting your data stolen or website hacked
  4. Unintentional deletion/loss of data

You can also inquire with your web hosting provider, on whether or not your backups are stored within the same data center, or multiple locations. This can further mitigate any risks to complete data center losses, although a rare occurrence.

Identify a disaster response team

Your team members should be included in the disaster recovery planning process to offer their expert input, or at least be made aware of their role and trained in each disaster recovery process you’ve outlined.

The team may consist of system administrators, developers, managers, customer service agents, communications specialists, or your legal department. 

Document your recovery plan

You should be identifying the following:

  1. Internal and external teams and/or vendors
    Who should be involved in this process?
  2. IT resources
    What software, platforms, hardware and other resources do you need to implement a recovery?
  3. Budget
    How much money will it cost, for continual backups, and including man hours and downtime hours (revenue lost), to support this process?
  4. Communication channels
    How will you bring awareness to customers or respond to the public, knowing your website is likely inaccessible at this point?
  5. Testing your process
    What can you do to test your recovery process to be sure it’s sound before disaster hits?
  6. Audit process
    How will you determine whether or not you were successful? What do those markers include? Timing, budget, customer attrition rates etc.
  7. Disaster avoidance/mitigation
    What will you do to avoid these disasters altogether, or mitigate the risks further?

Document an incident response plan

As part of the DRP, you’ll likely want to create an incident response plan which includes:

  1. Preparation
    Creating the right processes and procedures for responding to a security attack
  2. Identification
    Creating a process or system that can detect and identify when a threat occurs
  3. Containment
    Limiting the amount of damage from an attack, through timeliness and isolation
  4. Eradication
    Eliminating the root cause of the issue
  5. Recovery
    Restoring your systems and returning to your preferred system state
  6. Lessons Learned
    Highlighting what went well, or what could be improved upon in the process

As always, avoiding disasters or preventing them from happening altogether is preferred.

Prevention is always better than having to implement a cure!
Disaster prevention

How to Prevent Major Disruptions

Even with a well documented DRP, your recovery process may not be effective if you haven’t already taken the following important steps. 

Invest in security

You should be aware of and invest in the proper security measures and tools to keep your website secure. This should include protecting your website with SSL certificates, and scanning your website regularly with a monitoring service, like SiteSafe Protection. Once identified, fix or patch possible bugs or vulnerabilities in a timely manner. Consider delivering regular security awareness training to your team (and yourself!).

Create frequent backups

Perform backups of your website and databases often. The backup frequency can vary based on your website’s activity, but we recommend daily backups. Your web hosting provider should be able to provide some form of automated backups.

In addition to relying on your provider’s automated backup service, consider saving a copy of all important website content and changes on your computer or on a secondary storage, in case of major disruptions. Test your backups at least once per year.

Avoid single points of failure for your website

If your website provider’s datacenter experiences a catastrophic failure, are they equipped to recover backups and get your service up and running at an alternative site? While rare, major hardware outages or more generalized networking outages or natural disasters at a single site is always possible.

As such, it’s important to choose a provider that has a presence in multiple physical locations, and that provides some level of redundancy so that your website’s data is stored across multiple redundant storage units.

WHC hosts its web hosting data on redundant storage arrays, meaning that if a single drive were to fail, others would take over automatically while the faulty drive was replaced. Furthermore, WHC operates out of multiple datacenter locations, ensuring business continuity can be maintained even in the most dire of situations.

Secure all your accounts 

In addition to using separate strong passwords for all your logins, consider using a secure password manager like LastPass or 1Password and enabling 2 factor authentication for access to your account. This keeps your account information and data much more secure.

Protect your domain names

This can include enabling Domain Privacy Protection and domain locking, to prevent unauthorized transfers of your precious domain names by malicious users.

Choose a reliable provider backed by uptime guarantees 

Choose a web host provider that offers a minimum of 99.9% uptime guarantee, and has the team and equipment in place to quickly respond to any incident that may arise, at any time.

So, tell us, do you have a disaster recovery process and have you ever had to use it? Let us know in the comments below!

About the author: Sally Prosser

Sally is WHC’s Marketing Manager, a passionate digital marketer who loves to help small businesses grow online (including her own)! You can find her developing her next big idea, reading books, helping women find love, and working out every morning.

See all articles from this author Interested in writing for Web Hosting Canada?
Web Hosting Canada manages fast and reliable online infrastructure with 24/7 support. Learn more about WHC