As the 2017 Atlantic hurricane season comes to an end in late November, the threat of a disaster (natural or human-induced) remains fresh in the minds of many business owners. From hurricanes and fires to fraud and cyber attacks, companies of every size should be prepared for the often inevitable worst-case scenario with a disaster recovery plan, which can help maintain business continuity and protect essential technical operations.
To demonstrate the value of a disaster recovery plan, let’s assume that you are the CEO at a small to medium sized business and have been asked by a prospective client to describe your response plan if your daily operations were to be impacted by a disaster. Some of their concerns and questions may include:
- In the event of a disaster, will my files (i.e. contracts, personal information, etc.) and any other valuable information related to this project remain safe, secure, and accessible?
- If you do experience downtime, can you provide an estimate on how long this will last? Do you have systems in place to reduce this timeline?
- How do you plan to communicate with my company if the services you provide are delayed or if you are unable to fulfill the scope of work?
While a prospective client may or may not ask these questions directly, it’s important that you consider how these concerns would be addressed. To help with this process, our team has pulled together the 5 recommended steps to ensure business continuity and protect your company when disaster strikes.
5 Steps to Protect Your Business with a Disaster Recovery Plan
Step 1: Consider the Business Impact on Your Bottom Line
At the core of any effective disaster recovery plan is a Business Impact Analysis (BIA), which evaluates threats that could impact day-to-day business operations, considers the likelihood that potential disasters will occur, and calculates the overall business impact. Examples of scenarios that should be considered in your BIA include:
- Power and/or telecommunications outage
- Physical damage to business location(s)
- Loss or breach of any and all files, computers, technology platforms, etc.
- Employee departure, termination, sabotage and extended absences
If you consider your company’s response to these potential scenarios, you can begin to organize elements of your disaster recovery plan, including: critical IT infrastructure elements, backup check, asset inventory list, and team responsibilities.
Step 2: Plan for Employee Safety and Communication
If your company experienced a disaster, would you know how to protect your employees—both in terms of their safety and personal security? It’s important to consider how you would secure confidential employee records (i.e. social security numbers) and communicate with all employees if you experience a widespread outage or security breach.
According to a recent article in Entrepreneur, if your company faces a crisis that “is a result of a natural disaster, state of emergency or other unforeseen catastrophic event, your initial response statement should include a clear explanation of what your company is doing to manage operations, keep employees and customers safe (both physically and digitally in terms of data) and the expected path to recovery.” Unfortunately, if the disaster is caused by human error, the response plan may be more delicate and will vary case by case.
Step 3: Create a Strategy for Providing Customers with Information and Reassurance
Are you a company that stores sensitive customer data? What would happen if your business was the victim of a cyber attack? Would you be able to communicate in a way that reassures your customers and instills confidence?
2017 has been a historic year in terms of disasters impacting large companies, many of whom have fallen victim to massive security breaches—from Equifax with “one of the largest data breaches in history, leaving 143 million people wondering if their highly personal data had been exposed to hackers” to Yahoo’s 3 billion user accounts who were hacked in a widespread breach (CNET). These type of incidents have today’s consumer on edge, concerned that the safety and security of their personal data may be at risk.
Unfortunately, companies like Equifax have received intense criticism regarding their customer response strategy in the wake of this disaster, leading the Interim CEO to author an op-ed column in the Wall Street Journal titled “On Behalf of Equifax, I’m Sorry.” Despite his public acknowledgement, Equifax and its top executives continue to receive public backlash from critics who claim that Equifax’s “answers are still delayed and incomplete” (New York Times).
Step 4: Prepare Business Operations to Eliminate or Reduce Downtime
If your company is like most, you rely heavily on computers, technology, and shared networks to deliver your services. How would your daily business operations be impacted if you experienced significant downtime? Do you have a plan to save and access your most important files?
According to a recent survey cited by Datto, “a small business that has an hour of downtime will lose, on average, $20,000 due to the disruption. But if the disruption extends to three hours and employees cannot get back online and resume work, that hourly loss rises for $75,000.” This is an alarming number for a company of any size, especially when the consequences result in loss of revenue, damage to the organization’s reputation, and hinder the company’s productivity.
Step 5: Test and and Refine Your Plan
A disaster recovery plan is only effective if it is tested and refined on a regular basis, because “without a well-rehearsed plan, even a minor incident can spin out of control causing much greater business impact than anticipated (Forbes).”
We recommend testing your full disaster recovery plan on a quarterly basis, at a minimum, to provide confirmation that your business continuity is intact, troubleshoot gaps, and make any necessary adjustments. This is your opportunity to try different scenarios to see what’s working, what can be improved, and provide peace of mind that your business will experience minimal downtime if faced with a worst-case scenario.
How Do I Get Started?
If you are ready to create your disaster recovery plan, our team recommends utilizing our disaster recovery checklist, which is a template designed to help streamline your planning process. If you are interested in learning more about our disaster recovery services and how we can help? Contact the Big Sur Technologies team today.