By Sean Derrington
As we enter into 2018, many organizations will be solidifying their fiscal and strategic plans for the new quarter or year. Unfortunately, many of those plans may not include disaster recovery or business continuity planning – a mistake as all organizations benefit greatly from having proactive tactics in place in case of emergencies. The fact is, experts will look at 2017 as being one of the worst on record in the U.S for natural disasters and often, it is the smaller businesses that suffer the worst.
Former Joint Task Force Katrina Commander Russel Honore was quoted on the Fox Business Network with this sobering statistic: “You know the old numbers, 40% of small businesses don’t survive these events because the grid doesn’t come up, they don’t have the workers and the people that they used to work for are not open.”
Let’s review some of the nastiest natural disasters of 2017:
- Hurricane Harvey unleashing its fury on Houston while only days later, hurricane Irma was barreling down on the Florida Gulf Coast. The damage caused by the two storms is still being assessed and could reach $100 billionor more.
- Puerto Rico, where Hurricane Maria tore through the island – devastating the infrastructure and leaving millions without power or drinking water for months. Reports indicate costs could be upwards from $45 to $95 billion.
- The fires that raged through the California Wine Country in October, hospitalized hundreds, killed more than 40 people and caused an estimated damage of $6 billion, according to recent reports. Likewise, devastating fires swept through Southern California a couple of months later – destroying hundreds of structures and charring hundreds of thousands of acres.
Given these sobering facts, organizations should make disaster recovery and business continuity a cornerstone of their 2018 planning. The ability to get any business up and running again often depends on several factors before a crisis hits, so that mission-critical data and systems can be recovered as soon as possible. The following are tips to help small businesses develop disaster recovery plans and drills, as well as business continuity plans.
What is a Disaster Recovery Plan and Disaster Recovery as a Service?
A Disaster Recovery (DR) plan outlines the technology, processes, and procedures to recover critical IT business data, with the prime objective of minimizing downtime after an emergency or crisis so that your business can be up and running as soon as possible.
Organizations should work with its IT or managed service provider team to create a DR plan that will list the steps necessary to recover networks, servers, laptops/desktops, data and connectivity.
- Data Protection: A small businesses should work with their IT department or solution provider to ensure offsite backups are successfully running including monitoring services and the ability to boot up a VM (virtual machine) from the cloud as quickly as possible. As such, the DR plan should identify high-priority servers that are hosting valuable data, because they are the most critical for prioritizing backups.
- Colocation of Servers: One way to guarantee that on-site servers have a back-up is to consider colocation (or colos). Colos enable a business to rent space for servers and other hardware at a different location. This is most helpful for businesses whose data or application is tightly integrated with the hardware. A DR plan should note the location and contacts for the colo provider and have arrangements in place to access data in times of emergency or crisis.
- Have a Robust VPN Solution: Many natural disasters make it impossible for employees to reach their office. But in many cases, employees can keep working with a reliable VPN connection from home. Therefore, having a robust VPN solution is among the most important services a small business can have. When creating your DR plan, you can outline who has access to the VPN as well as how to access to VPN during times of crisis.
Disaster Recovery Drills:
While many small businesses conduct fire drills, they don’t often consider conducting a DR drill; yet a DR drill is paramount to checking the efficacy of disaster and business recovery plans.
Four key steps to consider including in a drill are:
- Review Your Data Disaster Recovery/Business Continuity Plans: A good first step is to conduct what Georgetown University calls a “table-top exercise” with key stake-holders including the IT department/solution provider, department managers, communication team and vendors to review the plans and go over processes and procedures.
- Test Your IT Systems/Infrastructures: Conduct a trial-run checking the performance of key elements of the DR plans, including back-up systems, servers, applications and more. Ensure that all business data is being backed up at regular intervals so that business-critical information will be accessible after a crisis. Create lists of equipment/applications and other critical systems that fail to work during the drill.
- Upgrade/Fix Equipment/Applications and More: During the drill, you may notice that certain systems are not operating at full capacity and might have some discrepancies. In addition, it is important to discover more effective means for accessing critical systems during an emergency. This is an opportunity to work with your IT team/solution provider to fix, upgrade and modernize your existing IT infrastructure.
Some extra resources to help create a DR plan:
- IT Disaster Recovery Plan– from the Department of Homeland Security
- IT Disaster Recovery Plan Template– from Search Disaster Recovery
From Disaster Recovery to Business Continuity
A business continuity (BC) plan can be a part of a small business’ disaster recovery planning. It is additive to a DR plan though because it plans for the recovery of the entire operations of the organization – not just its IT systems.
A solid BC plan will include a set of risk management principals. This means identifying all possible threats to an organization’s capital and earnings and outlining steps to mitigate such risks.
It will include for example:
- Emergency team names and contact details
- Lists of mission-critical equipment
- Lists of vendors and suppliers
- Lists of vital records and critical business documents
- Lists of minimal operational requirements to resume business
- Communication plans to important company stakeholders including employees, board of directors, customers, and more
The following is a helpful resource for Business Continuity Planning from ReadyGov
You never know how and when disaster will strike. But what you can do is to assess your biggest risks and prepare for the worst. At the end of the day, disaster preparedness is the key to disaster recovery. And for any business, preparedness could be the difference between making it beyond 2018 and into 2019…or not.
Sean Derrington, is a Senior Director of Product Management at StorageCraft and is responsible for all aspects of Product Management, Product Marketing, and Marketing. Prior to StorageCraft, Sean worked in cloud product management as well as enterprise product management at Symantec. He is a graduate of Carnegie Mellon University in Pittsburgh, PA.