Is Your Disaster Recovery Plan Hurricane Proof?

None of the effects of disaster— pain, suffering or loss—is fair. And few that survive disasters do so without help and support from family, friends and community. The hurricane that struck Houston last week was hard to watch. And the headlines made certain that when disaster strikes, we’re certainly put in tough situations:

“Worst disaster in history!”

“Brace for significant disaster!”

“Epic Flood”

Hurricane Harvey is a good reminder to us all that disasters do happen.

When looking at responders saving people  hip-deep in dirty water, I couldn’t stop thinking that planning for disasters is one of the most important things a business should be doing. The following 3 concerns have been ringing in my ears for a week:

1. Can I anticipate disaster?
2. How can I, as a business owner, better prepare for disasters?
3. Is my business disaster and continuity plan enough to keep my business running?

Today, I want to address these 3 concerns about business disaster recovery, in particular how business disaster recovery and continuity relates to your IT Support and IT recovery before, during and after disastrous events.

Can I Anticipate Disaster?

Not all disasters can be predicted easily. But, keep in mind, disasters come in all shapes and sizes.

What do I mean by this?

A disaster doesn’t necessarily have to come from Mother Nature. It could be a disgruntled employee that decides to delete or remove sensitive or critical information from your network. It may be an internet outage that prevents a medical office to access their cloud-based electronic medical record platform. Or a disaster may simply come from a power outage that ends up taking longer than expected to fix, a server that fails to boot up, a virus that infects your network and ransoms your data.

A disaster could also present, as we observed last week, as a once-in-a-lifetime storm that leaves your business literally under water, with no physical building for staff members to even attempt to complete day to day operations.

Some of these disasters may be more predictable. But no disaster is expected years or even months in advance. Sure, a drive failure could be predicted and disaster prevented. And if your IT Support was monitoring your network regularly, looking for problems, they likely should have been able to predict a problem before it became a serious computer headache.

But for the most part, disasters are relatively unexpected.

True, we anticipate storms coming in at certain times of the year. We might suspect specific employees of being up to no good. We may even prevent cybercrime by running comprehensive security network assessments or monitor our network 24/7/365, but we likely aren’t specifically thinking about a disaster to hit our business.

What worries me: No one can be 100% certain that disaster will strike. And often times, we err on thinking disasters won’t happen to us. This all leaves us the victims—under water and unprepared to move forward.

What’s concerning about disasters—43% will never open and 51% will close within 2 years! Any business owner should be thinking about disasters and plan recovery efforts in advance. That brings me to concern #2.

How can I, as a business owner, better prepare for disasters?

The most important thing any business can do to ensure health and prosperity is to create a business disaster recovery plan. This plan should detail all procedures, contacts, critical data and software your business needs to stay operational. It should identify locations to temporarily operate in the event your physical office is destroyed and should be the complete roadmap that guides your business through any sort of disaster.

Your Business Disaster Recovery (BDR) needs an owner—just as you have someone in marketing and someone in operations, someone on your team in accounting, you need a designated person to oversee and take ownership of disaster recovery. This person should be intimately familiar with procedures, should easily identify contacts to address specifics—say contact a software vendor or an internet service provider—they should have all the information at their fingertips. You may also consider having a secondary person responsible for your BDR plan if the primary owner is indisposed.

In the event of a disaster—for sake of clarity let’s say there was a severe internet outage—that BDR owner should be the one who knows what your backup plan is. If your primary provider is out of service, you likely have a plan (or should if your business heavily relies on the internet!) to utilize a backup provider. That BDR owner would start the ball rolling to initiate the backup internet service to ensure your business was minimally interrupted (if at all).

Keep a copy of the BDR off site— while digital copies for a BDR can be quite useful, in the event of power outages, you should always have a few hard copies printed (note: your BDR will likely change over time, you likely will need to update this hard copy as contacts, providers or processes change!). Keep a copy of your BDR plan at the office in a secure place, but also make sure you have at least one copy off site in the event that the office is inaccessible. In the event your office is damaged, the person (or persons) in charge of your BDR should have easy access to your plan off site.

Be as specific as possible— vague wording and ambiguity should not be allowed in a BDR. When writing your BDR, you need to be as explicit and clear as humanly possible. State specific actions to be taken by specific roles. NEVER make assumptions. The clearer you are in making your plan, the more likely you are to recover scotch-free from a disastrous event.

Let’s take the internet outage example again to clarify what I mean. If you had merely written, “contact AT&T for internet service” as the solution to a Comcast outage, you may be leaving your internet recovery to chance. Do you have specific contacts at AT&T? Should you contact a specific representative at Comcast before initiating your decision to switch over?

Are there trouble shooting steps you need to take before making that decision? Do you have phone numbers for each vendor (that are updated if a contact has changed!)? There are many little details that would help in avoiding even minor disasters. Does your BDR plan have this detail?

Is my business disaster and continuity plan enough to keep my business running?

One of the most overlooked points in BDR— how do you know you’ve got a good enough plan? How can you be sure that in the event of a disaster, your plan will cut it?

The only way to be certain is through testing! Running through your complete BDR plan annual ensures that your team understands their roles and you and your IT Support can ensure that every single last detail is in place and is accurate to get you through the disaster.

More than 75% of untested BDRs have serious flaws. Avoiding to test and update BDRs leads to the same fate as not having a BDR in the first place. Because a tested BDR ensures that your plan will actually get you through disasters, while untested BDRs often are missing small, yet critical, changes that would have made recovery successful. Have you EVER tested your BDR plan?

What should I do next?

Do you have questions about how to put together a disaster recovery plan? Are you sure your plan makes sure that ALL of your bases are covered in the even something happens? Contact us TODAY to discuss a roadmap through disaster recovery!