Establishing Business Priorities
Business priorities are needed to identify the most crucial issues or spheres of activity that leaders and employees need to focus on in order for an organization to function normally. They ensure that each member of a company is aware of the preferable course of actions in certain situations. Such priorities are also needed to avoid panic and chaos in emergency cases when people lose sight of what their current tasks are. The advantage of having business priorities is that an organization makes staff more focused and the work process more coherent.
In the event of a disaster, people often resort to panic. Human brain due to its physiological mechanisms of survival that are hardwired by nature do not let us pay attention to anything except survival. When the crisis point is over, the brain needs to recover from panic, and the best way to speed this process up is to follow a set procedure and give the brain some rest. For this goal, companies develop responsibility charts. Such charts, if memorized, allow a person to automatically function in a specific and productive manner to fulfill the duties assigned to him or her for the period of recovery (Erbschloe, 2003). Each person who follows a chart contributes to the successful execution of the disaster recovery plan (DRP).
However, if the chart is incomplete and omits circuital responsibility that logically should be assigned to this employee, the implementation of DRP could be endangered, and the company’s operations may be undermined. For instance, if a system administrator whose chart does not state that he or she is responsible for checking the integrity and operability of office equipment, he may forget about it and fix minor software issues instead of helping the whole organization recover. This situation may undermine the company’s DRP where moving to a safe location as soon as possible may be a top priority. It cannot move the equipment until it receives a list of working equipment that needs relocation from a system administrator, which slows down the process of rebounding and the implementation of the disaster recovery plan. This is why responsibility charts for each employee are so important.
The establishment of a sound communications structure is crucial for an organization because it allows the swift and coordinated location of problems and their resolution. It provides an opportunity to coordinate resources of different departments and employees in order to accelerate the process of problem-solving. Sometimes, resources of a certain person or team are not enough to cope with an issue. In addition, as a result of a disaster, the work of certain departments may become completely paralyzed, while the other are 100% functional (“Information technology disaster recovery plan,” 2015). In that case, communication structure will determine the relations between people in order to ensure that the most critical issues are given enough human assets and these assets are collaborating effectively to produce the finest solution possible. Another example of communications structure significance is that provides individuals with a strict and unambiguous reminder of whom to report and what to report. Should a problem arise, an employee that knows his communication strategy could locate and report issues faster than a worker without one. In an emergency situation fast coordination of actions between employees and their management means faster solutions, which in extreme situations may save lives.
Organizational planners do have to establish a well-thought program for a business to recover from a disaster because the company’s health depends on it. Responsibility chart is an essential part of this work because it works with each employee. It establishes top-to-bottom model for relationships within the company, which is crucial under extreme circumstances when initiative either becomes ineffective or damaging. Having a clearly established procedure is easier for all employees at all levels and all departments because it relieves workers from having to decide what to do when there is limited time for a decision. Each employee’s tasks are important to the company, and all of them need to be performed at the highest level of efficiency especially in the time of recovery from a disaster. In such times it is often the case when workers are frustrated or doubt their every step. For such situations, planners have to invent a responsibility chart to simplify the task for each department specialist. Having such charts devised in advance increases the chance of a DRP to run successfully without significant deviations.
Who Controls the Disaster Recovery Plan?
As far as control is in question, it should be assigned to those who normally oversees all operations within the company. Controlling how well a task is performed is a management personnel’s work (“Information technology disaster recovery plan,” 2015). Such people are trained to control and make changes in the work of the organization. It is only logical that they will be put in charge and take responsibility for the whole operation for the company’s recovery from a disaster. When the emergency occurs, normally the company temporarily ceases to function. This means that for a certain period of time each employee has to perform in slightly different direction than before. However, during the recovery period, each worker’s task should match his or her skills and occupation. Therefore, those who are trained to be in charge should stay in charge during the recovery period. Disaster recovery plan is a task that requires collaboration and strict adherence to the devised procedures. Since many people are involved in this process, it requires assets that are equipped to coordinate, guide, and control all those employees. Such people should be managers.
First of all, senior management personnel have to approve DRP before the disaster hits. It is a part of their duty to envision all possible scenarios of emergency events. It is also their task to give others an unambiguous and clear instruction as to what to design and when it should be done. In addition, a situation could arise that employees underestimate the importance of DRP. They might develop a mindset that tells that disaster is a rare occurrence that will not hit the company, or the chance of such an event is rather small which gives almost no reason to prepare for it. Such thinking paradigm is rather dangerous, and it is senior management’s task to eliminate such thoughts. They should explain to their subordinates that despite the chances of disaster may be small, the disruptive effect it could possibly have is catastrophically large. The company may even cease to exist if proper actions are not taken in due time. Therefore, successful execution of a DRP much depends on the effectiveness of managers’ educative work that they need to do with their employees.
