Do You Have a Disaster Recovery Plan?

Close your eyes, and imagine your business five years from now, in a tight spot: the latest ransomware virus just crippled your system, a hurricane just took out your office, and John from Accounting just accidentally deleted half your database. You’ve lost all your critical information, your systems, and your ability to function. In other words, you’re toast.

Aberdeen Research estimates the average cost of an hour of downtime at $8,000 for small businesses, $74,000 for mid-sized companies and $700,000 for large businesses, and it’s quickly becoming clear to you how accurate that number is. It’s the cost of not looking ahead.

What is going through your head in this moment? What do you do? Well, first you wish that you could rewind five years. You wish that you had prepared for this. You wish that you had a Disaster Recovery Plan.

Open your metaphorical eyes. Congrats – you’re young again! Now what’s the first thing you’re going to do? (No, don’t fire John, maybe just change his permissions). That’s right! Get to work on your Disaster Recovery Plan, otherwise known as your Business Continuity Plan.

The goal of such a plan is to lay out a strategy to get your IT up and running after a disruption, so that your business can continue to function. It’s your “rainy day” preparation, ensuring that you’re not caught off guard when the near-inevitable disaster happens.

The first step is to perform a Business Impact Analysis. This involves a detailed list of your company’s critical business functions, IT infrastructure, and services supporting the organization. It outlines the consequences if these items are compromised. Your BIA should include the following:

With your BIA complete, the next step is your Risk Assessment. As the name implies, your Risk Assessment is a complete examination of the threats faced by your organization, and an analysis of what those threats might look like in action. It will consider the dangers posed by Hurricane Gaston, SamSam Ransomware, by John from Accounting. Below is an example of what your Risk Assessment might look like:

Phew, you’re done! Sort of. Your business continuity needs will change over time, and it is as important to review and update your plan as it is to create on in the first place. If your plan today doesn’t take into account cloud storage backups, for instance, you might have some work to do. The following graphic from ComputerWeekly is a great guide, providing the essential steps for your IT team to review every few months.

Because data backup and IT recovery are so crucial for business continuity, it is strongly recommended that you work closely with your IT support to ensure that a strong plan is in place and tested regularly. If you have concerns about your recovery plan, talk to your IT staff immediately.