bna-lightning.jpg

October is Cyber Security Awareness month, and in some states it’s also the last month of temperate weather before storm season begins. Weather and natural disasters are just one reason small businesses need a disaster recovery plan. Whether the reason for the loss of your data is flood, fire, power failure, or even sabotage, you’ll need to act quickly to recover your files, restore normal operations, or access data in cloud storage.

Today’s technology makes it easier to work without an office when such events occur, but that’s why a plan to keep technology working is all the more important. To create a flexible yet effective digital disaster recovery plan, follow these four steps.

1. Decide What is Critical

The first step to creating any business continuity or disaster recovery plan is to determine what technology or services you need to get back first in any scenario. Maybe that’s your web servers, access to internal databases, a VoIP phone system, or a client-facing web portal. According to the International Data Center, companies lose an average of $84,000 for every hour their system is down after a disaster.1 While a small business may not experience losses at that volume, the potential significance of lost profits is no less dire. You may not be able to address every source of loss immediately, but knowing which ones are the top priority will help those on your IT team acting to restore the system stay focused. Consider also what is most likely to be impacted in each disaster scenario—the team will need to react differently to a fire than a long-term power outage.

Remember that critical elements might not just be the ones in your building, especially if you use any subscription cloud-based software. Even the most mobile, hands-free interface is supported by tangible hardware, like a server, someplace else. Make sure you’ve planned for disaster to strike all your system components, whether it’s your desktop computers getting a virus or your remote cloud servers crashing through no fault of your own. Consult with any vendors to determine what they will do in a disaster situation, too.

disaster-diagram.jpg

2. Don’t Just Think Tech

Planning to recover from a systems failure or other digital disaster isn’t just about predicting what will go wrong to cause the problem; it’s also about planning to cut your losses. Another valuable part of your plan might be determining in advance some preliminary steps to reassure your customers or clients when your goods or services aren’t available, or if your system security has been compromised.2 For instance, if your customer service reps or sales team know in advance that a service outage or delay of more than four hours will entitle customers to a refund, they might offer that assurance to customers from the beginning. The same applies to departments like marketing and human resources. If they know what the business will do in reaction to a digital emergency like a data breach, they will feel more assured in an emergency, and can take action in line with what they know the desired outcomes to be, like issuing press releases or coordinating employee needs.

You may not be able to address every source of loss immediately, but you can plan to focus on the biggest ones first.

3. Plan for Many Contingencies

In some cases, we’re lucky to have advance warning of a system failure risk, like a hurricane. In others, like tornado, earthquake, or fire, the onset is sudden, unexpected, and can be chaotic. Part of the reason it’s so important to establish a digital disaster recovery plan is that ensuring business continuity may be necessary at a moment’s notice. With this in mind, telecoms provider CISCO recommends businesses establish an internal committee responsible for restoring normal operations in a disaster situation. At least some of these individuals could be key organizational leaders like any operations managers or team leads.3 If a set of individuals is prepared for any situation, their reactions will be more flexible.

disaster-diagram2.jpg

4. Test the Strategy

If you’re making a digital disaster recovery plan, it’s because you’ve acknowledged that these systems are some of the most critical to businesses today, and you want to make sure your digital resources don’t disappear without a backup or other contingency plan. However, the best laid plans on paper often fail spectacularly the first time they’re executed. While 80% of IT organizations have disaster recovery plans, only 40% have tested them.4 That means many might find themselves in an emergency situation, only to find they overlooked a key element, or one part of the process that seemed simple won’t work logistically. This can be especially true when system or software updates or other changes to the digital environment have occurred since the last system backup.5

Remember, one of the key values in a disaster recovery plan is that it’s completed to give the team an advance strategy. Developing the plan and not testing it is a little like a coach sharing the play book with a team, but never asking them to practice until the day of the game…not a winning strategy. This is why testing the plan more than once a year is important, not only to prevent a true crisis from having devastating impact, but also to get better at reacting to smaller crises as they come up.6

Every time you make a backup of your files, make sure it’s possible to restore the system from the backup, too.7 Coordinate drills for other emergencies, like planning for everyone to test the remote desktop access system before the day comes you all need to use it to work during a blizzard.

Disaster recovery plans can’t prevent disasters, but they can prevent those catastrophes or accidents from having a permanent impact on a business’ success. With a reaction plan in place, the key stakeholders will be prepared to take action in uncertain conditions, rather than focus on the wrong priorities, or freeze altogether out of panic. Ensure that you’re in control of your own return to the status quo by developing and rehearsing a digital disaster recovery plan.