Communication with External Organizations
Firstly, disaster recovery team has to devise their plan communication strategy in advance. Before facing a disaster, the team may think about what services it may need in case a certain disaster occurs. For instance, in case a company’s office is destroyed completely, a company will need the help of an insurance company officials and third-party lawyers that will help calculate the damage and the sum of insurance payments. In this manner, the team also has to create a list of possible contacts that it may use in case such services are needed. A list will save the time for searching the companies that may help deal with problems a company faces in the recovery period. Each hour and each day that a company spends in a recovery period it loses a substantial portion of profit, which is why it is essential to have everything ready and accessible in advance. Additionally, disaster recovery team has to make preliminary contact with companies or individuals on the list in order to ensure that they are ready to provide their services t o a company when they are needed. It is also advisory to have several contacts with providers of the same service in case one is unavailable. These recommendations allow the process of external communication run smoothly and without unwanted surprises.
These suggestions will work well for each type of organization because all organizations in case of an emergency that paralyzes its operations will have to contact people and companies to help them with their problem. For instance, such seemingly sustainable organization type as an online company that does not have an office and does not depend on the physical presence of people in one place could face a disaster. A company’s website could go offline because of a power shut down in the region where the servers were located. In this case, the company has to create a temporary mirror of their website, which requires foreign manpower and a company has to have a list of people who can provide such a service. Another example is a manufacturing company that may have its production equipment destroyed as a result of an earthquake. If the equipment is of foreign origin, it has to be shipped anew. In that case, if a company has a list of suppliers with whom a shipping arrangement could potentially be made, the recovery process could take less time.
Types of Cyber Attacks
There are several types of cyber-attacks that a business should be aware of. One of the most widespread is malware (Taylor, Fritsch, & Liederbach, 2014). Malware or a virus is a piece of code created with a vile intent to destroy, paralyze or cease control of certain computer equipment. Phishing is a type of a cyber-attack that requires a person to provide his or her personal data to a third party under deceiving pretext. For instance, a link sent to a third party to a manager by email that requests his personal or corporate data for examination or another purpose could be called phishing. Denial-of-service or DoS attacks are also among among the most common methods of inflicting harm upon an organization (Taylor et al., 2014). This technique presupposes sending large volumes of data to a server that processes requests to a certain website, and as a result, a server shuts down because it is unable to process all the data sent to it. Nowadays, launching a cyber-attack does not require a user to download anything. So-called drive-by downloads could infect a computer even if a user just visited the website.
In order to safeguard company and its employees form cyber-attacks, one needs to establish an environment where each worker cares about safety and knows specific procedures on defending his or her personal data and corporate data to which they have access. This may require intra-organizational seminars on cyber-defense, supervisor instructions on password management and internet behavior. In addition, a company needs to develop fail-safe systems that could guarantee stable functioning in case of DoS attacks or other events. Well protected corporate mail clients, access to which have only the employees of an organization is one of the ways to protect the organization from phishing links sent by email. If a company allows its workers to have internet access from office computers, then the company has to ensure that all unreliable websites are blocked by corporate firewall in order to protect the equipment from drive-by downloads.
Additional Special Circumstances
As one of the disasters that were not discussed, a military invasion could be mentioned. If a territory where a company’s office is situated becomes a warzone, a special DRP is needed to mitigate the consequences of such occurrence. It could be considered special because war is unpredictable in a sense that actions of a hostile party may be anything from predatory to friendly. There could be no assurance in what orders are given to the military of another country in regard to businesses. Therefore, dealing with such a threat requires special DRP. Another disaster could involve extraterrestrial activity in the territory, where the company operates. Such an occurrence has statistically a very small chance of happening, and probably a company should not take such a threat seriously, but nonetheless, such an occurrence was not mentioned in the text. If such a situation could be possible it could undoubtedly be called special, as intentions of inhuman forms of life could be unpredictable and special response should be produced.
An appropriate disaster recovery procedure in case of war would not be very different from other types disasters. However, DRP’s implementation could be undermined by the actions of invaders. Notifying senior management (if they are not in the office) would always be a top priority for employees (IBM, n.d.). However, this procedure needs to be actuated provided that there is a degree of certainty that such actions will not be misinterpreted, by invaders. Determining the degree of a disaster by a previously assembled group of responsible employees could be a logical next step towards a recovery procedure (IBM, n.d.). Again, it could be complicated because a disaster such as military invasion could be stretched in time, same as an extraterrestrial invasion. Reacting adequately to such occurrences is very hard due to the specificity of such events and the vague nature of their aftermath. It could hardly be predicted what could happen after an invasion either by other country’s military or other forms of life could bring. In such cases, saving lives of employees could be the most logical thing to do for the employees themselves. For a company, monitoring the progress of events and constant adjustment of its behavior could be a procedure to follow.
Erbschloe, M. (2003). Guide to disaster recovery. Boston, MA: Course Technology.
Information technology disaster recovery plan. (2015). Web.
International Business Machines (IBM). (n.d.). Web.
Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital crime and digital terrorism. New York, NY: Prentice Hall Press.