This blog was updated in February 2018.
The time it takes to get your business back up and running after an event is critical. Every day that is lost increases the likely hood of business failure. According to the Federal Emergency Aid Agency (FEMA), 71% of business are no longer operating just 2 years after a disaster. Smaller businesses, who are less likely to have been able to pick up the pieces after a significant event, have a higher failure rate.
One of the key factors that determines the likelihood of successful navigation of a disaster situation is how well prepared the business is. This planning should cover employees, technology and customer communication.
Keri Lindenmuth, Marketing Manager at Kyle David Group, says: “As an IT company, for us, “disaster” for small businesses comes in the form of data breaches and hacks. Data loss can cost businesses hundreds of thousands to millions of dollars. This is why some businesses who have experienced a security hack close their doors within a year or so.
“Putting together a disaster plan for data security should be no different than putting together any other plan. Bring together a diverse group of employees and experts, from tech and marketing to legal and finance. This brings a wide array of insights and backgrounds. Make sure your plan covers what you’ll do before, during, and after a breach. How will you prevent a breach from occurring (password policies, using a VPN, banning removable storage, etc.)? What about during a breach? How will you contain the hack and inform stakeholders in your business? What about after? How will you rebuild customers’ trust in you?
“Also, don’t forget to plan for the costs of cyber liability insurance. It’s best to invest in this insurance now because it will cover the technical and legal costs of a data breach. This insurance can be the difference between your business rebuilding following a disaster and your business closing its doors forever.”
Alice Ruhe, Partner at SMB believes that in most instances early diagnosis and accurate prognosis can foster the best results. “All too often, good businesses go by the wayside because the early signs of potential distress have been ignored, or worse, have not been identified at all”.
Business continuity plans should enable a business to respond quickly and effectively to most incidents, ranging from as small as a temporary power outage or the devastation caused by hurricanes and earthquakes.
Matthew Struck. Partner at Treadstone Risk explains that “For most organizations, major disaster risks include severe weather events (Katrina, Sandy, Midwest flooding, etc), catastrophic fires, cyber attack (ie – the City of Atlanta), large product liability events (ie – J&J tainted pain reliever), and catastrophic Public Relations events (ie – Sony, VW, etc). ”
Plamen Pazov from Xyber Data Recovery, says: “There are many precautions that can be taken but there are still failures. When things go horribly wrong, one of the most reliable forms of disaster recovery is good old fashioned data recovery, and the results can be remarkably fast and efficient, as well as much cheaper than most alternatives.
“Unfortunately, that option doesn’t justify the large upfront expense programs and is usually left behind, often not even used.”
Michelle Joosse, CEO of Hotline IT, says: “The weakest links in business is the lack of planning for a disaster; businesses need to understand their risks and make plans accordingly. At the very least, they should have an offsite backup solution, whether that be cloud or tapes, and they need to be stored offsite.
“There are a lot of good backup solutions available, but we personally suggest Datto SIRIS platform backups. Businesses should have at least a nightly backup offsite, but how long they store each backup is dependent on how important that data is to the business.
“One of our clients had a water leak in their server room and damaged all of their server equipment. We had a backup device in place that allowed us to spin up their servers as virtual machines while we replaced their servers and repaired their server room. Without that backup, it would have had devastating consequences to their business.”
Richard Laycock, Business Insurance Expert at Finder, adds: “When it comes to safeguarding your business, it’s easy to forget the importance of having an extra safety net. While people may be vigilant around cyber security, business insurance is something that can provide additional value to measures that are already in place.
“Investing in something like cyber liability insurance can provide that added protection that a business owner might need for peace of mind. In this case you can work with a provider to create a tailored policy that really fits the business’ needs, and these can typically be tweaked as you go.”
Colton De Vos, a Marketing and Communications Specialist for Resolute Technology Solutions advises putting a DR plan together strategically. If you have the resources and time you can do it in-house or hire a firm to do the plan for you.
Technology gives us the upper hand in dealing with unexpected events. Businesses can take simple steps that will improve day to day operations, but also allow them to continue to operate during an unanticipated event or incident.
The weakest link
Emy Carr, Managing Director of leading data management company, EC Integrators advises: “If you’re taking in any customer data at all, there needs to be a governance process in place to understand how that data is moving across the organisation. Who is seeing that data? Who is touching it?”
“Any weak link across those actually compromises the data. These are prone to identity theft and hacking. Any organisation, small or large, should have a data governance in place.”
