At any given time, something can go wrong, be it a natural disaster or a freak accident, there is always a possible danger that can upset your business operations. For example, a blackout or power outage can occur and cost your business thousands of dollars in lost revenue. Blackouts can happen for any number of reasons. In 2016 in Kenya, a nationwide blackout was even caused by a monkey, which just goes to show that not all disasters come in the form of hurricanes, tornadoes, earthquakes, fires, and tsunamis.
When these disasters or major accidents strike, though, you don’t want your business to be caught off guard. You should be prepared and have a disaster recovery plan at the ready so that, after a disruptive event, you can quickly and seamlessly resume operations.
Importance of Being Ready for an IT Disaster
The key to being able to survive an IT disaster or emergency, such as a blackout or a data breach, is preparation. It is simply the best way to cope with disruptive events and emergencies.
- Protect Your Data – Data is your business’ bread and butter. It’s best not to lose a single piece of data as you don’t what could be lost, it could be trivial, it could be of major importance.
- Reduce Uncertainty – If you don’t know what to do during an emergency, it can cause undue stress and panic, and may further cost your business income. Simply knowing what to do in the face of a disruptive event lessens uncertainty and apprehension.
- Save Revenue – The more time you spend in downtime, the more revenue you’re losing. When you have a good disaster recovery plan at the ready, your operations will be up and running (and earning) faster.
- Speed Up Recovery – Once you know the steps to take before, during, and after an emergency, you can get your business back on its feet quickly.
- Take Responsibility – Having a disaster recovery plan is part of being a responsible business owner.
Risks of Not Having a Disaster Recovery Plan
It is critical for all businesses – from mom-and-pop stores to multinational companies – to have an IT disaster recovery plan. Without one, your business may suffer from the following:
Data loss occurs when data is accidentally deleted or corrupted and is usually caused by human error, viruses, or even natural disasters. Losing data can be catastrophic for businesses of all sizes. When you lose files essential to your business, you lose valuable time and money in recreating or recovering these files. If you suffer data loss, your business will lose valuable tools and information that you need to resume business as usual.
Crises such as data breaches, weather emergencies, and server downtime can be very costly, especially if you don’t have any plans to mitigate the damage. Server downtime alone has cost businesses more than $70 million over a five-year period.
The way that your company reacts to a crisis can make or break its reputation. Even large corporations can mishandle a disaster. When they do, it affects their company’s standing in the eyes of the public.
More often than not, companies that weren’t prepared for a disaster situation cannot easily bounce back from a crisis. Whether it be a weather crisis or human error, 75% of companies fail within three years after facing a disaster without business continuity plans and services in place.
Preparing an IT Disaster Recovery Plan
Normally, IT systems run in the background silently, but they are the backbone of many business’ operations. It is crucial to note that a disaster recovery plan isn’t just about protecting your hardware and software; it’s about determining a process to get back up and running.
Some business owners may believe that they don’t need an IT disaster recovery plan. This may be because their company is very small and streamlined, or because they simply think that their facilities are at low risk. Don’t fall into that trap – even supposedly “safe” facilities are vulnerable to human error, weather catastrophes, or hardware or electrical failures.
Developing a disaster recovery plan can mitigate risks and help your company bounce back from a potential crisis. Rather than putting pieces back together after the fact, you should put a plan in place before it. Here are some ingredients of a successful IT disaster recovery plan:
In every good IT disaster recovery plan, you should know what hardware and software you have, where you have it, and how you have it configured. Your disaster recovery plan should include a complete inventory of your IT systems and applications in priority order.
Begin your inventory by assessing your physical area. Look at your server rooms, data centers, network operation centers, or anywhere you store your IT equipment. Note the hardware, such as network gateways, routers, switches, physical servers, NAS and shared storage, and power supply equipment, then move on to your endpoints, like your VoIP and phone system, printers, access points, and workstations. Observe any special configurations in your setup and keep them in mind.
Next, take a look at your applications and software. Your hardware uses the following operating systems and applications to function: server software, locally hosted applications, cloud-hosted applications, and hypervisors, as well as any software configurations that can help you begin again after a disastrous event.
Organize Your Inventory
It isn’t enough to take inventory; you should organize it too. You should know where specific types of data exist in your IT infrastructure and label it accordingly.
