by Patrick Wiley, CEO of Aldridge
As technology advances, customers are becoming less tolerant of downtime. If a businesses are unable to access its vital data and continue operating in the wake of a natural disaster, it could face damages to client relationships, profits, and ultimately, its reputation. Companies should view their disaster recovery capabilities from their client’s perspective and be proactive about making changes to policies and protocols that fail to support the needs of the business in times of crisis.
Each organization has unique standards and processes that determine how they do business and a backup solution must safeguard these procedures from both physical and virtual threats. The right combination of analysis, technology, and planning can help organizations avoid costly downtime when a natural disaster occurs.
Outlined below are a few of the ways an organization can protect its data and strengthen business continuity in case of a natural disaster:
Business impact analysis.
All businesses are unique and so are the ways they use their data and systems. What one company considers business-critical information may be proportionately different from the standards of another firm. The best way to determine what an organization needs to continue its operations when a disaster strikes, is to look at the structure and processes of the organization itself.
Businesses should perform a business impact analysis (BIA) to develop a clear picture of which processes are necessary to its functions and how a disruption of these processes would affect the overall organization both operationally and financially. This analysis is vital because a business may believe one system to be most critical to its survival, but find it’s reliant upon another system to operate on a daily basis. The goal of a BIA is to identify and prioritize the organization’s most business-critical elements and determine the interdependencies that exist within that structure.
A thorough analysis will allow the business to define a plan and timeframe for resuming operations to minimize resulting downtime and costs. Business owners should ask the following questions when assessing its data and IT environment:
- What processes are critical to the business and its operations?
- What procedures will be required for recovery?
- Which business resources are interdependent?
- What financial, operational, and legal ramifications does a disaster entail for the business?
- How long will recovery take?
Data backup and redundancy.
Data backup and redundancy are vital elements to the recovery of a business in the wake of a natural disaster. Without the right backup solution in place, an organization can face consequences that range from profit loss to legal penalties. If a hurricane or other event affects the physical location of a business, it will likely damage the on-site servers where data is stored.
Copies of the company’s data should be stored off-site, in a location outside of the region’s disaster impact zone to help guarantee employees can access vital information despite the interruption. Backups should occur automatically so the latest version of the information is available at all times and sensitive files should be encrypted both at rest and in transit to secure against hackers looking to take advantage of companies in a vulnerable position.
Reputable cloud solution providers (CSP) are a viable option for data backup and redundancy as they often offer customized security and storage options that can enable businesses to adhere to compliance standards while storing their data in a remote location. Businesses should perform regular data assessments to determine how information is used and what files are necessary to operations. Business owners should work backwards asking themselves the following questions to determine what data is business-critical:
- What data would be required for the business to achieve a full recovery?
- Where is client information stored?
- Which data files are heavily accessed and used?
- With which departments do data files align?
- How will the business’s employees access data to resume working after a disaster?
Disaster recovery plan.
A disaster recovery plan outlines the standard protocols that should occur before, during, and after a disaster takes place and should be implemented in every business. The plan serves to decrease the time and risk associated with recovery delays, ensure the recovery systems in place are capable of supporting the business, and minimize the need for decision making when a disaster occurs.
A designated planning committee should be formed to compose a written plan that encompasses potential risks and recovery strategies. However, businesses must not only have a plan, but hold regular test drills to identify areas in need of improvement and ensure employees are comfortable with the specified procedures. A proper disaster recovery plan includes determining the business-critical systems (accounts payable, manufacturing, building security, etc.), identifying the recovery time objective (RTO) and recovery point objective (RPO) for each critical system, recognizing the threat involved when the critical system is down (server failures, no security system, no access to client records, etc.), and developing a prevention strategy to avoid threats (have a backup server in place, secure equipment rooms, etc.)
It’s also crucial for the plan to develop a response strategy if the threat does occur (switch to a backup server, run operations on an alternate system, etc.) and to develop a recovery strategy (fix and fall back to primary server, fix and return to primary system of operations, etc.)
Remote access to data and applications is an integral part of the disaster recovery process and enables a company’s employees to continue working from any location outside the office when needed. Business should implement a remote access solution that’s easily deployed and managed. However, the solution should also have sufficient capacity to accommodate a sudden increase in virtual private network (VPN) traffic.
If a hurricane occurs, most employees will likely be operating remotely and the network must be capable of supporting those users without incurring additional downtime. Furthermore, the solution should provide users with access to all necessary network resources such as web applications, file sharing systems, client/server applications, and even web conferencing or VoIP if phone systems are down throughout the area.
Data backup and business continuity is pointless if an organization’s employees do not have the means or knowledge to access the resources they need. If a disaster affects the on-site systems, employees will likely require a connection to data files, VPNs, or cloud applications from a remote location. Businesses should hold regular training sessions to guide employees through recovery systems in place and educate them as to where critical data is stored.
Keeping your business safe against the threats of natural disasters not only protects your brand’s physical place of business but its data, your clients’ data and furthermore, your brand’s reputation.
Patrick Wiley is the CEO of Aldridge, a technology management, consulting and outsourcing company that specializes in providing the best fit IT solutions. Wiley has been with Aldridge since 2004 and currently oversees all aspects of the company’s operations and growth. Aldridge has worked with a variety of companies to make sure their data is protected.