Thousands of years ago our nomadic ancestors decided to settle into more permanent homes. People have adapted and grown accustomed to the culture, physical landscape, and weather conditions tied to the area and community in which they reside.
However, when day-to-day routines start to seem normal and monotonous, Mother Nature has been known to rear her ugly head and create havoc among the masses.
It is becoming more and more apparent that the effects of global warming are affecting the frequency and magnitude of natural disasters occurring on our planet. Hurricanes, earthquakes, floods, blizzards, and wildfires are all threats to people want to avoid. Unfortunately, these threats are becoming more and more common.
Nevertheless, when we read devastating morning news headline recounting the latest disaster to take place, we tend to only think about the people affected, the loss of homes, and the damage to personal belongings. But, how often do we think about its impact on local businesses?
Natural Disasters; Not The Only Culprits
Business leaders already have a lot on their plate. In addition to the disastrous effects a naturally occurring tragedy could have on their business, leaders also have to worry about man-made and isolated incidents such as cyber-attacks, human error, equipment failure, and system disasters.
Every business leader knows how important it is to safeguard their data in case of such catastrophes. Unfortunately, most businesses do not take preventative measures to safeguard their business against threats until it’s too late.
IT disasters are costly.
- FEMA reports that roughly 40 to 60 percent of small businesses never reopen their doors following a disaster [Resource].
- Damage from a disaster could linger for as long as two to three years.
- Some businesses may find themselves closing for days or even weeks, never recovering from the revenue lost when their doors were forced to close.
- Few businesses have the capacity to shut down for any length of time and still survive long-term.
- Many customers expect prompt delivery of products and services. If there is a delay, the business faces the risk that customers may seek out competitors.
- Organizations without a disaster recovery plan might lose business to competitors who can demonstrate they have an actionable plan already in place.
- Some disasters may overwhelm the resources of public agencies who may not be able to reach your business in a timely manner.
- News travels fast, so businesses need to be able to reach out to customers and stakeholders quickly to extinguish their concerns. [Resource].
If you don’t want your business to fall victim to one of these statistics, you’ll need a solid disaster recovery plan in place before a disaster leaves your business paralyzed.
Disasters Happen Regardless if Your Business is Prepared
Unfortunately, the discussion of disaster recovery preparations can one of those uncomfortable topics people tend to avoid. Either business leaders fail to plan at all, they underestimate the level of risk facing their business, or they are simply overconfident in their ability to recover and maintain operations following a disaster.
So, how assured are you in your business’s ability to recover following a disaster? Get the Comprehensive Guide to Disaster Recovery eBook and find out!
Determine If Your Business’s IT Systems are Vulnerable Prior to a Disaster
Are your hardware & software applications standardized?
By having business-essential hardware and software applications standardized, you’ll have less to worry about post-disaster.
If any applications are damaged, need repair, or need to be entirely replaced, having a standard set of applications will allow you to recognize which vendors need to be contacted immediately should new copies of software programs or hardware components be required.
Additionally, with a standardized set of applications, there will be less risk of system incompatibility issues arising due to the installation replaced parts.
Have you satisfactorily gathered an inventory of all IT-related components?
Quickness is key when dealing with IT issues that arising post-disaster. By gathering an inventory of all IT-related components such as technological manufacturers, IT system specifications, and other specific details about business applications, issues can be addressed more quickly.
Is your network properly documented?
Having a documented catalog of your network is crucial when trying to determine what specific applications need repair following a disaster.
Have your systems undergone a preliminary risk assessment test?
Right from the start, you’ll want to create a general outline of the risks each component of your IT system might encounter. This will allow you to be cognizant of future issues and allow you the ability to tackle any potential issues before they even occur.
Do you routinely test the effectiveness of your IT disaster plan?
Think of it as a fire drill for your computer. Having a disaster recovery plan in place is an excellent first step, but without routine tests and maintenance, there is no guarantee the plan will work at the time when it’s needed the most.
Do you have a 24/7 off-site backup facility that can restore and run processes immediately following a disaster?
Having an off-site alternate backup facility that stores your organization’s data in case of a disaster is indispensable. By housing data in an off-site location, you can increase the probability of maintaining business continuity and preventing data loss.
While cloud computing is a popular option, having a physical backup facility in an off-site location can help restore and run processes immediately following a disaster. Two off-site backup facility options you can have available are either a hot or cold site.
- Hot Site: A hot site is a disaster recovery location that has equipment already set up. This 24/7 facility has your business’s current data and is ready to be implemented as soon as employees walk in the door.
A hot site is a better option for businesses with critical data or for businesses where any downtime in operations is deemed unacceptable.
- Cold Site: A cold site, on the other hand, is a facility with little to nothing set up. When employees walk into a cold site following a disaster, equipment will need to be erected, software will need to be loaded, etc.
Since cold sites are unused until after a disaster occurs, this helps keep costs down. To get a cold site up and running there will need to plans put into place to account for setup time and resources.
Do you have plans in place for backups & systems but ignore people & processes?
Before a disaster, recovery efforts tend to focus on the technological aspects of the business. However, it usually isn’t until disaster strikes that leaders are faced to realize the fact that they’ve ignored the people and processes responsible for carrying out their disaster recovery procedures.
