Many businesses are impacted by a wide range of disasters each year, from hurricanes to ransomware that have wiped out business data and put the business in peril.
Those that recovered had one thing in common; they were prepared ahead of time with a disaster recovery plan that they successfully implemented. The key is to prepare and take measures to minimize the impact of the disaster on business operations.
The areas that your plan needs to address include the following:
- Identify the types of disasters that can impact your business and result in damage and disruption.
- Determine the assets, personnel and information that need to be protected.
- Outline the steps to safeguard your business assets, personnel and information.
- Prepare a plan for what to do to recover from a disaster.
Possible business disasters include loss of a critical person, accidental release of information, a security breach, the theft of IT data, software corruption, accidental damage (such as spilling liquids or dropping a computer) or a power surge. Ransomware has become the fastest growing threat with ransom payments in the billions annually.
The key to disaster preparedness is to have a proven plan available to help you get on the road to recovery. This means that the plan has to be printed, distributed and available immediately.
Every business owner needs to consider two key metrics. First, the recovery point objective (RPO) is how much business information the business can lose and still recover. The owner must consider the business process requirements and the acceptable cost of the disaster.
Second, the recovery time objective (RTO) is how long can the business be down before operations are negatively impacted.
Since the most common type of disaster is IT related, a disaster recovery plan should generally include the following elements:
- Key employee contact information
- Staff and customer notification procedures
- Vendor contact information
- Full data backup (including tape or online) for servers, databases, email and critical processes
- Recovery procedures, including media type (manual/removable media — tape or disc cartridge — or online)
- System shutdown and startup procedures
- Other logistical and technical resources
- Relocation and evacuation procedures
- Insurance coverage and the claim process
The Disaster Recovery Plan should address the following scenarios:
- Power outage
- Loss of internet, phone or cable TV
- Loss of water or sewer services
- Hardware or software alternatives
- Proactive hardware replacement plan with funding source information (including insurance coverages) to purchase hardware and cover services while you wait for any insurance payment that may be available
- Site alternatives
The steps in developing and implementing a Disaster Preparation Action Plan include the following:
- Develop the plan
- Educate staff
- Test the plan
- Review and update the plan annually
I can’t stress enough the importance of taking your plan seriously. Many times, a business that has made a plan, lets it sit on the shelf. When a disaster happens, the business discovers the plan was never fully implemented or tested, and it doesn’t work as intended or needed. Even with competent, well-meaning people involved, sometimes things just don’t work as planned.
The key to disaster preparedness is to have a proven plan available to help you get on the road to recovery. This means that the plan has to be printed, distributed and available immediately.
It can also be online, should you be able to access it, but the current version should be printed and maintained in a secure location. It is difficult to plan for any random disaster ahead of time, but it is more difficult to recover, especially under the extreme stress of a disaster, without all of this information readily available when the disaster strikes.