Terrorism is often defined as “the systematic use or threatened use of violence to cause fear and intimidation with longer-term political and ideological goals.’’ But how does terrorism fit into a disaster recovery plan? Since late 2011, Kenya has seen an upsurge in violent terrorist attacks, the recent one being on 14 Riverside Drive attack.
It’s a sad situation since it has the effect of loss of lives and even property, for organizations, when we speak property we have tangible and intangible property, software and data loss is inevitable, for instance, you were doing back up on premise with no offsite back up, this can devastating especially when there no plans in place to deal with this because you have your colleagues to think about especially in such moments.
What steps should an organization then take to ensure that such a scenario will not affect their business continuity?
How can organizations plan for a terror crisis?
Failure to plan could be disastrous. At best, the organization may risk losing customers while getting back on their feet. At worst, the organization may never recover and may ultimately cease trading.
As part of the planning process organization should:
- Identify potential crises that might affect the organization’s operation.
- Determine how you intend to minimize the risks of these disasters occurring.
- Set out how the organization will react if a disaster occurs in a business continuity plan.
- Test the disaster recovery plan regularly.
The organization should invite an IT organization to conduct a data recovery assessment and brief the company’s management on effective measures for disaster recovery solutions to ensure smooth business continuity. Counter terrorism professionals should periodically brief disaster recovery planners and IT security staff on current threats. By establishing effective lines of communication and information sharing, the groups can provide added value to the organization. This can ensure that the groups are aligned with each other’s goals as well as those of the organization.
Apart from this, the organizations should always have in place a disaster recovery plan that’s built in-house which the ICT department is well conversant and has been running through the organization so that even other departments can know what to do.
Lastly may God rest their souls in peace those who succumbed in the attack