Data is the lifeblood that enables businesses of all sizes to make critical decisions every day. Good data reveals insights into operational performance, areas for improvement, and revenue opportunities. Uninterrupted access to this information is paramount, which is particularly true for small-to-medium-sized businesses (SMBs). If SMBs are unable to easily access their data and IT assets, then business decisions are impacted, and opportunities could be lost.
The potential loss of data access is most acutely felt following a disaster. Disasters come in many shapes and sizes, including fire, flood, weather events, power outages, and even human error. A disaster or outage can cripple or completely stop business operations for an SMB if it has not taken the proper steps to protect itself. The ability to mitigate the impact of a disaster starts with understanding the key practices for ensuring business continuity. SMBs often neglect their business continuity needs because they are focused on keeping daily operations running smoothly. Considering SMBs account for a significant amount of IT spending each year and have a major impact on the national and global economies, if they aren’t prepared it can spell disaster beyond the immediate scope of their individual businesses.
The repercussions of a disaster can have a ripple effect across the business, starting with the loss of data, then productivity, and lastly (and most importantly) revenue.
Best Practices for Business Continuity Planning
To minimize the impact of a disaster there are best practices that every small business should embrace including:
- Employee safety. Communication during and immediately following an emergency can be challenging. It is important to prepare an employee safety and communication plan well in advance of an emergency. The plan should match the needs of the organization and include specifics such as how to communicate with employees following the disaster. Businesses need to gather and document a variety of information, ensuring that it is easily accessible and stored in a number of secure locations. Documents must include up-to-date employee contact information and a methodology for contacting them.
- Communication Protocols. Email is generally the easiest way to reach employees, however, there should be an alternative plan like a call tree or text tree if the internet is not available. Once created, it is essential to test and update the communications plan every six months. Testing will identify gaps in the plan such as out-of-date employee lists or contact information. It is also imperative to create a plan for distributing information to customers during and following a disaster. An organization’s ability to respond to customer needs following an event will have a direct impact on reputation.
- IT disaster recovery and business continuity. Historically, backup meant daily incremental and weekly full backups to tape or a dedicated disk backup target. Duplicate tape copies were created and shipped offsite for disaster recovery—typically to a site maintained by the business or to a tape vaulting facility. Many businesses still use this model and depending on their recovery needs it may be perfectly adequate for their business continuity strategy.
However, using offsite tape after a disaster to ensure business continuity can be painfully slow and limiting to ongoing activities. When creating an IT disaster recovery plan to support business continuity, organizations need to understand recovery time objective (RTO) and recovery point objective (RPO). RTO is the amount of time that it takes to get a system restored following a failure or disaster event. So, an organization might have an RTO of 48 hours or more. RPO is the point in time to which data can be restored following the event. So, if they performed a backup at 6pm and a server failed at 5pm the following afternoon, their RPO would be 23 hours and any data created during that window would be lost. For many organizations this is unacceptable.
Today users run applications from image-based backups of virtual machines. This capability is commonly referred to as “recovery-in-place” or “instant recovery.” Recovery-in-place dramatically improves RTO because operations can continue while primary servers are being restored. RPO is reduced as well—snapshot-based, incremental backups at 15-minute intervals are the norm.
Recovery-in-place enables organizations to run applications from the onsite appliance or from the cloud following an outage or disaster to ensure business continuity. This is commonly referred to as “cloud disaster recovery” or “disaster recovery as a service” (DRaaS).
Testing IT disaster recovery plans on a regular basis is essential. Historically, this was a difficult and potentially risky process. Today’s technologies and services have greatly eased the testing process.
- Continuity of operations. Organizations need to ensure that their business activities are not interrupted. Application downtime is just one factor that can impact the bottom line. However, there are a broad spectrum of possible considerations depending on the size and type of the organization, including insurance, training, facilities, and dependencies.
Implementing a business continuity plan for any SMB is like buying homeowners’ insurance. You hope you will never have to use it, but in the (increasingly more common) instances you do need protection, it will help keep your business operating, your customers online and your company and customer data safe.
Emily Glass is Datto’s Chief Product Officer (CPO), overseeing Datto’s Product Management and Scrum teams. Datto’s channel-only approach places a high value on partner satisfaction and Emily’s team is focused on building the most innovative, MSP-centric solutions in the channel, a focus that she drives in her role as CPO.