In 2011 alone, the Northeast weathered a tornado, a hurricane, an
earthquake and an autumn blizzard. While these natural disasters can
devastate the natural environment, they can also devastate a company’s
IT infrastructure. Yet, Gartner estimates that only 25 percent of small
to mid-sized businesses have a comprehensive disaster recovery plan (DRP) in place.
What is a DRP? It’s a documented process or set of procedures to recover and protect your small business infrastructure in the event of a disaster.
With the tornadoes, hurricanes and snowstorms that sweep through the
U.S. each year, it’s critical for businesses to develop a comprehensive
DRP, which can save significant amounts of time and money in the event
of a disaster. Keep in mind disasters may encompass more than weather –
think Internet threats and theft.
Following these disaster recovery plan tips can help you to create a
DRP that addresses both human-generated threats and environmental
disasters.
5 Essential Disaster Recovery Tips
1. Disaster Recovery Plan Basics
A company’s DRP should include a thorough document that details the
ins and outs of the plan, from emergency contacts through succession
planning. While creating this plan may require a significant up-front
investment, it can prevent companies from becoming one of the
unfortunate 10 percent that eventually fail because of a disaster.
2. Understanding Threats & Consequences
One key piece of developing an effective DRP is to understand the
threats that your organization may face and the impact those threats can
have on both day-to-day operations and your long-term business success.
For example, if your company’s phone system were to fail, personal cell
phones could provide a temporary solution. This is a seemingly minor
challenge with a relative simple fix.
Large-scale disasters require more careful planning on behalf of the
business owner and management team(s). How can business continue if a
storm strikes and power goes out for more than a week? What will happen
if the data backup storage center fails?
To address these concerns in the DRP, start by creating a list of
potential disasters and ranking each one based on the likelihood of
occurrence. With the list and rankings complete, identify the level of
impact each one would have on your business and briefly outline the
specific consequences for your business. This will provide a framework
for what issues you need to include in the plan.
Remember, there isn’t a one-size-fits-all disaster recovery plan.
Likelihood and impact rankings will vary widely by industry, geography
and company size. For example, a company in California that is located
near a significant fault line is considerably more likely to experience
an earthquake than a company on the Northeastern coastline.
3. Prevention, Detection & Correction
Your company’s disaster recovery plan should include three key types of measures: preventative, detective and corrective.
Preventative measures are designed to mitigate or prevent an event
from happening. These measures may include keeping data backed up and
off site, using surge protectors, installing generators and conducting
routine inspections.
Detective measures may detect or uncover unwanted events. These
measures include installing fire alarms, using up-to-date antivirus
software and holding employee training sessions.
Lastly, corrective measures focus on fixing or restoring the systems
after a disaster. Corrective measures may include keeping critical
documents in your DRP or securing proper insurance policies.
These measures are particularly important for small businesses since a
recent National Federation of Independent Business National Small
Business Poll revealed natural disasters have affected more than 30
percent of all small businesses in the U.S.
4. Address Data Loss
A study by Kroll Ontrack reveals that 65 percent of organizations
experience frequent data loss from virtual environments. As more
companies transition to
cloud-based solutions, without the proper precautions, this problem will become increasingly common.
What causes data loss? Oftentimes, the loss is due to file system
corruption, deleted virtual machines, internal virtual disk corruption,
storage/server hardware failures and deleted or corrupt files. The good
news is that proper data backup can prevent these problems from
disrupting workflow or losing key data.
If your company works with an outside vendor for its IT backup, ask
the following questions before surrendering all physical access to
files:
- Who exactly is managing my data?
- How is my data backed up?
- What happens if you lose my data?
5. Test the Plan
Once you have created the initial DRP, it is important to test the
plan. Employees should be thoroughly trained on their role(s) in
executing the plan and feel comfortable fulfilling their role(s) in the
event of a disaster. Be sure that all employees have virtual and remote
access to these positions and job functions in the event of a disaster.
Immediately following the test, address any shortcomings or failures.
Since a company’s business and IT environment are both constantly
changing, it is important that you consistently update the plan to
reflect these changes. This minimizes the potential for workflow
interruption and data loss in the event of a disaster.
While building a DRP requires small businesses to make a significant
investment of time and, in some instances, money, the DRP is critical to
the continued success of the company. As the old adage says, hope for
the best and prepare for the worst.