Jonathan Rhodes, is the Technical Lead and part of the 24/7 platform support team at Sitback Solutions. He advises that in terms of security, internal attacks by disgruntled employees, actions by misinformed employees, insufficient data encryption, unpatched software, and 3rd party vendors are the weakest links for businesses, and he advises using both onsite and offsite backup systems.
He says: “Onsite backups are kept at your place of business. There are a number of different systems that can be used, including external hard drives, tape drives, USB drives, and network attached storage (NAS) drives.
“However, storing backup copies of your data offsite supplements your onsite storage program and provides excellent insurance in the event of a disaster. Offsite storage systems typically involve either creating backups on physical drives and storing them in another location, or investing in an online or third-party backup service.
“A combination of both onsite and offsite backup is the most effective way to avoid the potentially crippling effects of data loss. For the safety and security of your business, we recommend implementing a system that uses elements of both methods.”
Every network has multiple points of potential failure. If these break, then the network stops working. The revolution in cloud based technology such as VOIP or managed services have made it possible for multiple end points such as a phone line or computer to stop working with the end user still being able to communicate by connecting via a different connection or access point.
Greg Eick, MBN & Voice Network Specialist from PhonesNow implores “Reliance on just one high speed data service leaves business owners vulnerable to failures Redundancy is not an “optional item” whether you have the NBN or not. In fact it is a crucial element of the overall telephony and data solution.”
However, you can prepare your business in the case of a crisis occurring. Dr Amanda Olsson, Communication Director at Elevate Communication, says that ‘starting with a strategy’ is one of the critical steps a business can take to mitigate risks during a crisis. She says: “When it comes to crisis communication, the age old saying ‘if you fail to plan, then you plan to fail’ rings true. Therefore, it’s paramount to draw up a comprehensive crisis communication strategy, which has all the steps laid out when you need it most.
“The strategy should outline the process to be followed in a crisis, including the names, contact details and duties of all the members of the crisis communication team, spokespeople, stakeholders, key messages and holding statements, Q&As, letters, or important media (if needed). A good crisis management plan will guide your team through chaotic and rapidly developing situations, helping them to coordinate processes, ask the right questions and action critical tasks to save time, resources and your reputation.”
Should you have a disaster recovery plan?
OF COURSE echoes Anna Daugherty,Digital Marketing Manager for PITSS
“You should always have a disaster recovery plan. Even the best-known cloud hosts like Amazon can be subject to DDoS attacks or other outages. Don’t risk losing financial or customer data or a crucial part of your business by not being prepared.”
Murray Goldschmidt, COO of cyber security firm Sense of Security, also explains that you should be wary of the security risks of the Cloud. He says: “Cloud platforms provide the building blocks for organisations to build, configure and deploy their systems. However, frequently, companies are compromised through poor configurations that are within their control, but not necessarily assessed or viewed at appropriate frequency.
“Businesses who don’t do their due diligence in assessing their cloud service provider against their cyber security policies, or the businesses’ implementations within cloud environments, run the risk of facing fines of up to $1.8m under the new laws set out by the Notifiable Data Breaches Scheme.
“There have now been a swathe of attacks resulting in data breaches, particularly targeting common cloud service platforms which are generally implemented with vendor default poor security controls. The fixes to these problems are normally very simple, though; they are just configurations that need to be improved to more secure settings. Starting from now, organisations will need to place greater effort in conducting more on-going automated scanning and testing to determine if they are prone to attacks.”
Sarah James from ISMS.online adds: “Due to the type of work our organisation does, we come at cloud computing from a data security point of view. With the impending General Data Protection Regulation (GDPR), personal data and its security are at the forefront of people’s minds.
“When researching a cloud solution it’s important to check out their terms and conditions and privacy policies so that you understand where the data is stored, what they do to protect it, and what will happen in the event of a breach. For example, the ISMS.online cloud software undergoes regular penetration test and uses encryption to protect data from being exposed.
“Nonetheless, the user can also help in ensuring that the cloud storage service is as secure as it can be by choosing strong passwords and setting up 2 Factor Authentication where possible.”
Below are some other simple steps that your business can take to make sure you stand the best chance of recovering should a disaster strike.
- Move your phone numbers into the cloud – just like a 1-800 number, you can direct your calls to any other line. This could be a second office or simply a mobile number. For bigger businesses or companies that need an ‘always available’ service, you can construct complex routing plans that ensure the calls are queued and answered seamlessly.
