Make no mistake about it, IT disasters are unpredictable and can have a devastating impact on small and medium sized Irish businesses. Too many business owners and office managers potter along thinking the same thing – “it won’t happen to us”.
How likely is an IT disaster?
The fact is, the incidences of cybercrime in Ireland are skyrocketing. A 2018 survey by PwC has revealed the number of companies that have suffered cybercrime in Ireland in the last two has increased to 61%, up from 44% in 2016.
That is almost double the rate of global companies – 31%. So it isn’t a question of will it happen to your business, the only question is – will you be ready for it when it does?
What is an IT Disaster?
An IT disaster is any unforeseen event that can put your business at risk by slowing or interrupting your a key system or network, or indeed, causing them to fail altogether. Aside from cyber attacks, there are a huge number of IT disasters that can completely derail a company, including:
- Hardware or machine failures
- Data corruption
- Malicious acts
- Natural disasters (such as a fire, or a flood)
- Simple human error
The list goes on.
Whatever the event, an IT disaster can cause service outages, data loss and system failures. And of course, they can seriously disrupt your business operations, causing:
- A loss in revenue
- Increased expenses
- Customer service disruptions
- Dramatically reduced productivity
Developing a disaster recovery plan is imperative for all Irish businesses, big and small alike, to ensure that these risks can be mitigated. Only 6% of companies that don’t have a disaster recovery plan survive a disaster. So, it’s time to get yours sorted.
What is Disaster Recovery (DR)?
Disaster recovery is the process of recovering or continuing normal business IT systems and operations after a serious IT outage has taken place. This includes:
- restoring power and connectivity
- regaining access to data and restoring lost data
- recovering hardware, software and network equipment
- restoring communications
A disaster recovery plan is a specifically defined set of documents, tools and procedures that enables this recovery to take place in the shortest time possible, and helps to maintain your business’ reputation.
The aims of having a disaster recovery plan are:
- To minimise interruptions to your normal business operations.
- To reduce the financial impact of an interruption.
- To establish alternative means of operation in advance.
- To ensure your staff are trained to handle an IT disaster.
- To restore services as quickly as possible.
Do you already have a DR plan? Then make sure to ask the questions – how thorough is it? Has it been tested? Is it up to date? When it comes to disaster recovery, you cannot be too careful.
7 Steps for Creating Your IT Disaster Recovery Plan
Step 1. Outline and prioritise your risks
The first step in creating your DR plan is to identify all of the risks your business faces that could be categorised as an IT disaster. These include any system outages, server failures, data breaches, ransomware and other cyberattacks, as well as the likes of fire, flood, theft.
Make a catalogue of each of the systems that would be affected and prioritise them in terms of the possible damaging effects each would have on your business processes.
Once you have outlined each of the risks and their effects, you can start to examine the areas in which you can mitigate the risks as well as what steps must be taken in the event they take place.
Step 2. Implement a data backup and recovery system
An absolute necessity for any DR plan is to implement a data backup and recovery solution. Now that you have catalogued your systems you should have a good overview of where your data is stored and which systems can access it.
In this step you must outline and implement a backup plan for each of the systems your business relies upon, clearly describing the recovery procedure for this data in the event of an IT disaster. In this section, make sure to include expected recovery times and try and identify where possible failures might occur.
For more information on creating a backup and recovery plan see: 3-2-1 Data Backup Rule of Thumb: The why and how of data storage best practice.
Step 3. Identify critical hardware and software and outline a replacement plan
OK, so you know the risks and you know the damage they can cause, you also know where your data is backed up and how to recover it. Now you need to look at your IT hardware and software.
If your office servers have been destroyed by a fire, the ability to recover your backed up data is only useful if you can get your hardware set up to take the data. The same goes for employee laptops and desktops – recovering the data is useless unless they have the hardware and software available to resume their day to day operations.
Step 4. Identify substitute locations
A key step in creating your DR plan is to identify alternative business locations should an event take place that restricts access to your office. Can your staff work remotely, even temporarily? Or will you need a temporary office that can house your staff and hardware and accommodate any logistical requirements as well?
Outlining substitute locations in this step and putting a plan in place can help to dramatically reduce the time it takes to get the business back to normal operations after an IT disaster, particularly if there is a lack of temporary office space available on the market.
Step 5. Outline key personnel and responsibilities
The next step in creating your DR plan is to outline your key personnel involved in implementing your plan. You know how, what and where involved in an IT disaster incident, now you need to look at designating who are going to be the first responders and what each of them needs to do to get the company back to running smoothly.
This step is massively important. Each person’s responsibilities must be clearly outlined, operating as a step by step guide for them should the worst happen. Once you have completed your DR plan, make sure that each person who has a part to play has their responsibilities clearly explained to them so they know what is expected of them.
Step 6. Outline a communications plan
During a crisis, good communication is imperative. There can be a lot of concern and confusion during an IT disaster and a good communications plan will help to alleviate fears, keep recovery on track and minimise the time wasted due to down time.
In this step you should outline all of the key stakeholders involved in an IT disaster including your IT team or your IT provider, your staff, your insurance company, management teams, your suppliers, and of course, your customers most of all.
Nothing will lose a business customers more readily than keeping them in the dark during a crisis. If they can’t trust you to handle something like this competently, how can they trust you with their custom moving forward?
Make sure to describe what each of the stakeholders needs to know, and when, and describe a process for how the business will go about addressing these needs in the event of an incident.
Step 7. Train and test
Any plan is useless unless the parties involved are up to date on what’s expected of them. Once you have completed your DR plan, make sure to circulate it to all of the key people involved. This includes all of your staff members.
Once they know that the right steps will be implemented and that you are aware and planning for every scenario, they will be calm and confident in the event of an IT disaster. Keeping them in the dark about your DR plan can result in panic, misinformation and a damaged reputation.
It’s also important that you test out your disaster recovery plan or you may end up relying on procedures that will fail you when you try to implement them. Contact your IT provider or your head of IT to devise a testing procedure for your plan and then revise the plan accordingly.
No Business Ever Regretted Having a DR Plan in Place
So there you have it – 7 steps to creating a disaster recovery plan for your business. Once it is complete, print it out and keep a copy off-site. Trust us, no one has ever regretted having a DR plan in place, but there certainly are a lot of business owners out there who have regretted not having one.
If you need help creating or implementing a DR plan for your business, big or small, contact our team today to discuss your options. We’re happy to help.