Imagine this: You’re going through emails, spy an urgent message from an online vendor asking you to click to confirm important information, and you do it. Suddenly your computer ceases, freezes and stops working. Yep, it was a hacker. It’s time to activate the company’s data recovery plan…if you have one.
Planned or unplanned IT outages have significant tangible and intangible costs to a business, with unplanned downtime costing up to 35% more than planned. It’s estimated downtime can cost small businesses $423 per minute, whereas large organizations can lose over $9,000 per minute. These costs to not factor in reputation and potential legal issues. Add it all up and it’s easy to understand why a disaster recovery plan is so important.
There are a lot of disaster plan evangelists who’ve created videos outlining their five, seven, nine or more steps to create a plan. Their narratives and related blogs are filled with jargon and jumble. Let’s simplify. Here is what a business owner truly needs to consider, write into a document, and communicate for an IT recovery plan.
Prevention: Whether it’s the owner or the on-staff IT professional, someone should stay up to date on the latest topics and trends related to ransomware, malware, and hackers. This information should be shared with staff, so they stay alert and aware. If staff spies a con job, what should they do to keep company leaders aware? The more you know, the less likely you’ll click on the bait, thus keeping IT systems up, running, and healthy.
Protection: I’m often surprised when I speak with a company owner or leader and inquire how they’re backing up and protecting their data. Often, they don’t know the last time a backup happened. They don’t feel confident data is protected. If there’s a glitch in the system, backups will save you (and the more recent the better). Know the answer to these questions. Protecting data by using the most updated technology and having backups on hand is the best method of preventing downtime and securing customer information.
Point of contact: If something does happen, who is your company’s point of contact? What’s the framework to escalate the issue? Having a person or team identified to manage IT-related issues reduces downtime because everyone knows who is in charge. Even if you work in a five-person company, identify who is in charge to get the system back up and running. Have a second and even third person ready to help (people take vacation).
Partners: As many businesses move systems to the cloud, they’re partnering with managed services companies. These external partners are the people who will take care of your data and business in the event of an IT emergency. Build their processes into your disaster recovery plan with answers to these questions. Who does your team call in the event of a data breach? What’s the process to restore a backup? How long does it typically take? Know and understand what to expect if something happens.
Protocols: All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have laws requiring private businesses, and in most states, governmental entities as well, to notify individuals of security breaches of information involving personally identifiable information.
Different industries are governed by different communication protocols related to data breaches. For example, on May 1 bank rules related to cyber incidents changed with bank regulators saying institutions must report cybersecurity incidents within 36 hours when such breaches have caused serious harm or are likely to cause harm. Know and understand the reporting protocols and processes to ensure customers are aware if the potential risk to their information as quickly as possible.
Years ago, a major challenge facing managed service providers was determining which data should be replicated first to get people back to work. Disaster Recovery Planning felt overwhelming and complex. By 2025, 85% of businesses will have a cloud-first principle, according to Gartner. An advantage to working in the cloud is the ease of restoring systems from backups, but this does not eliminate the need to have a disaster recovery plan. Especially when you think about the cost of unplanned downtime.
Take time to write out the answers to these topics to create a plan and then communicate it, specifically with points of contact and protocols, with staff and partners to ensure they know what to do if there’s IT emergency. Why? Because when an emergency happens the time to plan already passed.
Aaron Toops is co-founder and CEO of AERIFY.oi, managed services IT business that makes technology simple, safe, and fast.