Introduction.

As a business in the financial sector, you are at a high risk of cyber security attacks and other threats that could impact your IT systems. If you experience what is known as an unprecedented emergency, your systems may go down for a period of time, affecting communications, privacy, data protection, revenue and reputation. This is where your disaster recovery strategy comes in.

A disaster recovery strategy is a document that outlines all the crucial information you need in order to get your systems up and running again with limited impact on your business. This blog has everything you need to create an effective digital recovery strategy, taking you through each stage from evaluation to testing.

At Tribeca, we specialise in providing IT support services to alternative investment businesses. This includes disaster recovery services, so you can rest assured that we know what we’re talking about!

Why does your business need a disaster recovery strategy?

Every business in the financial sector needs an effective disaster recovery strategy in the event of an unanticipated emergency. So, what exactly does an unprecedented situation constitute? You may need to implement your strategy if:

• Your building is suddenly closed down or made physically inaccessible.
• An unplanned outage of a key business system which prevents you from carrying out a core function within the business.
• A serious cyber attack that compromises your entire network. If you are concerned that your business is at risk of a cyber attack, read our blog on the fundamentals of cyber security, and take a look at our cyber security services to find out how we support businesses in the financial sector.

With the chances of experiencing an unprecedented event seeming slim, you might be wondering why your business needs a disaster recovery strategy. However, the past few years have shown that businesses can never be over prepared. Regulators expect businesses within the financial sector to be able to demonstrate that they have robust disaster recovery strategies in place so that they are able to function and manage their investor’s money. 

An appropriate disaster recovery strategy will do the following for your business:

• Allow your business to continue operating in the event of an unprecedented emergency. As a result, it aids, and becomes part of, a bigger business continuity plan which helps to ensure your business can continue to operate as efficiently as possible.
• Minimise the downtime of your network by restoring access to data and critical applications.
• Protect your customers, employees and investors when it comes to their data and enable you to continue to communicate with them throughout the emergency.
• Reduce losses and costs as your business will be less impacted by the emergency

You can find out more about the importance of disaster recovery planning in our recent blog.

How to create an effective disaster recovery strategy.

It is important to understand that a disaster recovery strategy differs from a business continuity plan, although if your disaster recovery strategy is effective then it will eventually become part of your business continuity plan. Find out more about how disaster recovery and business continuity go hand in hand.

So, how can you create an effective disaster recovery strategy if you work in the financial sector? Disaster recovery strategies are unique for every business as they should be adapted to fit your company’s needs. However, there are elements that should be included in every disaster recovery strategy to protect your business as much as possible. These elements can be categorised into ‘identifying and evaluating’, ‘creating’, and ‘testing’.

Identify and evaluate:

The first step in any successful disaster recovery strategy is the identification and evaluation stage. Without having an understanding of what your disaster recovery strategy needs to achieve, you won’t know how to measure its success when it comes to testing later on. When identifying and evaluating, you should:

• The first stage is to identify the core business systems and then to assign a Recovery Time Object (RTO) and Recovery Point Object (RPO). RTO is the maximum downtime allowed for each critical system and RPO is the maximum amount of acceptable data loss. You can read more about how to decide your RTO and RPO in our recent blog.
• Identify who will be responsible for executing each part of the disaster recovery strategy in the event of an emergency, from individual members of staff to teams or whole departments. This is a crucial step because responsibility and accountability help to ensure a successful and effective disaster recovery strategy.
• Evaluate all of your hardware and software to determine how critical each one is. You can then prioritise your most critical hardware and software so that they are the first ones recovered in an emergency.

Create:

Once you have identified which systems are critical, who is responsible for each part of the strategy and what your RPO/RTO is, you need to start creating the main part of your disaster recovery strategy – how to recover in the event of an emergency. When creating your strategy, you will need to:

• Consider what systems need to be in place to achieve the target RPO/RTO; that could be a simple daily backup of data offsite, or it could be a live replication of a system to another Cloud Provider or Data Centre. Having a virtual disaster recovery site, also known as a hot disaster recovery site, is important because it provides an alternative data centre in a remote location that has backed up or replicated data.
• At the very least you need to ensure that you have an offsite copy of your business critical data/systems that is separate to your production environment. A useful exercise is to ask yourself whether or not a disaster could affect your production and backup systems at the same time?  If so its unlikely they are fit for purpose.

Training & Development.

If you and your employees understand the importance of cloud computing security, there is less likely to be security breaches. To improve security in cloud computing by developing understanding, you should consider the following:

• Provide training on cloud computing security – Offering training to employees ensures everyone understands how important cloud computing security is. Appropriate training will support your employees to understand how to keep data secure, how to minimise the risks and what to do if the risks become likely issues.
• Know your data protection options – Simply knowing your options regarding data protection will help you improve cloud computing security because it will give you a better awareness of the limits of cloud computing, as well as options on how your business can prevent or resolve these limitations.
• Off-boarding process – We have already mentioned how a rigorous off-boarding process is key to managing access. However, it is also important to remember to train your employees on any off-boarding protocols you put in place to ensure they understand the process. Making sure all staff are on the same page will avoid unnecessary and accidental security breaches.
  

Test:

You would be forgiven for thinking that, once you have created your disaster recovery strategy, your job is finished. However, once finished, your strategy needs to be rigorously tested. If you do not routinely test your disaster recovery strategy, it may become outdated which could put your business at risk in the event of an emergency. When testing your strategy, you should:

• Hold regular disaster drills to ensure everyone understands what they need to do, and that all the systems work properly. It is important to consider holding drills based around different scenarios because what might happen during a cyber attack could be different to what happens if there is a natural disaster.
• Identify any single points of failure and ensure the recovery plan can still be carried out in the event that these points encounter a problem.
• Evaluate the test to make sure your RTO and RPO objectives can be met by your disaster recovery strategy.
• Ensure your disaster recovery strategy reflects any changes to your business, such as new IT systems or a change in the organisational structure. 

Given how susceptible Alternative Investment businesses are to cyber security threats, it is beneficial to test your disaster recovery strategy  every 6 months to ensure it will provide the most efficient and secure way of recovering in the event that a threat becomes an attack.

Tribeca provides quality IT Support for Financial Services.

Tribeca is here to help you with our expert disaster recovery services designed to support financial service businesses with their IT systems in the event of an unprecedented situation. Whether you need a virtual disaster recovery platform which can replicate IT systems to a separate Data Centre, or want to find out more about how your business can utilise cloud computing services, we are here for you! Take a look at our disaster recovery case study to find out more about how we have supported other businesses in the financial sector.

Our services don’t stop there, as we provide other IT support services for businesses in the financial sector, such as software development, network design and IT procurement. We operate as your business partner and want to be seen as an extension of your business, providing consistent quality and proactive assistance to help you grow and protect your business. Get in touch with us today to find out more about how we can revolutionise your business.