With 70% of small firms that experience a major data loss going out of business within one year, having a robust business continuity plan should be a top priority. There are a number of initiatives that can be undertaken to guard against risks, especially within the IT department, which underpins the operations of many companies today.
Together with our Managed Services Provider partners, we regularly hold business continuity seminars that explore how to protect and survive, and advise companies to take the following steps.
Draw up a business continuity/disaster recovery plan
As the government said in its response to the recent Storm Desmond floods, you can’t protect against all events. Unfortunately, some businesses that had industrial equipment destroyed will have significant downtime, and may indeed go out of business or contemplate moving to another area.
Even the worst case scenario should be planned for, as well as all the “minor” events that pose threats, and there really is no substitute to drawing up a business continuity plan.
The good news is that, along with the exhortations to do such plans from bodies such as the Federation of Small Businesses, there is plenty of help, in particular from the Business Continuity Institute, where you will find free resources such as checklists, standards and guides, and also material on the allied areas such as supply chain continuity, and risk management and insurance.
Note that as a term, business continuity usually applies to procedures to ensure essential business functions continue to operate, while disaster recovery involves a technical process for certain functions, in particular IT (information technology).
Assess your IT and communications systems – where are the weak links?
IT and communications form the backbone of so many companies and, with the right business continuity strategy in place, are far easier to maintain during both a disaster and against day to day threats. Digital information is far easier to replace than machinery.
However, their ubiquity is also a weakness, and there is a formidable range of threats. This includes the corruption or failure of disk and computers, downtime in communications lines and mobile networks, viruses and hacker attacks, and accidental or malicious actions by your own employees. In fact human error generally is one of the biggest causes of IT problems.
It’s hard to think of any organisation that shouldn’t have an IT disaster recovery plan that takes into account the setup – server, backup, virus and security protection, communications link redundancy, home working provision – and so on. It’s also important to consider security from the point of view of data theft as well as downtime. See also our disaster recovery checklist for planning purposes.
Back up and protect your data
The most important part of your IT setup is your data – computers, servers, smartphones and application software are all readily replaceable. Data, however, is not limited to vital files such as your accounts, customer and email databases – it includes configuration files, such as preferences, that manage your system and applications – losing these also means downtime.
Ensuring that you backup all the right material is crucial, as is keeping at least one copy of the backup away from your premises – and this can be done ‘in the cloud’, i.e. in a remote data centre, rather than taking a tape or disk out of the office as many firms still do (or forget to do).
Today’s backup systems aren’t only present in your office, but also keep a copy remotely – as the last thing you want is for a fire or a thief to wipe out all your work.
Get up and running quickly after a disaster
A major problem that many firms run into is actually making use of a backup. It may turn out to be corrupt or incomplete, or the process could take many hours of painful reinstallation of files.
One way to dramatically speed up restoration is to opt for a backup that takes a complete, verified image of your system rather than just parts. With this approach, you can restore all your data, applications and system quickly, either at the office or even in a remote location should your main site be unavailable.
Recent examples of clients using Datto technology for disaster recovery areinclude a Derbyshire-based estate agent, whose main office burnt down in 2014 but was up and running next morning at another office; and a Birmingham office outfitter that suffered a server failure but restored operations from an image taken just a few hours before.
There are a lot of ways to configure backup systems, and it’s well worth examining which ones offer the most stress free experience.
Move to cloud computing for more flexibility and continuity
Most of us use cloud software services now, such as Google’s suite of applications, but a number of other types of cloud application have grown rapidly in popularity, such as customer relationship management (CRM – where Salesforce is king), and Microsoft’s Office 365, and not least, cloud backup (most will have come across Dropbox, at least through its file sharing options).
There are more sophisticated cloud backup offerings, called ‘disaster recovery as a service’ (DRaaS), which can provide entire ‘failover’ operations, and which highlight the advantage of cloud – you’re getting a service, not just software, and you don’t have to worry about maintaining applications or even buying them, as most cloud services are rented. In terms of data protection and security, you can specify, for example, that all your data must reside on a secure UK data centre.
Choose a managed services provider
Managed services providers (MSPs) are a growing force in IT because they offload many of the day to day IT operations from companies so they can focus on core business. They are partnering with software firms to deliver all manner of cloud and communications applications, not least data backup and disaster recovery services.
There are many different types of MSP – some specialise in certain industries and in certain areas of IT or communications (e.g. call centres) – but the value lies in providing a central resource, usually with a help desk, that takes responsibility for delivering a service, with predictable billing.
This is great advantage in disaster recovery, as expertise will always be on hand. There’s no need to opt for remote companies on a different continent – many MSPs in the UK have regional offices to give personal service.
Testing, testing…it’s a must do for all
Finally, many companies just don’t put their business continuity or disaster recovery plans to the test. A majority will test for an emergency, such as using a telephone and messaging ‘tree’ to alert staff, but others will not actually do a live test of an IT failure, or a scenario where say head office is out of action and employees need to switch to mobile and home working.
All the guides on business continuity can’t really stress testing more strongly – and one other advantage of using an MSP is that you can ask the company to do the IT part of the test for you.
Sourced from Andrew Stuart, MD of Datto EMEA