The question isn’t if your business will experience a disaster, it’s when. From hardware failures to natural disasters to cybercrime, the threats to your business are growing in number and severity. Seagate reports that 140,000 hard drives fail in the United States each week. Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 14 seconds by 2019, and every 11 seconds by 2021. CNBC reports natural disasters cost the United States $91 billion in 2018. When your time comes, what impact will downtime have on your business?
The impact is huge
Gartner estimates the average cost of downtime to a business is $5,600/minute or ~ $300,000/hour. With this number in mind, it’s not hard to see that cyber threats have the potential to have a devastating impact on a business. Osterman Research found that 22% of businesses with less than 1,000 employees cease business operations after a ransomware attack. And the impacts aren’t just financial. For businesses that do survive, disasters also negatively impact morale, company reputation, productivity, and customer loyalty.
Is your business ready?
With natural disasters, cybercrime, and technology failures in the news everyday, every business must have a disaster recovery plan, right? A survey of SMEs (small and medium-sized enterprises) by Riverbank IT Management research found that 46% of SMEs don’t have a backup and disaster recovery plan. For those that do have a plan, 23% have never tested it. A 2018 Global Data Risk Report by Varonis found 21% of files in an organization are unprotected. So when disaster does strike, and there’s no plan or protection, if you’re lucky enough to survive, the financial and non-financial cost will be enormous.
The good news? Research from Datto shows that 90% of businesses with a disaster recovery plan fully recover.
Building a disaster recovery plan
A disaster recovery plan outlines the policies and procedures an organization needs to follow should a disaster strike. The objective is to protect the company’s most valuable assets (data, systems etc.), reduce downtime, financial impact, and get the business back online as quickly as possible to minimize impact on employees, customers and the brand. Plans can differ depending on the type of disaster, but the objective is ultimately the same. There is lots of research and commentary on disaster recovery plans. Here are some of the key elements to consider:
Emergency response plan – Outlines the actions to mitigate damage to people, property and an organizations’ ability to function during a disaster.
Business continuity plan – Logistical recovery plan used to restore normal business operations and processes in a disaster situation.
Contingency plan – Often referred to as Plan B, a contingency plan addresses how an organization may respond to a future situation.
Business impact analysis – Process that determines and evaluates the potential impact of an interruption to critical business operations as a result of a disaster or emergency.
Recovery Point Objective (RPO) – Think about how often systems backup. When a disaster strikes and systems go down data can be restored based on the most recent backup. It is important to determine the frequency of backup that makes sense for an individual business. Would restoring data to the previous hours, days, or weeks data be sufficient to get the business live again?
Recovery Time Objective (RTO) – How long can systems be down before data is recovered and business goes back to usual? The RTO may vary by system. For example, it might be determined that an organizations’ Point of Sales (POS) system needs to be recovered in a matter of hours; while, an email system could be down for a day or two.
Communications plan – During a disaster communication is key. Ensure a plan is in place for communicating to employees, customers, partners and even the general public. In the case of a cyber security breach a communications strategy will help reduce the negative impact on the business.
Testing and training – Run drills to test the effectiveness of disaster recovery plans. Drills provide a great opportunity to tweak plans before a real disaster strikes. Ensure employees are informed about disaster recovery plans and trained on processes regularly.
Backup data – Regularly backup all of your important data at both the organizational and individual level. This ensures minimal disruption during a disaster. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.