Businesses can’t afford hiatuses in production – particularly small organizations. That makes it essential for owners or executives to have disaster-recovery plans, but only 25 percent of small businesses have one in place.
That number is frightening, and these downtime statistics, provided by Dynamic Technologies, should terrify owners or executives:
- 45 percent are caused by hardware failure
- 35 percent are due to loss of power
- 34 percent are the result of software failure
- 24 percent are caused by data corruption
- 23 percent are due to external security breach
- 20 percent are accidental user errors
- 93 percent of companies without disaster-recovery plans close shop within a year
- More than 50 percent experienced downtime that was longer than a full workday in the past five years
- Crippled businesses lose an average of $926 per minute
But 96 percent of organizations that have disaster-recovery plans survived attacks or meltdowns. That should be enough proof for leaders to initiate a strategy. But where to begin?
Ensure your network is secure. All hardware and antivirus software should be updated and working properly. And user-awareness training reduces the risk an employee would inadvertently compromise your operations.
Establish recovery objectives. Determine your Recovery Time Objective (RTO) or how much time it would take for your business to return to service. A Recovery Point Objective (RPO) represents how much data your business can afford to lose. And a Maximum Tolerable Period of Disruption (MTPoD) determines how long your business can withstand being shut down should you be unable to meet your RTO.
Create an Incident Response Plan (IRP). This blueprint should be followed in response to a breach. Employees are given roles and responsibilities to which to adhere.
Perform an audit of your IT assets on your network, so you can account for properties you need to protect. All data is vital, but it must be determined what information is essential to keeping your business running. Schedule data to be backed up periodically and store it in an off-site data center. Fires, flooding or other physical damage to a company’s headquarters could render the information useless. Backups should be tested regularly to ensure reliability and quick recovery time.
Disaster Recovery as a Service (DRaaS) is cost efficient. It eliminates the need to own or lease space in a data center. It removes energy and bandwidth costs and the need to purchase hardware. Not to mention, there would be no need to travel to and from an offsite facility. DRaaS replicates and saves data frequently and can have businesses running again within minutes. Traditional disaster-recovery plans could cost companies as much as three times more than DRaaS.
Here are five steps to follow should a breach or meltdown occur: Stop the attack, investigate the method, notify those who might have been affected – internally and externally – restore assets and prepare for the next attack.
Clients must be informed immediately. Those required to meet regulatory standards don’t have time to waste while restoring compliance. It also is critical in maintaining your company’s reputation.
Hopefully, your business never will suffer a breach or meltdown of this significance, but if it does, you’ll be thankful you had a disaster-recovery plan in place.
To discuss security strategy, email Security Analyst Frank Verdecchia at email@example.com.