The Importance of Disaster Recovery Planning, Part 2: Preparing for the Worst

The Importance of Disaster Recovery Planning, Part 2: Preparing for the Worst

Since we published our previous article about disaster recovery planning in August, things haven't gotten much better for people and businesses in the southeastern United States.

Most estimates suggest that Hurricanes Harvey and Irma combined to cause more than $100 billion in damage -- and the 2017 Atlantic hurricane season isn't over yet. It's always important for a business to have a disaster recovery plan in place. When natural disasters actively threaten your company's survival, though, you can't afford not to have a concrete plan.

This month, we're sharing some more tips that can help.

Identify Your Risks and Essential Services

If your business adds new technologies as you require them, it's likely that your IT structure has become somewhat complex. You may operate some services from your office. Other services may reside on cloud networks. Still, others may exist in traditional data centers.

Begin by making a list of the risk factors affecting your company's services. Some of the potential risks affecting an in-house service, for example, may include hacking, an office fire or a natural disaster. Remember that not all of your services may be digital. If you answer customer service calls in your office, that's an essential service.

Next, list the steps that your company takes to mitigate the risks that threaten your services. Suppose, for example, that one of your essential services is a customer database that resides on a server within your office. You might mitigate the risk of hacking by connecting the server to a firewall that blocks unauthorized access attempts. A cloud-based backup can mitigate the risk of data loss.

Complete your list by describing what your company will do to continue offering its essential services if your solutions for risk mitigation fail. You could set up a cloud-based mirror of your customer database, for example, that's ready to go live automatically if your in-house server fails.

If you can build a list like the one we've described, you'll have a bird's-eye view of your company's disaster preparedness strategy. If you know what your businesses' essential services are and can confidently say what your company would do if those services failed, you're ready to handle almost any calamity.

Stop Online Threats Before They Can Cause Damage

A natural disaster can happen almost anywhere. No one controls the natural processes of the planet; all that you can do is understand your risks and prepare for the worst.

Thankfully, natural disasters are rare -- but they aren't the only potential threats that your company faces.

In 2016, hackers successfully penetrated networks or services belonging to more than half of the small businesses in the United States. When you aren't dealing with hacking attempts, you're trying to protect your company from ransomware or DDoS attacks.

When the term "national crisis" is used to describe the state of cybersecurity for SMBs, it's not hyperbole. The more disturbing part is the many business owners, willfully or not, remain unconvinced about taking action when it comes to safeguarding their digital assets.

"Most small-business owners don't think they're at risk. As a result, it's fair to say they are indeed ill-prepared to safeguard against an attack," said Bryan Seely, a network engineer famous for hacking into the FBI. He now teaches on online course in ethical hacking for Udemy.

A survey published by Manta last month shows that 87 percent of small-business owners don't feel that they're at risk of a cybersecurity attack, and 1 in 3 small businesses don't have the tools in place — firewalls, antivirus software, spam filters or data-encryption tools — to protect themselves.

"The general majority of small-business owners don't have an IT person. It's not the first place they spend their money," said John Swanciger, CEO of Manta. "They're really relying on themselves to update their software and check for security patches."

The war that criminals wage on businesses is intense and unyielding -- and criminals improve their techniques every day.

One of the best things that you can do to protect your business from online threats is to foster a corporate mindset in which every employee understands the contributions that he or she must make to ensure the safety of your company and its data.

Providing security awareness training for your employees is a good way to begin. Hold classes in which your company's trainers or IT workers explain how to recognize an unsafe file attachment or social engineering attack. Teaching your employees to regard any unknown website, file, phone call or social network message with skepticism is a great way to stop hackers' attacks before they can cause damage.

Create a Plan to Protect Your Company's Most Valuable Resources

It's impossible for your company to operate without its critical services. A natural disaster could wipe out your business's ability to manufacture products, fulfill orders, handle customer service issues and more.

It is crucial, then, to have a plan in place for the continuity of those services following a disaster. In creating your plan, though, don't forget that none of your services can operate without the people who make them work.

Your company's greatest resources are the employees who answer the calls, pack the orders and keep the servers running. Your recovery plan should include steps for checking on -- and potentially securing medical care for -- employees following a disaster. You may also need to have a plan for securing temporary housing or relocating your employees to a new office.

Depending on the size of your business, you might need to consider implications the Family and Medical Leave Act (FMLA). While not technically a technology issue, this is still an issue that concerns your most valuable resource - your staff. Employees that are affected by a natural disaster can be entitled to leave in the unfortunate case of a serious health condition as a result of the disaster.

It's best to get the advice of a qualified employment attorney on this matter, but it's absolutely something that should be a part of your disaster preparation checklist.

Notify Your Customers During Difficult Times

No matter how thorough your company's recovery plan is, a severe event has the potential to temporarily disrupt services such as customer care and order fulfillment.

During a catastrophic event, your customers will understand that you're working as hard as possible to restore your services -- but you need a notification plan. Use your website and social media accounts to tell your customers what's happening, what services the event affects and how long you expect the recovery process to take.

Take Action Now

We hope part two of this primer will be helpful with your internal efforts to be prepared. As one of the leading providers of managed IT services we can tell you first-hand the kind of peace of mind being prepared brings.

Having a trusted technology partner on-call can be a business owners ace in the hole. The other aspect to consider is that sometimes you don't need a natural disaster to require a little help.

When an important email goes missing, or a nasty piece of malware spreads throughout the office it can feel like a disaster.

It doesn't hurt to ask questions right now. A cloud-based data backup solution from a trusted outsourced IT partner means you'll always have someone to call in your time of need.