It’s not if a disaster will hit your organization, it’s when. Disaster planning is one of those “to do” items that never seem get done in smaller organizations. However, a proper disaster and recovery plan can be the difference between a potentially fatal setback or moving on without skipping a beat.
As you read through the checklist, remember that disasters come upon businesses in many forms. There are the obvious ones: fires, floods, and storms, but there are many other disasters to consider in your planning as well. Think about equipment failures, theft, sabotage by disgruntled employees, something happening nearby that could impact your office, terror attacks, and corporate kidnapping via malware.
Here is a checklist of 9 things every small business disaster plan should consider.
While many of these items are IT related, not all of them are.
Backup your data
Before you move off this one too quickly, answer the following question. When was the last time someone confirmed that you are still backing up the appropriate directories and files? Now is the time to do it. You also need to make a decision on how many backups to keep. Incremental backups are great. But if malware gets into your system, you are just incrementally backing up a sick system. You should have multiple snapshot backups of your data in addition to the incremental backup. Furthermore, if you are backing up on site, you should have people assigned to swap drives or tapes daily and take them off-site. It does you no good to have your backup burned in a fire, destroyed in a flood, or stolen.
This is so important, it deserves its own checklist item. The time to find out your backups aren’t useful is not when you really need them. Make sure you have a written restoration process that works. By doing a trial restore, you can confirm your backups and process are working.
Many disasters involve the loss of equipment. This is the IT hardware and specialized equipment needed to provide your product or service. Do you have the appropriate spares stored off-site? Do you know how much stock your vendors keep and how long it would take for replacements to arrive? Knowing how long you may be down operationally is critical for checklist item number 8.
While so much of today’s business is done electronically, there are still plenty of critical paper documents stored in file cabinets or simply sitting on desks. Key documents used regularly should be scanned and stored securely. Originals of key documents should be stored off-site. Safety deposit boxes are an inexpensive, secure way to do this. Other documents such as paper receipts and tax returns should be boxed, labeled and stored off-site.
How will your customers reach you if you are not able to work in your office? You should have a plan to forward the main business numbers. This is also a good time to make sure you know how to forward them. If you use a hosted business phone service, it may be as simple as sending desktop phones home with employees with a reliable broadband connection. If the phones or the phone system is destroyed, part of your equipment plan should be having spare phones and how to get replacements.
In the event of a fire or natural disaster, you could be displaced from your offices for a while. You should talk to your landlord about alternative space, talk with friends who may have extra space in their offices, and consider co-working spaces such as Regus or WeWork. Make sure they can accommodate your power, broadband, and IT network needs as well or have a plan to set up a temporary IT network.
Have you documented how you will communicate with your key staff, employees, customers, and vendors? I recommend having different plans for different circumstances. Each disaster type should include the communication chain along with who is authorized to originate communication, who is responsible for getting the message to whom, and the medium through which the message will be communicated. For larger disasters, it will probably be more effective to communicate via SMS or email. Remember to include contingencies on how decisions will be made in the event you are unable to reach key people or they are unable to reach you. The plan should also include confirmation coming back up the chain to ensure the messages went out.
This is your rainy-day fund. It’s better to set aside a little each month for key equipment replacement rather have to scramble for financial resources while dealing with a major crisis. Get with your key team and determine what is needed to replace critical items. This should also include funds to cover payroll and other operational costs in the event operations are temporarily shut down. While cash is always the best option, it’s not a bad idea to have a line of credit established with your bank for the worst possible scenarios. Yes, you have insurance, but it may take some time to settle your claim – especially with widespread disasters. By the way, this is also a good time to review your policies to make sure you have the coverages you think you have and that the amounts are appropriate.
Migrate your data, desktops, applications, and telecommunications to a cloud provider
The reason so many IT professionals recommend this route is for the very reliability and redundancy you need to have built into your disaster recovery plan. If your organization uses Zoho or Salesforce, you already have that part of your operation being provided by a cloud service provider. If you have a business phone service being provided by your Internet Service Provider (ISP), that part of your operation is also likely being hosted in a data cloud. There are so many reliable solutions provided by well-known companies it’s pretty much a “no-brainer” to migrate Microsoft applications such as Exchange and SharePoint to a cloud provider with appropriate encryption and data center redundancy. Additionally, there is now a myriad of industry-specific solutions made just for your business. If you have hesitated because of the recurring costs associated with these solutions, realize that they are handling all the servers, data centers, broadband redundancy, firewalls, virus protection, and more – not to mention having all the smart people to keep it all running. Provided you do your research on where your data will be, how it’s protected, and put proper password policies in place, this is the easiest way to protect your organization.
Make reviewing your plans an annual event. You may be surprised how much changes in the course of a year.
It’s much more fun to focus on the “onward and upward”, but proper disaster planning can keep disasters from being disastrous.