- Move to hosted telephony or VOIP – Hosted telephony means the phone system is hosted by a carrier rather than being located on premise. These are very secure and millions of dollars are invested into them to ensure they never go down. VOIP handsets can be relocated easily, or worst case scenario can be replaced at a fraction of the cost of a full phone system and normally delivered in 24 hours. For the very short term, you can normally re-direct calls to mobiles.
- Install a back-up data circuit – having a second internet connection allows not only for a greater overall bandwidth under normal circumstances, but it also means you can keep operating if one circuit goes down. Retail customers are a good example; if a credit card machine stops working, it can mean huge amounts of lost business and unhappy customers, but this risk is unlikely to materialize if you have a back-up data circuit. A low cost alternative is a mobile sim. This will need to be tested to make sure speed and signal are sufficient.
- Auto failover -automatically failing over onto a second circuit used to be very expensive. Recent advances in SD-WAN technology means you can now deliver this at a fraction of the cost.
- Moving massive amounts of data over the T1 internet & network can take a while. Be prepared.
- Offsite back up – onsite servers have been the mainstay of business computing for decades. However, with connectivity and storage costs now at a record low, you can back everything up offsite for a fraction of the previous costs. By ensuring that all important applications and files are stored both locally and in a data centre, you can restore service quickly and with minimal corruption of data. Lynn Simmons, R.P. from CRMKC (Commercial Risk Management of Kansas City) says: “Cloud storage or off-site backup storage is a must for all businesses to assure continuity of operations. In this data age, employees can operate almost as efficiently off-site as they can on-site. Having adequate access to laptop equipment and VPN access to servers is critical to operate post-catastrophe with minimal disruption. Multi-site businesses have the advantage of having alternate locations and resources available to assist them through the immediate post-event disaster stage.”
- Cloud applications – software providers are pushing people towards a “pay as you use” service. It means you get lower support costs with the added benefit of being able to access what from anywhere in the world as long as you have the right credentials. From a disaster recovery perspective, it not only keeps the data safe, but means they can continue to work even if they are unable to access your premises.
- Multiple Access points – “You need to ensure the data is hard backed up and have multiple access points in case of failure of one pathway. You need to work with a trusted provider too who can show they have sufficient backups and recovery SLA’s so you do not lose important data or have unreliable uptime reducing your efficiency.” via Adelaide Broker.
- Plan and then practice and practice – people function better when they know what they are doing. This is why the military will practice procedures until they become second nature. While it may not be necessary to drill procedures as much as the military, ensuring that employees know what to do if an issue occurs is important. This may be something as small as knowing how to open their desktop VOIP client on a home laptop.
- Communication – no one likes to be left in the dark, especially when things go wrong. Ensuring staff are clear on how to keep customers and other stakeholders up to date with the outage or interruption is vital. It is understandable that things can go awry, but often a business is judged on how it responds and communicates, and this can have a lasting positive or negative impact.
Arna van Goch, Founder and Owner of Horizons21, agrees with the importance of keeping your customers informed when a disaster does strike. She says: “Customers always come first, whether they are right or not. This of course, is very industry-dependent, but no matter what you are selling or how you are selling it, talk to your customer.
“If there is a disaster, people are, more often than not, going to be very sympathetic. No one wants to be caught at the bad end of a hurricane, no one wants to have computers fried or (worst of all), have products ruined because of a natural disaster.
“In 2017, it’s not just about the great products you have; it’s also about the customer service. Without a solid customer service plan in place, you are not going to make it very far. Put simply, solid customer service means making it personable, pre-empting questions and answering them.”
Asher DeMetz, Consulting Engineer at Sungard Availability Services, adds: “Lack of communication and practice can be a business’s downfall. The best-laid disaster recovery plans aren’t worth much if your employees don’t know what they’re supposed to do. Organizations with the best chance of recovery train their employees regularly, with drills. Just like how we all know what to do in a fire drill, your employees should know their roles in disaster recovery by rote. If everyone is panicking and trying to remember what to do, you’ll lose precious time and data.”
Above all, this article should alert you to the importance of backing up data as a routine. A natural disaster is a rare occurrence but other more likely events, as advised by Andrew May, owner of Pc Repairs include hardware failure, theft, user error (accidental deletion), virus, ransomware and physical accidents. Better to be safe than super sorry!
Our listed citations.