BY BILL ABRAM
For New York City, Westchester and Fairfield County businesses, Hurricane Sandy caused a significant business interruption. From flooded offices and power outages to inaccessible buildings, Sandy prevented many professionals from experiencing something we take for granted ”“ business as usual.
With weather predictions of an above-average snowfall for the Northeast this winter and one snowstorm already behind us, small businesses need to assess how they will respond when disaster strikes. It”™s time to create a disaster recovery plan.
A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business”™s IT infrastructure in the event of a disaster. Gartner Inc. estimates that only 25 percent of small- to mid-sized businesses actually have a comprehensive DRP in place.
Prevent Mother Nature from putting a frosty finish on your small business”™s bottom line this winter and follow these four steps for creating a DRP:
1. Identify threats and consequences. Start by creating a list of potential disasters and ranking each based on likelihood of occurrence. Next, identify the level of impact each would have on your business and briefly outline the specific consequences. Use this framework to determine which issues to address in the DRP.
When creating your list of threats and consequences, plan for both small- and large-scale disasters. DRPs aren”™t one-size-fits-all, so it”™s important to consider how industry, geography and company size impact your disaster likelihood rankings.
2. Plan for prevention, detection and correction. When crafting your DRP, address these three key areas ”“ prevention, detection and correction.
What will happen if your phones go down for the day? How will you handle a week-long power outage in the middle of your peak season? Do you have all employee reach numbers, especially cell numbers, updated and stored offsite? These are the kinds of questions to answer within your DRP.
Preventative measures focus on what your small business can do to prevent a disaster from occurring. Think power failure, data breaches, server failures, etc. Means of preventing these occurrences include offsite data backup, onsite generators and password protection policies.
Detective measures alert you to unwanted threats or occurrences. Think fire alarms and up-to-date anti-virus software.
Corrective measures focus on how one will react to a disaster or threat. Examples include securing necessary insurance policies, storing critical documents within your DRP and maintaining and updating key personnel information securely and off site.
3. Anticipate data loss. Oftentimes, data loss is due to file system corruption, deleted virtual machines, internal virtual disk corruptions, storage/server hardware failures and deleted or corrupt files. With proper data backup in place, the problem can be prevented regardless of whether your onsite server gets flooded or someone deletes data.
If your company works with an IT vendor, be sure to ask: Who is managing my data? How is my data being backed up? What if my data gets lost? This will provide a clear understanding of data threats and recovery processes. Confirm that your IT does a “test” of restoring from backup.
Sometimes, organizations opt to have active and backup servers housed within their physical office. While you are technically backing up your data, having both servers reside in the same physical location is problematic if power is down at the office for an extended period of time or flooding occurs. Despite being backed up, you can”™t access the data until the waters recede or power is restored. Do you need to have a designated offsite place to work? Will the local coffee shop work? Do you need a seat at a data center?
4. Test. Refine. Update. Testing the DRP that you have built is vitally important. Testing applies to any backup servers or remote access tools that are in place and having staff execute their assigned roles so they are comfortable doing so when faced with a disaster.
Once the initial test has been completed, refine the plan. Address any gaps and streamline cumbersome processes. If employees can execute their assigned tasks from the office or remotely, both circumstances should be tested.
As new technology is acquired and procedures change, your DRP will need to be updated.
While creating a DRP requires an investment of time and money, Hurricane Sandy was a reminder that one needs to be prepared for the worst and hope for the best.
Bill Abram is founder and president of Pragmatix Inc. in Elmsford, an IT firm that helps nonprofits and businesses use technology to improve business performance. Contact him at billa@pragmatix.com.
