Ten Steps to Protect Your Association's Assets In the Event of a Disaster

By Paul Chisholm

Would you be able to recover all of your association's data if your server crashed? Could your association continue operations after a power outage, flood, fire or other disaster? A disaster recovery plan is essential to ensure you can recover quickly and effectively from an unforeseen disaster or emergency, thus avoiding significant business interruption and loss.

Disaster recovery is not something that only big business can do. Contrary to what you might think, it doesn't have to be cost-prohibitive. In fact, many of the following ten tips, such as offsite data backup, can actually be quite affordable to associations which outsource those services to a managed services provider.

Here are our ten tips to an IT disaster recovery plan.

1. Devise a disaster recovery plan. To begin, define what is important to keep the association running. Do your employees need access to email? What about your membership software? How will members get in touch with you? Secondly, you need to define the "recovery time objective" or how quickly the association needs to be up and running post-disaster. Other key plan components to consider are who within the association declares the disaster, how employees are informed that a disaster has occurred, and what method of communication to use with customers to reassure them that the company can still service their needs.
2. Monitor implementation. Once you establish your disaster recovery plan, you should monitor it and revise it as needed. A disaster recovery plan should be viewed as a living, breathing document that can and should be updated frequently.
3. Test your disaster recovery plan. Test your disaster recovery/failover system once per year, to ensure that it actually will work in the event of a disaster. The effectiveness of the disaster recovery plan can only be assessed if rigorous testing is carried out in simulated realistic conditions.
4. Perform offsite data backup and storage. This is a critical, often overlooked step. If you're not doing so already, switch to automatic online backups, stored at an offsite, secure data storage center, to protect your association's critical assets. Every association should backup its data at least once daily, and even more frequently depending on how often your database and other critical information changes. To decide how frequently to perform backup, determine your "recovery point objective" (RPO) – the time between the last available backup and when a disruption could potentially occur. Tapes used for backup are notoriously unreliable, for a number of reasons.
5. Perform data restoration tests. Just as you should test your plan, you should also test the data restoration process itself. The backup software and the hardware on which it resides need to be checked daily to verify that backup is completed successfully. If you're using tape backup (which we don't recommend), store the tapes in an offsite location that is secure and accessible. Otherwise, make certain that you have offsite replication if the backup is not run offsite initially. Additionally, perform monthly test restoration to validate that a restoration can be accomplished during a disaster
6. Backup laptops and desktops. Backing up servers does not provide your association with adequate protection. Even if you require files to be stored on the network, not on individual machines, important data will still be located on employees' laptops and desktops. Automatic online backup of laptops and desktops protects critical data that is not stored on the association's network in the event of a lost, stolen or damaged workstation.
7. Be redundant. If you establish redundant servers for all critical data and provide an alternate way to access that data, you can bring disaster recovery time down to minutes rather than days.
8. Invest in laptop theft recovery solutions. Because laptops are easily lost or stolen, associations should secure data deletion and theft recovery options for their users' laptops. Theft recovery solutions can locate, recover and return lost or stolen computers, while data delete options can enable companies to delete data remotely from lost or stolen computers, thereby preventing the release of sensitive information.
9. Install regular virus pattern updates. Associations need to protect their data and systems by installing regular virus pattern updates as part of disaster recovery planning.
10. Consider hiring a managed services provider. For small- to medium-sized associations, it is often cost prohibitive to implement a sound disaster recovery plan. Managed services providers (MSPs) have the technical personnel to design, implement and manage complex disaster recovery projects, and have the server, storage and network infrastructure in place to handle the offsite backups, tests, redundancy and management of a true IT disaster recovery plan

The Bottom Line
Regardless of the size of your association, a crisis that could prevent it from conducting normal business operations at any time. A well-structured and coherent disaster recovery plan will enable your association to recover quickly and effectively from an unforeseen disaster or emergency, thus avoiding significant business interruption and loss.