Think about it: a disaster may impact the very people accountable for executing your business’s recovery plan. Having people ready and available when disaster strikes is crucial. Sometimes, working with an outside partner can make all the difference.
If you answered 'no' to any of the questions 1-6 and 'yes' to question 7, then you may need to take a closer look at your company's disaster recovery plan.
Developing Your Disaster Recovery Plan
Even if your organization is located in a low-risk area for natural disasters, man-made and isolated incidents pose an ever-present threat. Luckily, with the help of the following guide, the road toward preparedness does not have to be overwhelming.
The purpose of this guide is to help your business understand potential threats, take steps necessary to prepare and recover after a disaster, and close any gaps you might currently have in your disaster recovery efforts.
Step 1: Establish a Disaster Recovery Team
While senior management’s backing and support is vital to the success of your business’s disaster recovery plan, gaining buy-in across your organization is the most important element to a successful disaster planning strategy. An effective strategy cannot be implemented without the help of others, so building a capable team will set you up for success in the future.
Involving employees in the disaster response planning process helps promote a company-wide culture of preparedness. If there was a fire in the building, would your employees know what to do? Are they familiar with their individual responsibilities for building and information security? Could they carry out their assigned responsibilities during a crisis?
Determine Team Roles
In order to function properly, disaster recovery team members should each have defined roles, responsibilities, and tasks. The distribution of roles can vary depending on the size of your organization.
Keep in mind, an employee’s role in the disaster recovery team may not necessarily correlate with their current job description within the company.
A program coordinator should be assigned by management to lead the development of the disaster recovery program. He or she will guide the development of the disaster plan and communicate essential aspects of the plan to all employees.
The rest of the disaster recovery team should include employees with knowledge of all aspects of the business. Their areas of expertise should include:
- Human Resources
- Facilities Management
- Information Technology
Furthermore, including external team members in your disaster recovery team may prove to be beneficial in an emergency. By opening lines of communications with members of public services, contractors, vendors, etc., your business’s unique challenges will be better accommodated during a disaster.
Consider developing relationships with:
- Emergency Medical Services
- Law Enforcement
- Fire Department
Step 2: Perform a Total Risk Assessment
The challenges your business faces are as unique as your business itself. Before launching any disaster recovery plan, you as a business leader should first reflect on circumstances unique to your organization. It is imperative that all possible risks are fully examined alongside their associated repercussions.
By examining both internal and external risks, your business can continue to satisfy its obligations to clients, stakeholders, and the community. Some areas of potential risks to examine include the potential for natural disasters, human error, and system error to occur.
You could investigate your area’s historical records for any recurring natural events. You could also consider your business’s physical location and its accessibility to highways and proximity to shelter and other places of refuge.
If this all seems a bit overwhelming, FEMA provides an easy risk assessment table complete with instructions that can be used to get an idea of items to include in your business’s risk assessment [Resource].
Risk assessment is a process used to:
- Identify any potential hazards
- Analyze the business impact if that hazard occurs
In addition, a complete understanding of the hazard’s ability to impact an organization’s business-essential operations is a must. Through proper examination and prioritization of their impact, you can focus on delegating disaster recovery efforts to the most effective areas first. But how can this determined?
One way prioritize risks is by creating a full list of potential risks your business could face and for each risk examine the probability it would occur.
Then, determine the impact it would have on your business. Is the risk of a fire burning down your building more likely occur than a tsunami?
Here’s a simple formula: Risk = Probability x Impact
Example: Probability of a Risk Occurring & Impact (in potential dollars lost)
If you place a dollar value on the impact, you can then quantify the risk and compare one risk factor to another in a simple way.
Probability of Building Burning Down (1) * Impact (2 million dollars) = 2 million dollar loss
Probability of Data Breach (3) * Impact (2 million between lost productivity and lawsuits) = 6 million dollar loss
Preparing for a Data Breach would, therefore, take priority.
Both threats have the potential to affect business operations. However, you’ll want to focus mitigation efforts on the risks with the highest probability and greatest impact first.
As you conduct your risk assessment, be on the lookout for vulnerabilities that could make an important asset more susceptible to damage.
Vulnerabilities to be on the lookout for include deficiencies in building construction, loss prevention programs, protection systems, process systems, or overall IT security.
Step 3: Create a Business Impact Analysis
What are the bare minimum functions that need to operate in order for your business to survive post-disaster? That answer depends on your organization.
By conducting a business impact analysis, you will identify time-sensitive or critical business functions, including the resources that support them, in order to get your business back up and running as quickly as possible following a disaster.
Business Impact Analysis
A business impact analysis will determine all operational and financial impacts that would result from a disruption in the normal business process.
Potential impacts your business may face following a disruption include:
- Delays on future business plans
- Lost or delayed sales and revenue
- Increased expenditures (ex: overtime labor, outsourcing, etc.)
