[BreachExchange] Why Even Small Businesses Need a Disaster Recovery Plan

[Audrey McNeil]

http://www.susansolovic.com/2016/10/why-even-small-
businesses-need-a-disaster-recovery-plan/

Disaster is such a nasty word; it implies destruction, loss, and emotional
turmoil. Unfortunately, when disaster strikes your business, you’re likely
to experience all those things and more. That’s why having a recovery plan
is critical – especially since downtime can set small businesses back $8000
every hour. Despite the cost of both natural and man-made disasters, 75
percent of small businesses don’t have a disaster recovery plan in place.

Let’s take a closer look at why disaster recovery is essential for small
businesses.

Why is it important?

Natural disaster aside, there are a number of uncontrollable circumstances
that may result in data loss and downtime. Human error, for instance, can
be a real killer. People make mistakes, and as much as you’d like to think
otherwise, occasionally it’s your employees who are responsible for the
biggest data losses.

What’s more, so much business is taking place online these days that data
breaches have become a real concern. According to the University of Alabama
at Birmingham, hackers are increasing their efforts, and it’s your job to
make sure that confidential customer data is protected. Lastly, even if
your employees are faultless and your security top of the line, there’s
always the hardware, software, and machinery that keep your business
running. No matter how high quality it is, technology can – and does – fail.

While a disaster recovery plan won’t prevent a natural disaster, it will:

Train employees to handle data in a safe and secure fashion
Limit the impact of a cyber attack
Ensures that confidential information is properly stored and controlled
Protect data
Ensure that downtime doesn’t compromise a company

Laying out a disaster recovery plan and investing in backup solutions will
not only protect your data and reputation, it will help you keep your
business afloat should an unforeseeable incident arise.

How to create a disaster recovery plan

Now that we’ve discussed the ‘why’, let’s attack the ‘how’. Creating a
disaster recovery plan can be difficult if you don’t know where to start.
There are certain items that you absolutely must include in your plan, no
matter what type of business you run.

Insurance documentation (e.g. agents, policy numbers, claim
representatives, etc.)
A list of phone numbers and addresses for important people you may need to
contact after the disaster. The list should include:

Local and state emergency departments and management agencies
Contractors
Suppliers
Realtors
Financial institutions
Major clients/customers

A current list of employee/staff contacts, info, and methods.
A communications strategy to prevent loss of customers.
Authentication and validation tools (e.g. SSL certificates, account
passwords, etc)
A list of all applications (software) used in the day to day running of
your business.
Documentation and instructions for recovery. During a real recovery
scenario, there’s intense pressure, confusion, and chaos. Make the disaster
recovery process easier by including simple, straightforward, step-by-step
instructions.

Once you have a plan written up, you’ll want to test it. While it’s
conceivable to test separate portions of the plan on their own, you’ll want
to ensure that the whole plan is tested at least once a year. However, the
more you test it (say, quarterly), the more familiar your employees will be
with it. When testing, record all issues, oversights, and errors in the
plan, and correct them as soon as possible.

Keep the plan current – an outdated plan will be next to useless in a real
disaster. Update the plan at least once a year, or whenever major personnel
or technological changes are made.

What to look for in outside help

Should the worst happen, you’re most likely going to need to hire someone
from outside the company to help recover what was lost. When shopping for a
data recovery service like this one, there are a few things you need to
consider.

Availability: Disaster can strike at any time – will they be ready,
willing, and able to help, 24 hours a day, seven days a week?
Timing: How fast can they work? As mentioned before, downtime costs serious
money. You need someone who can get you back up and running ASAP.
Hardware Compatibility: What type of devices can they recover data from?
You’ll need someone who can work with the type hardware that your business
uses.
Location: Where can they perform the recovery? A cleanroom may be
necessary, or you might prefer to have them on-site in order to counsel
your employees.
Reputation: Comb through reviews as well as the BBB database to check on
the reputation of a data recovery service before using it.

It may seem a little macabre to focus on a disaster befalling your
business, but, unfortunately, it’s quite likely that you’ll encounter at
least one of these issues in the life of your company. While you can’t stop
a cyber attack, natural disaster, or technical breakdown from taking place,
you can safeguard your business from costly data loss by building,
rehearsing, and implementing a disaster recovery plan. It just makes sense.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161028/32dc4a9a/attachment.html>