This is a question that should keep many business owners awake at night. Unfortunately, it is more likely to be met with a blank stare or a slight shrug. Business continuity and disaster recovery are often nothing more than an afterthought if, indeed, they are thought of at all.
Have you tested your disaster recovery plan?
If the first question isn’t keeping you awake at night, then this one ought to stop you sleeping until you know the answer. Some companies do indeed have a business continuity plan and they have spent time working out how to recover from various disasters. So why go to all that effort if you aren’t going to test your plans?
If you’ve read our blog post about Social Engineering, then you’ll know that it is only a matter of time before you have a major incident. SquareCubed have dealt with two incidents at separate companies in the last twelve months alone. Fortunately for both of those companies, we had already designed, planned, implemented and tested a disaster recovery system. The systems worked flawlessly and neither business lost anything more than a few hours of productivity. Unprotected businesses, on the other hand, would have stood to lose a lot more. There are multiple reports of the “80% failure” statistic for businesses that have suffered a disaster although none are apparently backed up with any evidence. Still, this does lead onto the question that we always ask a business owner when designing a disaster recovery plan for their IT systems:
How much data can you afford to lose?
Consider a business that uses very few documents and the majority of their work is based around their accounting software. For businesses like these, losing a load of letter templates is irritating and inconvenient but hardly an insurmountable problem. On the other hand, losing their accounting data could result in massive losses to their business. Sales would not get invoiced, tax payments would be calculated incorrectly and so on. They could lose a month of inconsequential files without much difficulty but no more than a day of their accounting data. Other businesses may rely on the documents that they are producing and won’t want to lose even half a day of work. A good disaster recovery plan takes all of this into consideration.
But does it stop there?
You’ve now got your disaster recovery plan. The plan has been tested and you are confident with the results. You are ready for the inevitable. Do you happily put that on the shelf and get on with other things? Well, yes. To a point. Key personnel need to know what the plan is and where to find it. The plan should be revised and retested periodically to ensure it still meets the demands of the business. Future strategy decisions on investment in the IT infrastructure should also take into consideration the demands of disaster recovery. As with most things in business, the plan will evolve and grow with the business because, without it, the business could literally go down in flames.