Disaster Recovery Planning Step 1 – The Threat Matrix
Introduction
The starting point to creating a Disaster Recovery Plan (DRP) for your business is the Threat Matrix. By preparing a list of catastrophic events to your business, scoring them according to their likelihood and documenting your response will allow you to mitigate their damaging effects quickly and efficiently.
Here’s how to set up a Threat Matrix.
Identify the most common threats
Brainstorm with your team and list the most likely threats your business may face in your geographical area. A sample list is below:
- Fire
- Flood and water damage
- Natural Disaster (Hurricane, tornado, Nor’easter, etc.)
- Extended Loss of Electrical Power or Internet Connectivity
- Hardware Failure
- Software Corruption
- Social Engineering Attack
- Denial of Service Attack
- Disgruntled Employee (Data Deletion, Corporate Espionage Activities, etc.)
- Human Error
- Hacking – Stolen Confidential Information
- Malicious software (Trojans, ransomware, etc.)
- Loss or corruption of Key Digital Files and/or Databases
- Stolen unencrypted mobile devices (laptops, smart phones, tablets, etc.)
- Malicious intruder – Stolen/damaged servers, desktops, network equipment
- Bomb Threat
- Terrorist Attack
- State/Federal Emergency Declarations (i.e. Restricted travel, Government services, etc.)
The above is only a sample. As you can see, the word “Disaster” doesn’t only mean hurricanes, tornadoes and floods. Studies show that natural disasters account for only 3% of catastrophic data loss events.
The lesson here is to prepare for natural disasters—of course—but make sure you cover the multitude of other events that will most likely lead to disastrous data loss.
Give each threat a rating
There are many ways to rate things. If you’re mathematically inclined, you can create an intricate weight system to apply to each threat. However, keep in mind that simple is understandable which leads to action.
I favor a High (H), Medium (M) Low (L) scale. I know this is more subjective than using intricate mathematical models, but it is easy to understand, quicker and does the job nicely.
So, after identifying the threats, rate each of them High, Medium or Low. Make sure you revisit the list from time to time and update ratings and add new threats as appropriate.
Create or reference procedures covering each threat
Now that you have a list of threats with H, M, L ratings, it is time to make sure that you have detailed procedures on how to deal with each threat when they occur. As a business, you probably have written procedures covering your operations. If so, great! Provide a link or reference in your DR Plan so your staff can find them. Just make sure that they’re updated as your business changes.
If you don’t currently have a set of written procedures—you now have a handy list to get started!
Conclusion
Disaster planning is crucial to your company’s survival. Threats are everywhere and the digital landscape is getting more dangerous. For instance, social engineering, hacking and malicious software such as ransomware and credential-stealing trojans have vaulted to the top of the list in recent years.
Your goal must be Business Continuity and not merely surviving a disaster because your company can literally go out of business shortly after a catastrophe without a well written, tested Disaster Plan to guide your recovery.
P.S. – If you don’t have a written Disaster Plan
Click the link below to our previous post and download our FREE, no registration, easy-to-use, fill-in-the-blanks Disaster Recovery Template that will make creating your written plan super easy:
A Simple Disaster Recovery Plan Template
XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 460+ Petabytes of data with over 1400+ employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause. Backup & Disaster Recovery | Business Continuity | Data Risk Assessment