- Customer dissatisfaction
- Impacts due to the timing of a disruption (ex: a brick-and-mortar store damaged weeks before the holiday shopping season)
- Impacts due to the duration of a disruption (ex: a power outage lasting a few minutes vs. a power outage lasting a few hours)
How to Conduct a Business Impact Analysis
Use this worksheet like a questionnaire to survey those in your business with detailed knowledge of everyday operations, and ask them to pinpoint the prospective impact an interruption would have on the business functions they are responsible for.
This worksheet should help identify the fundamental processes and resources needed for the business to continue to function at different levels following a disaster.
Once completed, the worksheet can then be analyzed and the order of events needed to occur in order for the business to be fully restored need to be prioritized. Ideally, business processes with the greatest operational and financial impacts should be restored first.
Step 4: Develop a Recovery Strategy
Determine what Resources are Needed for Recovery
Following any disaster that disrupts business operations, resources will be needed to carry out recovery strategies and restore normal business operations. Resources can emanate from within the business or through a third party. Resources include people, facilities, equipment, materials, and IT.
A recovery strategy is a well-executed plan created to restore business operations to a minimum acceptable level following a business disruption. The strategies should be prioritized by their operational and financial impacts as determined by the business impact analysis.
Some recovery strategies may involve entering into a partnership with a third party. Some recovery strategies may involve relocating activities within the company.
Staff with a comprehensive understanding of business functions and processes are in the best position to determine what recovery strategies will work and what won’t. Possible alternatives should be investigated and presented to management for approval.
IT Recovery Strategies
Recovery strategies should be developed for information technology (IT) systems as well. Think about your networks, servers, desktops, laptops, wireless devices, data, and connectivity. The recovery plan put into place for IT recovery should be consistent with the priorities developed during the business impact analysis.
Internal Recovery Strategies
Many businesses function at multiple locations. Hardware at one location can be configured to run similar hardware and software applications at another location.
Third-Party Supported Recovery Strategies
Third-parties can provide hot sites for IT disaster recovery. Business can provide their own equipment, software, etc., and store it at the hot site until ready for use.
Third parties can also host and manage data streams, data security services, and applications. Through the cloud, IT information can be accessed at the primary business’s location or any alternative location if necessary.
If a third party detects a disruption in operations at any of the client’s locations, the third-party can automatically hold data until the client’s system is restored.
Step 5: Backup all Data
With total risks assessed, a business impact analysis created, and a recovery strategy developed, it is now time to safely store and backup these disaster recovery plan components alongside your other significant business data.
Keep in mind, data can be compromised, lost, stolen, or corrupted through hardware failure, human error, or even hacking following a disaster. Loss of important company data could result in significant damages that may be hard for your business to recover from.
Developing a data backup strategy starts with identifying what essential data needs to be backed up. Next, scheduling backups periodically helps validate that data is always accurate and up-to-date. Data should be backed up as frequently as necessary to ensure that if data is ever lost or stolen, it is not a detrimental loss to the business.
Along with hard copy records and information that can be scanned into digital formats, data on network servers, computers, and wireless devices can be backed up to a network server. The network server can then be backed up as well.
Tapes, cartridges and large capacity USB drives are also an effective means for businesses to backup data. All backups should be stored with the same level of security as the original data.
Step 6: Training and Testing
Once your disaster recovery plan is established, you should conduct training and testing to evaluate the effectiveness of your recovery plan. Benefits of proper training and testing of your recovery plan include:
- Clarifying employee roles and responsibilities
- Reinforcing company-wide comprehension of all procedures, facilities, systems, and equipment
- Improving individual performance as well as organizational communications
- Revealing weaknesses and resource gaps
Training is essential to ensure that everyone knows what to do when disaster strikes. Members of your disaster recovery team should be purposely trained so they are familiar with their role and responsibilities as defined within disaster recovery plans.
All employees need training to become familiar with safety drills such as evacuation routes and lockdown procedures. Tests should also be conducted to validate an emergency response, recovery strategies, communications, and to evaluate the ability of personnel to carry out their assigned roles and responsibilities.
Let WheelHouse IT Help
At WheelHouse IT, we take disaster recovery very seriously with all of our clients. As our client, it is our top priority to ensure that your data and systems are safe and secure both on and off-site.
We understand that having a fail-safe which allows your business to come back online in minutes versus days speaks volumes. Through a combination of disaster recovery services and our ability to bring clients online in the cloud, our solutions are second to none.
If your current IT provider doesn’t have the time to make sure your business is covered then we strongly recommend you consider an alternative provider that takes this as seriously as we do. At WheelHouse IT, we are extremely familiar with threats be it hurricanes, malware/ransomware, system failures, or other unforeseen calamities.
If you need additional professional assistance in building out a viable disaster recovery plan, we would be happy to help. Or, if you simply want to test if your existing plan does the job - let us run a complementary risk assessment to help you identify if you have adequately fortified your business or if gaps still remain.
Disaster recovery at Wheelhouse is the ideal solution to mitigate the risk to your data. Let us show you how your business continuity should be treated.
Contact WheelHouse IT today to speak to one of our technical advisors
2890 West State Rd. 84
Fort Lauderdale, FL 33312
1866 Seaford Ave
Wantagh, NY 11793
529 S. Broadway St.
Los Angeles, CA 90013