You may see natural disasters on TV or read about them but not completely understand the vulnerability associated with this issue. Actually, the risk is almost throughout the industry.
More than half of organizations (58%) are not ready for a major loss of data. Actually, the extent to which firms are unprepared is very worrisome: 60% will go bankrupt within 6 months, according to data from Washington, DC-based research firm Clutch. Also according to the statistics compiled by Clutch, cloud backup is on the rise, with:
- 84% of the organizations that have already adopted cloud backup having implemented both on-premises and cloud backups;
- 68% of cloud backup business customers testing their backups at least once per month; and
- 78% of small businesses planning to use cloud-hosted backup by 2020.
To set aside the specific technology of cloud backup, the need for disaster recovery is clear from the data on the business impact of large data losses. Since it is possible to have a disaster completely take you by surprise, and to in turn lose thousands or millions operationally and economically, it is a basic business need to have a disaster recovery plan implemented.
Benefits of disaster recovery
Here are the main reasons that disaster recovery is of value to business:
Cuts the downtime that might occur with an unexpected event
Disaster recovery will allow you to get back up and running. That is key because downtime is so expensive to business. A report from Information Technology Consulting (ITIC) reveals how expensive downtime is. The analysis polled businesses to determine their cost of an hour of downtime. The staggering results are that the cost for systems to be down for an hour is:
- greater than $100,000 for 98% of respondents;
- greater than $300,000 per hour for 81% of companies; and
- $1 million to $5 for 33% of firms.
Helps safeguard your authority
You clearly do not want your operations to be disrupted, which can occur when a disaster strikes. There are additional problems that can arise because of a disaster, though. A key issue is an impact on your credibility.
You are able to get your systems back up and running properly more rapidly with a strong disaster recovery plan. Since you can get back in business more quickly, you are better able to protect your reputation. Getting back to general running shape as rapidly as possible also means it is less likely that any of your customers’ data will be lost. Plus, by having a disaster recovery plan in place, everyone knows what they need to do. That means your personnel is able to know what is going on and to pass on whatever information they can to customers, so no one needs to worry.
Gives you a sense of your key processes
You are able to better prioritize what is critical to your business as you assess the most important ones to recover in a business impact analysis report. Rather than an organization just having a vague sense of how long they could go without a certain service, they are able to determine a specific timeframe. As you determine the specific amount of not having certain services, you are able to prioritize how to bring everything back online.
Taking on disaster recovery intelligently
Since disaster recovery is of such high value to an organization, it helps to strategize how best to implement it. Here are some recommendations:
It is key to be ready ahead of time if you want to be able to respond quickly when an emergency situation arises. You will have a far easier time getting yourself back to balance if you are planning the notion of potential disruption to your business.
In order to be prepared for a disaster, you need a strong disaster recovery plan and be willing to go beyond it. You should have your core processes built into a disaster recovery plan and have a team that is designated for disaster recovery tasks. You want to perform a risk assessment so that you know what your business might encounter and how dangerous each of those elements is. One way to do this is through security penetration testing, in which you test your system’s security by trying to exploit its weaknesses.
You want to be able to look at the field of possible disaster with complete clarity so that you respond in the most meaningful and helpful way possible if disaster does arrive. You also want to have strong partners on your side, as with the hosting companies, which can be pivotal in helping you access backups and otherwise reestablish stability.
Since disaster recovery is extremely important in healthcare compliance and other regulated industries, it is best to also incorporate compliance into your security and DR planning.
What to include in a disaster recovery plan
Beyond those general approaches, here are some of the most critical components that you should include in your disaster recovery plan:
An assessment of the potential risks and how you might respond
Within the disaster recovery plan, you should fully address the possible sources of disruption to your firm, according to IDC research director Phil Goodwin.
Once you have all the scenarios laid out, you then want to have a plan for each of those possibilities. An example would be a breach taking your servers offline in Washington, DC. What would be the next steps if that occurred?
A business impact analysis (BIA)
You want to complete a business impact analysis for all your major systems in order to determine the priorities you have for DR. A BIA will help you determine what the possible impacts are of a human-generated or naturally produced disaster on the operations of your organization, per Gartner.
You will be able to figure out what your priorities and dependencies are for various systems when you conduct a BIA. Basically, the process of completing the BIA will allow you to properly prioritize certain systems over other ones, and in turn, allow you to develop sounder recovery methods and ways to keep your loss as controlled as possible.
You need to include your individuals on your team and the process of the disaster recovery plan. It is a common mistake to excessively focus a plan on the hardware and software instead of the human element. Goodwin stressed that IT allows your people to do things. You don’t just need the information and your computers online. Since it is not just about technology, it is smart to think about disaster recovery in terms of the full organization rather than just in terms of the data. Think about how you will want people to respond following a disaster. Think about what they will need to have in place to get back into proper working order.
You want to name the core people who will be needed for a great response in the event of a disaster, according to security speaker and consultant John Iannarelli.
One thing you need to include in a disaster recovery plan is locations. You want to know where your software will be running if you have an emergency. It underscores the importance of pairing a physical environment with a cloud environment.
You want to have the capacity to send out updates to everyone on your staff via mobile alerts, text messages, and email. Via their mobile devices and laptops, they should have access to incident management procedures so they are able to properly respond.
Evacuation plans and exits
You need to think about evacuation, how to get your customers and staff into shelter safely, in order to know that everything will go well when a disaster strikes. You should have evacuation routes that are marked clearly. It is also important to have drills at regular intervals in order to know that all the people who work for you will be able to get out as rapidly as possible.
Supply chain contacts
It is possible that some of your inventory will be damaged or that you will not be able to keep up with your new orders. Since that’s the case, you should have all the contact details for your vendors within your disaster recovery plan so that you can be in touch with them and keep them posted on developments. In order to deal with the immediate situation, it is also wise to have alternate suppliers listed so you can fill gaps as necessary.
Disaster payroll and accounting processes
You have to be sure that payroll and invoices are protected regardless of the disaster. In order to make sure that your financial side is stable throughout, you want to have an independent payroll service and an accounting system that is cloud-hosted. You can also get business interruption insurance so that you are more easily able to fund your recovery.
Continuous data protection for your disaster recovery plan
As indicated above, it is essential to have a high-quality infrastructure behind your disaster recovery plan. One way to protect yourself is with continuous data protection (CDP), to avoid losing data in the first place. A managed CDP Backup keeps a set of freshly saved information available for quick and easy access. Learn more about how we provide HIPAA disaster recovery services as part of our HIPAA compliant hosting plans.