disaster recovery

How to Build a Disaster Recovery Plan for Accounting Firms

Disaster can strike at any moment, and its effects can be devastating to businesses. One year ago Superstorm Sandy slammed into New Jersey and New York City crippling many organizations for weeks, if not longer. With such dire consequences, it’s critical to have a good disaster recovery plan in place in case the worst should happen for you and your accounts.

A solid disaster recovery plan can be divided into three parts: Planning, Storage, and Recovery. Each part is equally important, and each one should have a thorough plan of its own. For accounting firms, it is not just that your data that you need to protect, it is your customers business information that needs safeguarding.

A solid disaster recovery plan requires everyone involved to know their roles and be ready to execute them at a moment’s notice. Ideally, a plan should be created with partners and vendors as well. Careful consideration for several broad scenarios helps devise plans that are best based on conditions in your area.  Some suggested disaster considerations include: floods, hurricanes, winter storms, local building issues and security threats.

This is the second key aspect of planning for disaster recovery – always make sure that there are redundant channels and oversight. In case the worst should happen, the channels of communication need to be set up so that everyone knows who to call as a primary, and who to get in touch with in case the primary contact person is unable to be reached. Make sure that everyone knows who the person to contact is in case of a major IT issue, and who the alternate contacts are. Maintaining a strong chain of communication can mean the difference between a temporary outage and a major business disaster. Determining primary and secondary communication options should be part of the plan.

Storing your data securely for a post-disaster recovery is as important as planning. The first step to storing and protecting your data is choosing a backup and storage method and provider. There are many options available for both backup and storage, and choosing the right one is based largely on the needs of the business.

Larger accounting firms with more involved data needs can opt for an in-house solution using their existing IT staff. Smaller accounting firms, or those with more generic data needs, should instead look at one of the cloud backup services or managed backup providers. Whatever option you choose, it’s important to make sure two requirements are met:

1. Your recovery data should be kept in multiple physical locations separated by some distance. Most cloud and managed backup providers already guarantee this level of duplication and redundancy by distributing your stored data across multiple different data warehouses in multiple locations. However, if you go with an in-house or custom solution, it is important to make sure that backups are not all located in the same datastore, and certainly not in the same building as your offices.

2. Your recovery data should also be stored on physical media somewhere in another location, in case a recovery is necessary and an internet connection cannot be established. External hard drives are a fast and cheap method for offloading data. Of course, the best approach to this varies on the type and amount of data.

The process of recovery begins with a good policy of detection and monitoring. Make sure that whatever disaster recovery plan you create accounts for carefully keeping track of your data in case of less obvious disasters – things like fires when you are out of the office, malicious intrusion (either physical or cyber), power outages and the like. The faster you can learn that your data is in danger, the quicker you can react and the easier the recovery process can be.

As mentioned earlier, everyone on your staff should know who to contact in the event of a major disaster. Make sure to inform your staff that their safety is the top priority – if you’ve been backing up your data properly and storing it offsite, losing your equipment in a disaster is only a temporary setback. Make sure you know where your data is and how to retrieve it. Practice full recovery drills several times a year so that everyone on your staff knows what to do – you don’t want to have to add learning an unfamiliar system to all the other post-disaster stress.

Make sure you have a plan about what needs to be recovered first, where all your priority information is, and how to get to it. For many firms, this will be customer-facing data – websites, client login portals, and any information that needs to be accessed by your clients. It should also include your most sensitive business information.

Having a disaster recovery plan can make the time between disaster and recovery much shorter than it would be without one, and the work required to implement one is minor compared to the risk of losing your business. Your business depends on a good plan and your clients are depending on you to ensure you have them covered as well.

To help in the executing of your disaster recovery process for your accounting firm contact Ease Technologies to learn more how we can help. 888-Ease911