According to FEMA and the US Small Business Administration, 40% of businesses do not reopen after a major disaster, 25% will fail within one year, and 90% will fail within two years of the disaster. It is essential for your business to be prepared and protected in the event of an unexpected event resulting in partial or complete data loss.
What is a “disaster”? Simply put: a disaster is a business interruption that degrades your service for a period of time. Whatever your sector of activity, you have essential data for the management of your company. But did you know that your data could be at risk? Hardware failures, hackers and security threats, natural disasters, or simple user error can potentially cause a disruptive incident that could cause you to lose important data for your business. In addition, there are several levels of disasters:
Local Disaster: This occurs in a very limited area and would include, your facility becoming uninhabitable, internet outages or a utility outage.
External disaster: this could be an event in another city that prevents one of your suppliers from responding to your requests or it could be a massive product recall.
Regional disaster: hurricanes, tornadoes, snowstorms or floods that affect a large area and a large number of people.
Ransomware: Malicious software/malicious attack that can lock down your data and systems. Often the attacker will threaten to release or block access to your data or computer systems, usually by encrypting it, until a ransom is paid to the attacker. In many cases, the ransom demand comes with a time limit.
Even the big boys; Microsoft, Google, Apple and Amazon have experienced significant outages. These companies use redundant power as well as redundant data centers to maintain continuity. If these players are having issues, how does your small business manage to maintain continuity or a disaster recovery plan? No matter the size of your business, you need reliable data backup and recovery. Your plan will include the following:
Recovery Time Objective (RTO) – What is your company’s recovery time objective? In the event of a disruptive event, do you need to recover that data in 15 minutes, 1 hour, 4 hours, 1 day, or 3-5 days without significantly impacting your business goals? This is how long it will take to recover from a disaster. This may be different for each disaster threat and should be carefully considered.
Recovery Point Objective (RPO) – When and under what circumstances will you need to recover? This is how much data you can afford to lose when you restart. For many companies, this is a day’s worth of data. For others, it may be as little as five minutes.
Business Continuity – Does your company currently have a comprehensive business continuity plan so that you experience minimal disruptions during a disruptive event.
Data recovery – Are you currently able to recover your data in the event of catastrophic system failures and data loss?
24/7 accessibility – Are your users in full productivity with 24/7 access to your server?
Security encryption – Is your data encrypted and protected against reading by external intruders?
All information should be evaluated at a high level. It is necessary to assess the risks, determine your priorities and have an effective plan.
A threat analysis such as assessing the likelihood of you experiencing a high-risk event, such as an internet outage lasting more than an hour or cyber sabotage versus a burglary or local storm, is necessary. A “threat matrix” will help you determine the worst-case scenarios for your business.
Next, what are your priorities regarding what to protect and how much? What is your plan and the testing and maintenance around it? Your disaster recovery plan is more about the people and the systems in place to support them in an emergency. How do you do business without your building, without your systems or without your people?
Review your cloud providers policy in case of breach and if your data is included, will you be protected. Also, confirm that your cyber insurance policy is clear on any data loss from your cloud provider.
A big part of disaster recovery is maintaining your plan. Although complete, routine updates are required. Employee lists with emergency contact information should be updated whenever there is a new employee or one is terminated for contact and security purposes.
Set a recurring service model every year to update your plan. The plan is only as good as the data it contains, which must be up to date. Whenever there is a major change in the corporate network, such as a new application, the plan should be updated.
Each year, the plan must be tested. This may take a long time and you may need to pay your engineers or service provider to achieve this. Without testing your full recovery plan, you really don’t know if it will work. Each time you test the plan, you will find things that did not work to your satisfaction. Some common questions are: can you run your systems from laptops or mobile devices? Is the system in the cloud? Can you connect to your corporate network?
Even though most of your applications and data are in the cloud, it is your responsibility to back them up regularly and verify that they are operational. Don’t just take your cloud provider’s word for it. Take the extra time and make sure you are 100% sure you can recover. Also check the cloud provider’s policy in case of breach or outage and if your data is included, you will always be protected. Add Cyber Insurance and make sure your policy is clear about data loss from your cloud provider.
To learn more, register for the PCG Disaster Recovery Webinar, presented by PCG and special guest Sean Crawley of Acronis, “The world leader in backup and recovery”.
Five Key Disaster Recovery Planning Tips
- Did you know you can have your servers running in the cloud in less than 30 minutes?
- Do you have a known recovery time and point objective to meet your business availability requirements?
- Are you sure that your local and cloud backups and data were not encrypted following a Ransom attack?
- Do you back up your Microsoft 365 platform (email, SharePoint, OneDrive)? 90% of companies are not!
- Do you have a backup ISP/internet provider that can switch over immediately?
Disaster recovery plan for your business: A timely and well-planned recovery can mean the difference between bankruptcy and survival for your business. Register today: https://register.gotowebinar.com/register/6968854657420707854.
JoAnn Hodgdon is vice president and co-founder of Portsmouth Computer Group (PCGiT) with her husband David. PCG provides its customers with comprehensive managed IT services, business continuity, security, cloud computing and virtual CIO services. You can reach her at [email protected] or atwww.pcgit.com.