Disaster Recovery Basics for Connecticut Small Businesses

     

disaster recovery basics

It’s still hurricane season, and as I write this, Hurricane Harvey recently swept through Texas, leaving Houston underwater, and Hurricane Irma is pounding Florida. Natural disasters cost billions of dollars, and in Connecticut, we routinely suffer from natural disasters such as winter storms and blizzards that disrupt power and shut down businesses. Then there are man-made disasters such as cyberattacks that can bring your business to its knees. No matter what the disaster, you want to restore normal operations as soon as possible, and that means understanding disaster recovery basics in order to develop a disaster recovery plan.

For most Connecticut-based businesses, loss of computing services truly is a disaster. A survey by IHS revealed that companies reported an average of five downtime events each month, with annual costs ranging from $1 million to more than $60 million. The Ponemon Institute estimates that every minute of data center downtime costs $7,900 on average. What it costs your Connecticut business can be calculated in lost revenue, lost productivity, and lost customers. No matter how you measure it, any form of disaster that disrupts your operation is expensive.

Download Small Businesses’ Guide to Identifying Your IT Needs

To minimize network downtime in the event of a disaster, you have to break your infrastructure down into disaster recovery basics and develop a plan to get your systems up and running as fast as possible.

What Can You Afford to Lose?

The first step is to assess your levels of risk. What systems are critical to your business? What systems are less critical or are ones that you can do without in the event of a disaster? Make a list of business functions such as accounting, payroll, customer support, and transaction systems and determine which ones are on your mission-critical list. Also assess what operations are dependent on in-house systems, which are likelier to fail in the event of a disaster (e.g., Is your customer relationship management software system running on site or hosted in the cloud?). Once you have a systems inventory, you can start developing a disaster recovery plan.

As part of your assessment, you also should consider whether you need to focus on RPO or RTO.

RPO, or recovery point objective, is the amount of time your operation can tolerate a disruption—30 minutes, an hour, a day, etc. Can you lose a few hours’ worth of data without doing much harm to operations? Some companies are more tolerant of lost data, while others are less tolerant of lost data, such as financial services companies dealing in real-time transactions.

RTO, or recovery time objective, is the time between a disruption or failure and a return to operating status. High-volume businesses, such as retailers, may decide that even a short period of downtime is more than they can afford, especially during the holiday shopping season. Other businesses may be able to do without systems access for a day or longer.

Depending on your operation’s tolerance for downtime, you can consider different recovery options. Restoring systems from backups, for example, may take a short time but will ensure that you get all your data back once systems are operational. While this is more cost-effective, it also requires maintaining a regular backup schedule so that you always have the latest data available. For truly mission-critical computing, some organizations use mirrored data storage so that duplicate systems are ready to go. This is an expensive but highly effective data fail-safe; if your system fails, then you have a complete working backup ready to bring online.

Cloud computing services are an effective compromise. If a disaster strikes your business or local operation, services and data stored in the cloud will probably be unaffected. As soon as you deal with the immediate computing problem, you can reconnect with cloud services with no loss of data.

This is where your managed services provider (MSP) can be invaluable. Your MSP can help you with backup and data recovery strategies, establishing cloud services and data repositories, and assessing RPO and RTO. Disaster recovery is a core part of any MSP’s business, so you should take full advantage of an MSP’s expertise and resources.

Communications Is Key to Recovery

Resource allocation and effective communications are at the core of a successful data recovery plan.

Once you prioritize the hardware and software that are essential to your business, you need to determine who has responsibility for each component. Assign key roles and responsibilities, including systems restoration. Be sure that the entire staff, from the executive suite on down, understands their role in the event of a disaster and include your MSP at the top of your contact list.

Once the responsibilities have been assigned, you need a communications plan. Everyone affected by the disaster needs to be alerted, but the disaster itself may also affect communications channels such as email and phone service. Be sure your communications plan accounts for contingencies. Also, be sure that the communications plan is well-documented and that everyone has regular updates.

Your communications plan also needs to encompass business associates and partners outside the organization. Include a post-disaster alert strategy to reconnect with business partners to let them know you are back in business.

Once you have your disaster recovery plan in place, test it and refine it. No disaster recovery plan should be static. New systems and equipment are added to the infrastructure, staff changes, and procedures and protocols change over time. Update your communications plan and contacts lists and test your procedures to ensure they are flawless.

Every business needs a disaster recovery plan. Start with disaster recovery basics and continue to build out your plan until you have accounted for all your business-critical systems. Remember that you don’t have to prepare for the next disaster on your own. Your MSP can help you identify potential threats, determine which systems are likely to be affected, and help you develop a contingency strategy that will get you back in business quickly, without breaking the bank.

ct small business guide

About The Author

President of NSI, Tom has been helping small and medium businesses succeed in Connecticut for over 25 years.