I can’t tie a knot that would safely secure a boat, nor can I carve a race-winning pinewood racer, but I’m pretty sure my time as a Boy Scout primed me for a career in technology. Their motto, “be prepared” made a deep and lasting impression on me, and I try to exemplify that attitude in how I conduct my business, and encourage my clients to do the same. This can take all forms – planning for the safety and security of your loved ones is something everyone should take very seriously – but many businesses are less than ideally prepared for adverse events. Though most folks think in terms of actual disasters – fires, floods, earthquakes and so on (welcome to Southern California!) – you should also consider smaller-scale catastrophes such as data loss, security breaches, employee malfeasance, theft, vandalism, and virus infections. Every business should have a Disaster Recovery and Business Continuity Plan, and if that business or organization relies on technology, those plans should include technology recovery and continuity as well. Don’t have a plan? Here are five important items to get you started on writing one:
- Back up your data – most folks have learned the hard lesson of data loss and at a minimum try to back up their most important data to a separate drive. But if that backup is stored on premise, it is just as susceptible to whatever might damage your source data. At minimum, a copy of your backups should be stored offsite in a secure location, and the best solution is a combination of cloud-based backups and regular rotation of local backups to an offsite location.
- Keep track of critical logins and passwords – most organizations that can’t afford to maintain a full-time IT person on staff often suffer from a blind spot in their operation manuals and documentation: logins and passwords for important technology services, as well as contact numbers or email addresses for critical vendor services. Keeping these small bits of information current and stored offsite can mean the difference between hours and days in recovering from a disastrous event.
- Identify your technology weak spots – if your business relies on physical technology to conduct business, consider how hard it would be to operate without that technology for days, or even weeks. Email or web server on premise? Payroll checks printed on special printers? Even if you don’t use any specialized hardware, can your business operate without internet or electricity? Identifying these potential vulnerabilities will go a long way to helping you minimize or eliminate them before they can cripple your business during adverse circumstances.
- Evaluate vendor preparedness – if you rely on service providers for crucial technology services, you should have at least a basic understanding of how prepared they are for disasters. Though you have less to worry about with large, experienced providers (even Gmail goes down from time to time), if one of your “weak spots” is a service provided by someone else, you should know if they are prepared to handle a disaster, and how the loss of this service would affect your own operations.
- Train your people – if you or someone in a leadership position is incapacitated or isolated from the organization, others need to be prepared to fill those shoes. This means training them or at least preparing documentation for them on all of the above. Nothing is worse than watching an organization flounder while everyone stands around staring at each other not knowing what to do.
These are only a few aspects of a well-formed DR/BC Plan. The larger the business, the more detailed and complex it will become, but every organization large or small, should have one. It may seem expensive or a waste of time, but putting the effort into a DR/BCP will be the difference between your organization overcoming a challenge or succumbing to a disaster. Be prepared!
Image courtesy of winnond at FreeDigitalPhotos.net