From natural disasters to computer hackers, we’re living in uncertain times.
In 2018, Americans experienced 11 weather and climate disasters between January and October. Each of these events cost $1 billion in damage to homes and businesses. Fires, floods, tornadoes, and other climate-related problems disrupted families, businesses, and the economy from Maine to California.
But disasters can also come in the form of cybersecurity breaches. The Ponemon Institute reports that these incidents are happening more frequently, at a cost of $148 per compromised record. The report suggests that the average cost of a breach is $2.2 million for incidents involving less than 10,000 records to $6.9 million for breaches of 50,000 or more records.
Businesses can rarely afford the downtime that follows a natural or human-made disaster. Network World says just one hour of downtime costs $8,000 for a small business, $74,000 for a midsize company, and $700,000 for large enterprise organizations.
Given the size of these threats and the potential damage they can cause, what can businesses do to lessen their risk?
Understanding disaster recovery planning
Benjamin Franklin famously said, “If you fail to plan, you are planning to fail.” Under the looming threat of climate challenges and hacker encroachment, many CEOs would agree that disaster recovery planning is the new business imperative.
Disaster recovery planning seeks to define the actions employees must take in order to rescue critical business components during a crisis. The plan should also define the steps necessary to get the company back online as quickly as possible following a disaster event. The goal is to roadmap crisis management, restore business function, and communicate with all business stakeholders.
But if disaster recovery planning is so important, why have less than half of American businesses taken the time to create a disaster plan? Is it simply the sense of denial that comes from thinking it could never happen to your business? Perhaps, but it also could be because disaster recovery planning is a complex process and, once created, the need to periodically update the plan never goes away. Companies with documented disaster recovery plans typically test their plan every year — if not every quarter. This testing takes time and effort that many business owners and IT teams can’t spare.
Elements of a disaster recovery plan
Disaster recovery plans should include step-by-step details on how to keep a business running no matter what happens. These plans help ensure business continuity and employee security.
A disaster recovery plan for your business should include these elements:
- The goals and overview of the plan.
- Emergency contact information for key personnel and stakeholders.
- A business continuity contingency plan that details the steps necessary to protect corporate data, notify clients, and continue basic business functions even while facing the unexpected.
- A communications and public relations plan.
- A diagram to the entire IT network and the recovery site, whether in the cloud or at an off-site location.
- A list of license keys and software, passwords, and other systems used for disaster recovery.
- Vendor documentation on recovering technology systems.
- A summary of insurance coverage, policy numbers, and contact information.
- Step-by-step instructions for handling finances.
While these are just some of the elements of a disaster recovery plan, they illustrate how detailed the documents should be and how difficult it could be to find all of these details when a crisis hits.
Better disaster recovery planning
With the right amount of planning, your business can survive just about anything. But it’s important to ensure that your plan has clearly defined assignments that aren’t specific to the type of disaster that occurs. Base your plan on the business system impact and create a cost model that takes into account possible business downtime, replacement systems, personnel, facilities, and support.
Each disaster recovery plan should include periodic testing and documentation cleanup to ensure everything stays up-to-date. Then take the time to train everyone on the plan. While disasters often can’t be avoided, companies can mitigate their risk by creating a disaster recovery plan to ensure “business as usual” no matter the challenge.
Synoptek can’t stop the next natural disaster, but we can create an airtight disaster recovery plan to help your organization survive. Contact us to discuss creating a disaster recovery plan for 2019.