Why You Should Plan to Fail… by Building an IT Disaster Recovery Plan

Irrespective of industry, IT system failures can have a devastating effect on small and mid-sized businesses. IT disruption for even a few hours can bring business operations to a standstill resulting in significant financial loses. Crises’ such as server or internet failure, cyber-attack, fire, flood or even a natural disaster could takeout your IT infrastructure and cripple your business. SMEs, therefore, must have a recovery plan in case of such a catastrophe. Not having a plan to fail can put your enterprise at risk of financial loss, brand damage and most importantly risk of losing customers.

Consequences if you Fail to Plan (for failure)

Despite all the awareness and precautionary tales surrounding these events, there are still a large number of businesses that choose not to develop a disaster recovery plan – until it’s too late. Below are a few compelling facts which highlight just how important it is to prioritise a disaster recovery plan.

  • Downtime: SMEs on average experience over three downtime incidents each year due to some form of disaster.
  • Power cut and connectivity failures:
    • Around 77% of UK businesses (approximately 4 million) experience connectivity failures.
    • Businesses on average suffer 4-5 outages in a year with a six-hour waiting period for the services to be restored.
  • Security breach: Last year almost 43% of UK businesses suffered a cyber-attack resulting in variable amounts of downtime.
  • Financial and productivity loss: Per a report by Daisy Group, UK businesses on average experience 45 minutes of downtime each week which is approximately £500 per employee, per year, in lost productivity.
  • Data loss: Per a report by IDC, 40% of SMEs in the UK do not have a data backup plan in place and if they do, then around 50% of the data backups are only partially recoverable.
  • Enterprises failing to recover: According to a report by Deloitte, almost 90% of businesses without an IT recovery plan will not survive when a major disaster strikes.

Six Things Your IT Disaster Recovery Plan Should Cover

Disasters can strike at any time – cyber-attack, human error, natural disaster, flood or fire, storms etc. When disaster strikes, it is necessary to have a plan to protect your IT systems from its impact. It’s no wonder, that having a strategically designed and tested IT recovery plan will improve a businesses ability to return to normal business operations as quickly as possible.

When putting a recovery plan together, it is best to work with a Managed Service Provider with experience in IT disaster recovery planning. MSPs offer strategic services to help businesses review their current IT systems. They also evaluate and redefine processes and then actually implement the new IT disaster recovery plan. Consider the below six things when your business plans to create an IT disaster recovery plan, or are reviewing the one you already have:

  1. Threat Modelling & Response of potential disasters: The disaster recovery plan should include a wide spectrum of all possible technological, environmental, political and business incidents, with a response/recovery plan for each scenario.
  2. Business operation impact analysis: Business operation impact analysis will simulate the consequences of disruption of a business process and collect information needed to develop disaster recovery strategies. The business operation impact analysis inspects three security objectives: integrity, confidentiality, and availability.
  3. Identify business-critical systems and information: Not all information is of equal importance. Identify the most critical systems and data which should be protected at all costs and protect it!
  4. Crisis Management: Identify the right management and technical staff (or support providers) to support the business through a crisis. The recovery plan should include a crisis response team to handle the disaster effectively.
  5. Regularly updating disaster recovery plans: Update disaster recovery plans whenever internal IT systems are changed or updated. Updating is important as the recovery plan will be successful only if it takes into consideration all the IT systems and applications currently in use – which are forever changing.
  6. Test your IT disaster recovery plan: Testing recovery plans is critical – after all, when you need them – they must work first time!  Loopholes, snags, changes and unforeseen technical problems always arise during testing and these must be worked through and corrected before the plan is put into production and disaster strikes. Since IT systems are continually changing and upgrading, testing recovery plans also assist in ensuring the recovery plan is current.

Do you have questions about disaster recovery planning? Contact m3 Networks. You’ll be connected with a disaster recovery expert who can address your specific challenges and problems.