Disaster recovery. It’s not exciting, and it’s probably not the first thing you thought about when coming back after the Christmas break. But it could be the one thing that keeps your business going should the worst happen.
And the worst does happen more than you might think. It’s fair to say that most businesses – regardless of size – depend on technology. Business disasters come in all shapes and sizes, from leaving a laptop on a train or dropping a cup of coffee, to server failures, cyber-attacks and cloud application downtime. In 2017, more than two in five UK SMEs identified at least one breach or attack. In the US, small businesses lose an average of $80k a year to cybercrime. That could be a crippling amount for many SMEs.
Let’s look at what should be in your disaster recovery plan – and how to give yours the once over for 2019.
At least one in three small businesses are thought to not have a disaster recovery plan – and a staggering 90% of those without one would not survive a major breach or attack. While it’s not a legal requirement, we’d strongly encourage every business to write one – and review it regularly.
A disaster recovery plan commits to paper the policies and procedures your business will follow in the event of IT disruption. That covers every eventuality, from tech failures to criminal interference or human error. The aim of the plan is to restore your business as quickly as possible, by bringing services back online, or switching to a contingency system, for example.
All disaster recovery plans should cover:
Like any plan, there’s no value to it unless staff are fully trained on what their roles and responsibilities are.
Your business evolves over time, accommodating new systems and IT services, so you’ll need to pencil in a regular review to check your disaster recovery plan still makes sense. If anything changes, you’ll need to notify any stakeholders: retrain your staff and talk to your suppliers, for instance.
Fundamentally, when you’re going through your disaster recovery plan, you need to know whether those two KPIs – your RPO and RTO – are still fit for purpose. And then there’s testing. You should at least test your disaster recovery processes in part on a regular basis. It’s also worth running through the whole plan in one go every once in a while to flag up any conflicts where several processes run – or any situations you’ve failed to plan for.
You can find disaster recovery plan templates online, but it might be worth trusting the experts. We’ll work with you to define, refine and implement your disaster recovery plan. Alongside a number of leading business continuity specialists, we’ll bring you the right solution for your business, including bespoke back-up systems and rigorous testing.
Get in touch to find out how we can improve your resilience.