[BreachExchange] What is an IT Disaster Recovery Plan and Why Does Your Small Business Need One Now?

Audrey McNeil audrey at riskbasedsecurity.com
Thu Mar 9 19:33:35 EST 2017


https://smallbiztrends.com/2017/03/it-disaster-recovery-plan.html

You close your small business for the day and go home. You come back the
next morning, and a leak has caved in the roof and it has fallen on your
office server. If you don’t have an IT disaster recovery plan, your day is
going to get much worse.

According to the US Small Business Administration (SBA) and its Prepare My
Business program, 90 percent of companies fail within a year unless they
can resume operations within five days following a disaster. That is an
alarming statistic, and one that small businesses should take into
consideration as they become more connected and their reliance on digital
technology grows. With the right IT disaster recovery plan , even if there
is a major disaster, server failure, security breach or data loss, you will
be able to restore at the minimum, critical services in the least amount of
time.

What is an IT Disaster Recovery Plan?

An IT disaster recovery plan is a process put in place for responding to
unforeseen events effecting your data with a documented and structured
approach and a clear set of instructions. These instructions include a
step-by-step plan designed to greatly minimize the impact of any disaster
and to allow your business to swiftly resume operations.

The broader terms business continuity or disaster recovery, generally
 describe a similar concept. They are procedures allowing you to recover
from a disaster quickly so you can continue your business with minimal
disruption. However, the IT disaster recovery plan refers specifically to
data and other IT operations.

The other two descriptions may also apply to procedures providing for
things like replacement for damaged equipment or inventory and even
additional part-time or full-time help where needed.

It begins by analyzing the business process and the continuity needs of the
company. It requires a business impact analysis and risk analysis to
establish the recovery time objective and recovery point objective — both
important when setting up the plan.

Analysis

A thorough analysis of the existing digital setup is needed, including
hardware, software, data, connectivity, network and more. This, of course,
will depend on your business and the industry you happen to be in. The
analysis should disclose the resources needed to allow the recovery of
business functions and a time objective to recover those functions, as well
as recovery point objective after a disaster.

The analysis will also include establishing a disaster-recovery team of
employees. These should be employees with the most experience so they can
be assigned with contact details and specific tasks. These individuals
should be able to prioritize critical business functions and determine the
speed of recovery.

Have methods of communication in the event cell towers and internet
connections are down. Create a top down list so everyone can go through it
until one is found that is working and connects the recovery team.

The next step involves designating a disaster recovery location where
critical backup systems can be accessed allowing employees to work. For
many small businesses this might be your home, hotel or the home of another
business partner.

Have multiple means — phone, email, VOIP, etc. — for contacting everyone
involved in the recovery process as well as for other employees, customers,
vendors, suppliers, business partners, your insurance company and other
resources that might be relevant for your particular business.

Make your customers aware of your emergency plan with alternative ways of
getting in touch with you, placing orders, sending payments and even a
backup business location. Your website is a great place to have this
information.

Back up your digital information in more than one location.

Test your plan at least once a year to integrate new procedures and
technologies and to eliminate those that are inefficient or no longer
necessary for your business.

Who Should Implement an IT Disaster Recovery Plan?

The answer is every business, but not every business has the resources to
implement such a plan with all the bells and whistles. So just having a
plan and testing to see that it works no matter how small your business
already puts you ahead.

However, for industries that totally rely on digital technology for their
day to day operations, it is a must. And it should be as thorough as
possible within the limits of your budget. Independent insurance agents,
game designers, IT service providers, communications companies and others
come to mind as all in need of such a recovery plan. But in reality, it
applies to every business that is using computers in their operations.

As far as the reason for implementing an IT disaster recovery plan, it is
the same as the reason for buying insurance for your car or home. Having it
will give you the peace of mind that you will be able to recover much
quicker, not if, but when a disaster eventually strikes.

If the process sounds complicated and you don’t want to implement it
yourself, you can have managed business continuity service providers do it
for you. The price and services vary greatly, so shop around and choose a
company that is able to address the particular requirements of your
business.

Conclusion

Businesses, no matter how small or large are now more vulnerable than ever
when it comes to cyber attacks. But disasters can also come from human
error or nature, and in any event you need systems to deal with those
situations and manage them effectively to minimize the negative impact. An
IT disaster recovery plan will let you prevent if possible, or at least
anticipate and mitigate any business interruptions to your business when a
problem occurs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170309/ca1b3b18/attachment.html>


More information about the BreachExchange mailing list