Additionally, you should rank systems by their importance in running your business. For example, if you’re a manufacturer, you should place importance on the software that allows you to do your business, such as CNC machine tools, process-related machinery, and computer-aided manufacturing (CAM) software. Online retailers should put emphasis on their e-commerce functionality and the other systems that keep their website’s transactions secure. IT systems for logistics, inventory, safety, and security are also high up on the list of systems that are vital to your business, as well as environmental and sanitation systems.
One other way you can rank your systems is by dividing your applications into three tiers. In tier one are the applications that you need immediately and that you simply cannot do business without. Tier two should include applications that you are important, but you won’t need right away. Applications in tier three can be recovered within a few days.
Defining which software and applications are the most vital will help in the speed and success of the recovery. The goal is to provide a solution as soon as possible, and you can do that with a well-organized inventory of both your hardware and software. When you know what systems you have, you’ll also know what you need to do to restore those systems, how long that will take, and who will perform each task. That is the essence of an IT disaster recovery plan.
Estimate Costs in a Business Impact Analysis Report
Prioritizing your business systems are what makes up your business impact analysis (BIA). Your BIA should also note several important items, such as the costs associated with the failure of each IT system.
Calculating the cost of downtime will differ for each business, but a baseline measure would be to add up the lost revenue, lost equipment replacement costs, lost productivity, and intangible costs.
Estimate your lost revenue by calculating the revenue that your business makes in a month. See how much of this revenue depends on the uptime of your systems in your BIA report.
Downtime results in lost productivity. While estimating the actual loss of productivity isn’t an exact science, you can still make reasonable estimates. For example, if your system becomes the victim of a ransomware attack, your employees will not be able to work, and that results in 100% loss for the time that it will take to restore the system. To come up with the estimates, you should talk with your department heads so that you can calculate the lost productivity more accurately.
Typical replacement costs for IT includes not only physical items that need replacing but also third-party services for recovering lost data. Don’t forget to factor in the costs associated with unrecoverable data and the consequences of that data loss over time.
Intangible costs are difficult to measure but you should make sure not to leave out the intangible cost of these systems going down. Usually, they affect the branding of your business. For example, a virus that results in lost information would result in a loss of trust from your clients. Your business might then raise the PR or marketing budget to negate the trust lost.
A good and comprehensive disaster recovery plan should clearly define the roles and responsibilities of everyone involved. Having a clearly defined role will tell people what tasks need to be completed and who is responsible for what. This is especially important when you’re working with third-party providers and vendors. Everyone should be aware of their responsibilities in order for the disaster recovery process to flow smoothly and operate as efficiently as possible.
You should have plans for your entire staff. Make sure that they understand the process and what’s expected of them. You should also have a succession plan in case a key staff member is unavailable. It is vital that you have a list of the disaster recovery personnel, complete with details of their position, emergency contact information, and responsibilities.
Create a Communication Plan
Communication is critical. You should have a communication plan since the main communication platforms may be affected during a disaster, and you will need alternative methods of contacting your employees. Effective and reliable methods for communicating with employees, suppliers, vendors, and customers in a timely manner are necessary.
Have a Backup Worksite
Your disaster recovery plan isn’t just for your technology systems, but for your people as well. Your employees need a plan. If your primary office is not available, you should have an alternate site in mind. Make sure that your staff knows how to get there and that the backup worksite can accommodate them.
Test the Plan Regularly
An IT disaster recovery plan is a living document that should be tested regularly. A lot of things can make or break a good disaster recovery plan: a key staff member might have changed their phone number, your internet connection may be too slow to restore data in the expected amount of time, your backup hardware may have failed, and other events can affect your disaster recovery plan negatively. The only way to catch them is to test your plan regularly when you can still afford to fail.
Update the Plan Every Time There is Change
You should revisit your disaster recovery plan every time your toolset and staffing changes. New personnel must be acclimated to their role and new hardware may affect your procedures – it is better to do these in a controlled dry run.
These elements make for a good foundation for a complete disaster recovery plan. However, you should always make sure that you are paying attention to the details with each part of your plan. Before a disaster strikes, you should test backups and perform as many as you can, as well as define the details of how you will account for your assets, communicate with vendors, and make sure that you’re up and running again as soon as possible.
If these tasks are overwhelming you, you can engage an external resource such as NetStandard to help you put a disaster plan at the ready. We will assist you in putting an IT disaster plan in place so that you’re prepared for anything that will come your way. Contact us today for more details about our company and services.