Disasters come in all shapes and sizes and they definitely don't discriminate. And while everyone knows the dangers that lurk around their firm's precious data, it can be tough to dedicate a large portion of budget and resources to building an IT disaster recovery (IT-DR) plan. However, disasters don't care about your IT talent, time or budget. With that in mind, here's some examples of the five biggest IT-DR failures I've seen and how you can avoid them.

Bad Practice: Not Keeping the IT-DR Plan Up to Date

Many firms make the mistake of not testing and keeping their plans up to date. In fact, a recent survey conducted by Bluelock Solutions from InterVision found that only 10 percent of the legal industry tests their plans more than once a year. This makes it nearly impossible to ensure effectiveness, or to have a clear understanding of changes to your IT environment. If your system has changed since the last check, different steps may be required for recovery and you'll never know if you don't test.

To avoid any issues that could arise and ensure maximum preparation, it's vitally important to test your IT-DR plan on a regular basis. I recommend that firms test their plan at least twice a year, but if your firm is under intense scrutiny from clients, or is being targeted for cyber breaches, it's a smart idea to test it even more.

Bad Practice: Not Building a Tiered Application Structure

Information is complicated and complex, and not all information can be recovered at the same speed. Trying to put every dataset into a one-size-fits-all solution is a complete waste of time and money. This type of plan is highly vulnerable and requires employees to sift through massive amounts of data before delivering to end users.

By making sure to match each dataset with the required recovery speed and capabilities, your firm can make this process much more efficient. Identify what needs to be recovered first and organize all the data into tiers based on priority. Using a more selective method, your firm will save money and utilize several solution types instead of bucketing everything into one inefficient option.

Bad Practice: Failing to Document the IT-DR Plan

This seems like a fairly simple step, but you'd be surprised at how many firms fail to write down their IT-DR plan. Many firms make the mistake of solely relying on their IT team to simply know what to do when a disaster occurs. However, if there's a new employee or someone who knows the plan isn't available, this method fails immediately.

Creating a step-by-step runbook with details on order of execution and everyone's role in a disaster scenario is a much more stable option. Runbooks should also have a contingency plan in place in case someone is absent.

Bad Practice: Failing to Properly Update the Runbook

Picture a disaster happening and you run to grab the runbook only to find it with outdated procedures. Unfortunately, that's the case for many firms when dealing with a disaster. Failure to update the runbook with any changes after testing the system can be detrimental.

Communication is the key to solving this issue. After testing is complete, meet with your IT team to discuss what went well and what needs improvement. Document these discussions and then make any necessary changes to the runbook. After changes are made, everyone should receive the latest version to avoid confusion during disaster recovery events.

Bad Practice: Completely Ignoring Possible Disasters

We can talk about runbooks and IT-DR plans all day, but if a firm completely ignores the possibility of disasters, they'll never have a proper protocol in place. Disasters don't just come in the form of fires and floods, they can include human error, cyber breaches, power outages, or even hardware failures. If you ignore the full spectrum of possibilities, your firm is left especially vulnerable and unprepared.

The tip for this one should be obvious: plan for everything and design your IT-DR plan to be flexible. Asses the current state of your IT systems and establish what it would require to recover that system. The goal should be to recover from situations with minimal disruption to operations.

Put Your Plan in Action

These bad practices are all too real for many law firms. It takes time and effort to carefully design and maintain the right disaster recovery system. However, this process is worth it in the long run to provide a smooth and fast return to normal operations following a disaster.

 

Jeff Ton is Senior Vice President of Product Development & Strategic Alliances at InterVision, a next-generation IT Services company, where he is responsible for driving the company's product strategy and vision. Jeff focuses on the evolving IT landscape and the changing needs of customers, ensuring InterVision's products and services meet client's needs and drives value in their organizations now and in the future. Ton has over 30 years of experience in business and information technology and previously served as CIO for Goodwill Industries of Central Indiana and Lauth Property Group.