Novelist Chuck Palahniuk said “only after disaster can we be resurrected.” For some that might ring true as the opportunity to rebuild and revitalize often creates strength -- strength within you, your business, and community. Like a Phoenix rising from the ashes, your company is reborn and ready to soar.
However, for the one in four companies that do not have a business continuity plan to respond to disasters, according to an 2004 AT&T study, resurrection after disaster is not a possibility. We live in a virtual world. Companies store and share data electronically while their mobile employees rely on electronic information to complete assignments. Accounting departments file and pay bills and compensation forms via websites, and Human Resources personnel have discarded paper files in exchange for online storage. Although technology has simplified the way we conduct business, if a company experiences a disaster without any preparation, the end result can be devastating.
Businesses rely on continuous access to data and a loss of it during any disaster may have serious consequences. Depending on the particular situation, every hour of computer downtime can cost a business thousands, sometimes millions, of dollars. Very often, small-to-medium businesses are not adequately prepared for disaster recovery. The costs associated with data storage and other technologies are noted as the number one reason for failure. According to research conducted by the University of Texas, only six percent of companies suffering from a catastrophic data loss survive, while 43 percent never reopen and 51 percent close within two years.
While disaster recovery and business continuity are cited as a top priority and business initiative, many technologists find that obtaining funding for disaster recovery is easier said than done. Although the company CFO or Controller looks at disaster recovery as important, it is difficult to identify how much the company really needs to spend to be sufficiently insured against a disaster.
Gartner estimates that only 35 percent of small to mid-sized businesses have a comprehensive disaster recovery plan in place. Nobody can predict when a disaster will strike but from studies like the one by the University of Texas we can predict that a business that hasn’t taken precautions will likely go under. This is tragic because business leaders can often make the necessary preparations at costs well below what they may think.
Expect the unexpected
When it comes to disaster preparation, many tend to think, “It will never happen to me.” After all, your company may not be in a hurricane or tornado zone, and your employees are loyal and educated on the do's and don’ts of Internet usage. But data loss can result from any number of factors, including: human error; power outages; smoke or fire damage; water damage or floods; hardware failures or software bugs; human-threats such as hacking or viruses and even disgruntled employees.
So how, you ask, could we possibly prepare for the unknown?
There are some initial steps that you can take to create a comprehensive plan ensuring that you are on the right track should disaster strike:
Examine risk: Thoroughly examine your company’s systems and determine what risks can affect overall uptime. When looking at a disaster recovery budget, many CFOs ask that IT managers thoroughly review the technology that is critical to the daily operations of the business. List the age of the assets and the likelihood of a breakdown. Review all of the software licenses and when upgrades are due. Many smaller businesses do not have the budget to consistently purchase new software or hardware, so make sure that routine maintenance is conducted and continually reexamine server capacity. Often the most “basic” of systems failures (server outage or e-mail can cause the most damage). Determine which of potential threats are most likely to occur and prioritize them by looking at the probability and potential impact.
Develop a written plan that makes disaster protection part of the routine: After assessing all potential risks, develop a plan that will ensure business operations can fully recover from a physical, computing, or natural disaster. Your plan should reflect your specific business needs. What resources will be required over the course of time and where is critical data stored? Files can be backed-up in a number of ways -- online, microfilm and disks -- and backup files should be stored completely offsite. Companies should not store critical backup files at someone’s home. This is not a secure location and it’s important to contract with an offsite storage company. After all, if your building is destroyed by fire having backups in your office won’t help. This seems obvious but preparing for a disaster is never a daily top priority, so having a systematic backup process that is integrated into daily routines is the only way to be sure you are covered.
Depending on your company’s needs and budget, there are a variety of vendors who can help. Make sure that a list of all relevant numbers, passwords, and codes is issued to key people so that you can access the data in the event your disaster recovery plan is activated. Finally, keep in mind that communication in advance of an emergency is critical. Once you have decided on a plan and processes, review the plan with employees. Preparation ahead of time will help ensure that recovery processes run smoothly.
Test the plan: Business continuation is a key focus of planning. Make sure that plans are in place and have been thoroughly tested. Bring in an outside expert who can vet the plan and revise it accordingly. It is important to keep all key personnel involved in the testing process, so they are aware of the necessary action required should disaster strike. Testing will help to determine the practicability of the recovery process and identify any inadequacies in current procedures. Most importantly, testing the plan will demonstrate whether the business will be able to recover. CEOs, investors and other stakeholders want to know that plans are real and not just words on paper. Conducting a thorough test will help you to demonstrate effectiveness and obtain necessary budget approval.
According to the NFIB National Small Business Poll, man-made disasters affect 10 percent of small businesses, whereas natural disasters have impacted more than 30 percent of all small businesses in the U.S. Hurricanes are the most destructive natural disasters, causing power failure, flooding, customer loss, and the closure of many businesses. Although preparing for the unknown may seem like a difficult task, not preparing can have serious consequences to your business. Taking the first steps toward setting up a disaster recovery plan helps ensure that your company can, in fact, be resurrected after disaster -- the Phoenix, restored to life and ready to fly.
Lisa Metcalfe is a Technology Regional Practice Leader for Tatum LLC. Tatum is the largest executive services firm in the United States, providing strategic and operating leadership in finance and technology nationwide.