If a physical disaster like a fire, flood, or tornado destroyed your business’s main location and all of your technology resources, what would you do? Could you and your employees keep working at an alternate site with backed up data?
Similarly, if your network became a casualty of the so-called cyberwar and hackers breached your valuable data, would you have a plan to handle the fallout? Would your business files and other information be completely lost? Could you continue serving your customers?
While most business owners don’t like to think about disaster recovery, the truth is, disasters happen every day. Here on our blog, we have often covered how small businesses can protect themselves from cybersecurity risks, but threats from natural disasters, faulty hardware, and even employee error are ever-present. So it’s essential to consider how your business can overcome a variety of emergency scenarios.
Why is a Disaster Recovery Plan Important?
According to the Federal Emergency Management Agency (FEMA), roughly 40 to 60 percent of small businesses never reopen their doors following a disaster.
With statistics like these and the life of your business on the line, it’s more important than ever to be ready for anything. Today’s post focuses on things you can do to preplan for natural disasters, property break-ins/theft, and more. By spending time getting ready for things that will hopefully never happen, you may be able to assure that your business doesn’t become a tragic statistic.
I have a Business Continuity Plan – isn’t that the same thing?
A disaster recovery plan is a part of business continuity planning, but they are not quite the same thing. A business continuity plan describes your overall strategy, whereas a disaster recovery plan outlines specific tactical actions.
Your business continuity plan will involve multiple strategic systems of prevention and recovery to deal with potential threats to your company. In fact, it should contain several specific disaster recovery plans, which will be more like checklists of action steps to follow if a particular catastrophe happens.
For example, you might have documentation on how to recover from a physical data disaster like a fire or a flood as well as a process for handling a data breach caused by a hacker. It’s true that both categories of disasters—physical and cyber—may take down your network, but only the former can tangibly destroy your servers, individual computers, and other on-site tech resources. A cybersecurity disaster may be equally devastating to your business, but it will require a different set of steps to get your systems back up and running.
Key Elements of an Effective Disaster Recovery Plan
Get started on creating your first disaster recovery plan by drafting out a response checklist in writing and gathering/locating your most important business information. Other components, like IT redundancy and data backups, will serve each individual plan (and business continuity planning on the whole). Read on for our tips.
Documentation
Write out your disaster recovery plans
Start by making a list of all possible disaster scenarios—both physical and cyber—and determine how each could affect your business. You can record this information in a multi-columned format in your spreadsheet software or simply start by jotting notes down on paper to formalize later. The main point is to get started as soon as possible.
It may be advantageous to set up a committee of trusted employees to work through this process together and consult knowledgeable outside experts like your business insurance agent and/or local emergency response agencies, as well.
Next, create your step-by-step plans that detail how to react to each disaster. Be sure to document:
- Who will be affected
- Clear action steps—what should happen first, second, third, etc.
- Who will execute the plan
Don’t forget to include a list of resources you will need to carry out your plan effectively. This should incorporate a file of emergency information such as:
- Alternative work locations (office space you can secure nearby, telecommuting plans, etc.)
- An up-to-date list of essential employees along with a listing of the bare minimum equipment each would require to perform their jobs
- Contact information for service providers (utilities at your locations, etc.)
- Copies of your business insurance policies
Once fully documented and finalized, your plans should be stored in multiple locations both on and offsite.
Draft a communications plan
In addition to communicating with essential employees where your disaster recovery plans are stored, you will need to predetermine who among your leadership team will disclose information to other employees. Have a current contact list of all your employees with phone numbers and email addresses, and designate team members who will keep individuals updated in an emergency—this could be managers for various departments or a different chain of command you choose.
Create a network blueprint
Be sure you have a detailed blueprint of the software, data, systems, and hardware connected to your network. You cannot easily restore your network if you don’t actually know everything that comprises it! Even for small, local businesses, this task can be tricky, and we recommend that you seek advice from a dedicated IT partner, especially if you do not have an in-house IT person or team. In the event of a disaster, your network documentation can help you file a claim with your insurance company in addition to helping you get back online, but it must be complete and accurate.
Backups
While you likely make backups of your critical business data regularly, be sure you’re following best practices.
Automate & test your backup system
Does your current system run automatically, without human intervention? Ideally, your backups should be flawlessly recorded on a regular basis—perhaps daily—without a single person being involved beyond the initial setup.
If someone needs to swap a tape, check a hard drive, or execute a command on the server for your backup to run, your system is flawed and will most likely fail when you need it most simply due to human error.
You’ll also need to check your backup system regularly to be sure it is actually backing up your data. Schedule audits so you know your backups are working correctly. And if you’re not sure how to know whether your backups are happening, it’s time to talk to a backup solutions partner.
Keep a copy of your data offsite
The best backup system in the world won’t save you if your data is stolen or destroyed along with everything else. This is why it is crucial to maintain a current copy of your data offsite on a different server or storage device. Thanks to cloud storage, having an offsite backup solution is more affordable than ever, and it’s one of the best ways to ensure that your business can continue even after a disaster.
Look into setting up remote network access & management
There are several reasons why having the ability to access your network from home or other offsite locations is a great idea—both for business as usual and in the event of an emergency. While it can raise some additional security concerns that you’ll want to address, remote access can also allow IT support staff to access your network to troubleshoot problems or run regular maintenance routines.
Consider creating an image of your server
While having a copy of your network data offsite is a must, keep in mind that if your server completely fails or is destroyed, you’ll need to restore more than just your data to get your network back up and running again. If you don’t have all the software disks and licenses for critical databases or your accounting software, for instance, it could take days to get everything re-installed and working again.
Creating an image of your server enables you to make an exact copy of everything that exists on that server including software, preferences, data, configuration settings, and more. Having an image of your server can save you a great deal of time and money and get you back up and running far more quickly. To find out more about imaging your server, be sure to talk with your IT consultant.
Ongoing Monitoring & Systems Maintenance
Make sure you have an ongoing maintenance plan for your network to prevent major problems. While fires, theft, and natural disasters can take down your network, it’s much more likely that you’ll experience network downtime due to a virus, hacker attack, device failure, or simply human error. Keep your network healthy by taking care of the little things on a regular basis including:
- Downloading operating system patches and updates
- Keeping anti-virus/spyware software updated
- Monitoring hard drives for deterioration or corruption
- Replacing older hardware or software
Training & Testing
Does your business perform fire or other preparedness drills? We all know that testing alarms and evacuation procedures is important. With that, you should also test your IT disaster recovery plans several times a year to be sure they work as expected. At the very least, regularly review your documentation and update it as needed. Additionally, schedule training for key employees to be sure they understand their roles and duties during a potential disaster.
FEMA notes that 20% of larger companies spend over 10 days per month working on business continuity and disaster planning. While you likely don’t have that kind of time in your smaller to medium-sized business, you should definitely look to these organizations as an inspiration.
Need Help with Disaster Recovery Planning?
For small businesses in the Lancaster, York, Dauphin, Lebanon & Berks County areas of Central PA, EZComputer Solutions is here to take the worry out of creating disaster recovery plans. We also offer managed IT services to prevent problems and assure that your technology is working for your business instead of against it. Get in touch today to discover how EZ your IT can be!
