The sad reality is that 68% of small businesses and 30% of all businesses do not have a disaster recovery plan and 90% of them will not survive a catastrophic incident without one.
The average cost of downtime is anywhere from $926 to $17,244 per minute! Multiply that by an hour, a day, or even several days…would your business live to see another quarter if forced to shut down by a pandemic?
Let's begin by reviewing the basic framework for a disaster recovery plan that you can start using right away. No business is invincible against a significant pandemic or large natural disaster, but with the right preparations, businesses can endure the unthinkable.
A Disaster Recovery Plan (also known as a Business Continuity Plan) is a system of procedures that you and your employees will follow to restore business functions in the event of an unplanned catastrophe, like a pandemic or a natural disaster.
Before you start your Disaster Recovery planning, you need to conduct a risk assessment. A risk assessment will do several things to prepare you for disaster recovery planning and implementation, including:
● Inventory all the systems, networks, workflows, and security measures that comprise your business infrastructure.
● Identify vulnerabilities and recommend updates.
● Determine if there are tools that you are missing from your business continuity survival kits, such as redundancy and backup solutions or cybersecurity measures.
● Reveal ways to simplify your internal processes to make them easier to manage (and fix), such as having an integrated helpdesk solution that centralizes business tools and platforms. This solution will be particularly handy after vital systems are restored and when remaining issues need to be systematically resolved as fast as possible.
● Distinguish and prioritize mission-critical systems and securities from supplemental ones. Understanding the priority levels of your systems, networks, and business functions will be the difference between life and death for your business in the face of a disaster.
No matter what type of disaster your business encounters, communication is the first thing you need to establish. Recovering from a disaster isn’t a one-person job. As your communication plan unfolds, make employee safety the first priority and business continuity the second.
● Establish a calling tree using every employee’s emergency contact information. Determine who your most valuable employees are (based on their role in business functions).
● Have a backup communication channel, such as an extranet or Emergency Notification System that employees can access if the main communication channels are down.
PHASE 2
● Define when to initiate your disaster recovery plan. Be specific.
● Determine and assign who will be in charge of what, including data security, third-party vendor outreach, customer service, and PR.
● Create a list of the most likely disasters you could encounter. This list will serve as the basis for the rest of your DR plan.
For example in the case of a pandemic or just as a preventative measure, you can setup a plan for your staff to work from home for a significant amount of time.
Possible scenarios include: viral pandemics, hurricanes, tornadoes, floods, power outages, data center shutdowns, building damages, fires, cyber attacks, internal attacks, human error, failing equipment, etc.
For EVERY possible scenario, create a step-by-step standard of procedure. When you and your employees are in panic mode, it will be incredibly difficult to focus on and process information. So, make each procedural concise and simple enough for a sixth grader to read. If it looks like an Ikea furniture instruction manual, you’ve gone too far.
● Assign a leader to each scenario (scenarios may have different leaders depending on the business functions involved).
● Create a master list of all vendor contact information and link them with the business systems, networks, and equipment they manage.
● Recruit a core disaster scenario team. This will include your most valuable employees (those most relevant to affected systems and networks), 3rd party vendors, customer outreach representatives, etc. In the case of quarantine due to a pandemic, have a plan for your team to work remotely in order to minimize risk of contagion.
● Create a chain of command for your disaster scenario leadership and core team to follow. This chain of command will prevent miscommunications.
● Make sure every single employee involved in the disaster scenario understands their role in the recovery.
● Identify what systems and networks may be impacted by the disaster. Prioritize this list based on those most important to business up-time.
● Define what business functions may be disabled during the event. Again, prioritize which business functions must recover first.
● Set Recovery Time Objectives (RTO). RTOs are goal timeframes for which each system can be recovered.
● Organize all of this information in clear, simple, step-by-step directions.
Estimating the business impact of a disaster is just as important as assessing the affected networks, systems, and equipment. You cannot contain the damages of a catastrophic event if you do not understand what they are. To estimate the business impact, you will need to understand the inner-workings of your business like a mechanic knows the inner-workings of a car.
● Pinpoint what business functions may be affected.
● Determine what/how many employees may be affected based on the business functions involved.
● Identify how many customers may be affected.
● Make a list of the potential direct and indirect costs associated with down-time. This will include the direct cost of repairing equipment as well as the indirect cost of lost productivity, missed sales opportunities, and a potentially damaged reputation.
● Know how to estimate the cost of downtime (see formulas).
E = number of employees affected
% = percentage they are affected
C = average cost of employees per hour
H = number of downtime hours
GR = gross annual revenue
TH = total annual business hours
% = percentage impact
H = hours of downtime
As you work through your disaster recovery planning, many of the action items will take place at the same time. There will be several parts and pieces at play, stress and nerves interfering with problem-solving skills and team-work, and split decisions hanging in the balance. For this reason, your execution must be
Hint: you do not want the only version of this plan to exist in digital format. If systems crash or you lose power, your business is essentially skydiving without a parachute. Create multiple formats of this plan in digital and hard-copy, and store them locally and in the cloud.