Roughly 40-60% of midsize businesses never reopen after a disaster. But, with the right disaster recovery and business continuity plan in place, the damage can be minimized. In this post, we’ll examine the common threats businesses face and how to create an effective disaster recovery plan to thwart them.
Disaster recovery plans used to be a luxury only large businesses could afford. In an era of growing cybersecurity concerns and increasingly common natural disasters, an effective disaster recovery plan is critical to the survival of every midsized business.
Why Midsize Businesses Need to Prepare for Disasters
90% of businesses that experience a disaster and don’t resume operations within 5 days go out of business within the first year. As a result, it’s critical businesses develop and maintain a disaster recovery protocol that makes it possible – and easy – to get back up and running within minutes instead of days or weeks.
An effective recovery plan is always on standby, ready to go into effect. It can be updated incrementally, without time-intensive system revisions, ensuring it scales with business growth. It’s cost-efficient and well-suited to the organization’s needs and what it can support. Therefore, it can help minimize revenue loss and get operations up and running as soon as possible.
But how do you build an effective disaster recovery plan? Here are 8 steps that will help you get started.
8 Steps for Disaster Recovery
#1 Set Recovery Goals
Before writing a recovery plan, you must assess the potential threats your facilities might face and their impact on operations.
Large, region-devastating disasters, like tornados, floods and hurricanes, make the headlines, but they aren’t the only threats to your operation. Hardware failure, hacking, ransomware, human error and power outages are constant, and arguably more damaging, threats which can compromise unprotected data. These disasters corrupt computer environments, destroy hardware, interrupt connections to service providers and destroy data.
After assessing potential threats and their probability, create your RTO (Recovery Time Objective), an estimated timeline for how long it will take to recover. This should be dictated by how quickly you need things to be back up and running. In each scenario, what assets and services are likely to be lost? Which are the most important to restore first? If an expedited recovery is what you need, it can often require more resources to speed up.
#2 Select A Data Backup Strategy
After setting goals for recovery, you must now select the right data backup strategy. Data backup is critical to any disaster recovery plan. Without the right preparations, a single storm or cyberattack can wipe out all of the data a business needs to function. When selecting a backup strategy, there are two keys to look for: redundancy and security.
Redundancy means backing up your data in more than one way and location. Properly managing the location and type of backup ensures that no single point of failure or disaster can debilitate your business.
Security means that your data is protected from disasters and other threats, remaining accessible to your organization and inaccessible to everyone else.
There are two different ways of conducting a data backup: physical and cloud.
Physical drives are simple to use and easy to scale. But they’re just as vulnerable to disaster as the data they’re backing up. It’s also difficult to separate the backup drive and original source while maintaining backup frequency. This is because the two devices need to be physically next to each other to backup, but also stored on separate locations for security. When disaster strikes, a physical hard drive backup on the same site as the original isn’t much of a backup.
For midsize operations, allocating an additional facility – just for storing drives – often isn’t feasible. For larger organizations, it becomes difficult to scale, as large quantities of data will require mountains of hard drives.
Cloud backups upload and store data in the cloud, offsite and disconnected from your network. This transfers the burden of redundancy and security to an external location. Cloud backups are an extremely cost-effective solution. They also make it easy to conduct automatic backups, which places less demand on operating personnel to manually back up mountains of data every week.
Cloud backups also are much easier to scale than physical storage. Instead of purchasing and maintaining new drive assets, the SaaS nature of cloud backups makes changing storage amounts as easy as upgrading or downgrading a subscription plan.
#3 Implement Data Backup
After selecting your backup method, you must implement it. Here are the best options depending on which path you choose.
For physical storage, one way of creating redundancy is by utilizing dual data centers that run with data mirrored and synchronized. This eliminates downtime, enables a quick recovery and gives organizations total control over the data. But it’s also very expensive and resource intensive – so it’s usually only viable for large companies.
An alternative to this is internal recovery. This involves leveraging more than one facility to store data from all facilities at an offsite location. In the event of a disaster, the information can be sent to other facilities to restore the functions and services of the downed location. This has similar benefits and challenges as mirroring and synchronization, providing a high degree of control while requiring more resources to function.
For cloud backups, there are two different approaches. The first is to store backups on a specialized appliance onsite and then securely transmit data to the vendor data center. During transmission, data is deduplicated, condensing and removing duplicate files.
The second method is to send the backups directly from your facilities to the vendor data center, during which data is deduplicated.
The main difference between these two options is the presence of an onsite device. It adds another layer of redundancy to the system. However, for some users, this may be unnecessary.
#4 Establish Data Backup Frequency
After implementing, the next step is to establish a backup frequency and RPO (Recovery Point Objective), the time that might pass during a disruption before the data loss exceeds a business’ tolerance. This could be hourly, daily, weekly or continuous. But be wary – the longer the period of time between backups, the more vulnerable you are to critical data loss. Because of this, data should be backed up as frequently as needed to ensure any data loss is manageable.
Whichever approach and frequency you choose, it is critical to know where your backups are being stored. If you decide to back up your data on the cloud through a vendor, look into where their facilities are and how they store your information. This will ensure that you’re not partnering with a company that operates with inadequate facilities for redundancy or with facilities in locations that are vulnerable to the same natural disasters you’re trying to protect yourself against.
#5 Identify Roles & Responsibilities
An effective recovery plan clearly specifies who is accountable for each task. Every accountability, no matter how small, needs to be assigned an executor and given a timeline.
Larger companies often have dedicated recovery staff to handle these responsibilities in house. For midsize companies, partnering with a managed service provider is the most efficient option from a cost and resource point of view.
#6 Define the Communication Strategy
A disaster recovery plan only works if there is a protocol for reliable communication. Thus, a plan that relies on using company landlines to contact key personnel and vendors will fail when phone lines fail. A diversified communication strategy, one that utilizes a combination of company phones, mobile devices, email, and online messaging, is the most reliable. Similarly, an unclear plan that leaves personnel unsure of who to contact will lead to bottlenecks and prolonged outages.
A comprehensive contact list is a great way of accomplishing this. This could include key personnel, vendors, suppliers, property owners, utilities service providers and technical support. Like the recovery plan, the contact list should be accessible to all stakeholders during a facilities failure. This helps ensure that the right people are in place to execute the recovery plan.
#7 Create an Equipment Inventory
Another element of an effective recovery plan is to create a comprehensive inventory of hardware, software, and data that your business uses. Create a hierarchy of what information and assets are most critical. This ensures that all essential data is backed up, and anything not backed up is expendable.
Each entry for inventory should include critical asset information such as make, model, function, ownership and cost. Setting a frequency for how often the inventory list will be audited helps keep a relevant and accurate guide of what assets are in play.
For software and applications, have copies and additional licenses so that they can be easily reinstalled on new equipment and utilized by staff working remotely during the recovery process.
#8 Devise an Update Schedule
The final step for creating a recovery and business continuity plan is to devise a protocol for keeping it up to date. Once all data has been backed up, conduct frequent test runs to make sure systems are functional.
With a plan and resources in place, as long as you continue to periodically maintain and upgrade the system, it will be able to protect your business for the foreseeable future.
Developing and implementing a disaster recovery plan is crucial to minimizing downtime and shielding your business from data loss. Hopefully, the steps outlined above will help you get a jumpstart on building a better business continuity plan for your business.