September is National Disaster Preparedness Month, and it’s never been timelier. Whether you face the risk of hurricanes, fires, floods or theft, it’s important for even the smallest business to consider that the worst may happen. But, let’s focus on the “preparedness” part of the month. Here’s you should do to make sure you’re ready for the worst.
Conduct an IT Risk Assessment
Risk assessments determine what disasters your business is most at risk from, and what sort of damage those disasters can do. There are professional risk assessment services you can use, similar to a third-party audit. Ask your managed services provider if they conduct risk assessments.
The IT research firm Gartner predicts that by 2020, 30% of companies will have been directly compromised by independent cyber activists or cyber criminals. A Risk Assessment can prevent this. It also determines if your technology is in danger from:
- Accidental deletions and human error.
- Natural and manmade disasters.
- Unauthorized access.
- Data breaches.
- Computer viruses and malware.
- Email hackers.
Small companies may be able to conduct their own risk assessment, although a consultation with an expert can still prove helpful. Find out what disasters have historically been common in your area, what similar businesses are prepared for, and what current risks are on the rise. This will help you prepare properly!
Find a Way to Secure Data Offsite
Today’s companies run on data. When that data is destroyed, the company itself is at risk, especially smaller businesses that are still building a client base and don’t have any alternatives if their data is stolen or wiped clean.
That means that keeping all your data backups at the office is a bad idea – a single fire or flood could ruin everything you have. A key part of preparedness is keeping an updated copy of your valuable data away from your work location in case something bad happens. The common method is to arrange for cloud storage backup services through your web host or a similar service that automatically uploads data to faraway, protected services.
Study and Update Your Business Insurance
Business insurance ranges from required insurance for certain practices, to an array of potential policies and riders to cover all sorts events. It’s might not be fun paying for something you many never need, but if you do, you’ll be happy you have it.
- Data insurance: This helps you recover from data theft or loss. It typically covers costs associated with lawsuits and getting the business back on its feet. General liability insurance won’t cover data loss issues.
- Disaster insurance: This can be expensive, but if your company operates in an area that’s prone to a particular disaster that could threaten everything, it may be worth the cost. Again, general liability insurance rarely covers these disasters.
- Interruption insurance: This policy is designed to help businesses recover from periods where they lose the ability to do business.
Have an Evacuation Plan Ready
Your evacuation plan doesn’t need to be complicated, but you should have one readily available. Create a file with details on the right roads to use for evacuation from your business, a meet-up location for employees to check on everyone, the nearest emergency shelters and medical services, and so on. The cost and time to create the plan are minimal, but you’ll be glad you have it in a disaster.
Plan for Distance Work in Case of Environmental Issues.
Let’s say something bad happens, and your work location is gone. You probably won’t be able to go back for weeks or months, if at all. Small companies have a choice at this point: Either hibernate and hope to survive when everything is over (a risky proposition), or try to find a way to carry on with recovered data and current employees. The latter course allows the company to continue making revenue, but it requires a distance-work plan. Look into remote work sites that would allow your core business to keep operating even if you can’t get to the office.
Know Your RPO and RTO
These are two common terms in disaster recovery: RPO means “recovery point objective” and RTO means “recovery time objective.” Basically, RPO asks how old the files can be for effective recovery (how often you need to update data backups), and RTO asks how fast you need that data back online to resume normal operations.
Consider both questions carefully, and base your disaster-recovery plans on your specific needs in these areas. These factors will become increasingly important as the company grows, so starting early is important.
It’s tempting to give a best-practice summary of RPO and RTO, but the truth is that they can vary considerably based on the size of the company and the type of business, as well as the backup services that you use. RPO might be only a few hours, or it might be several days. (However, the timeframe is decreasing as data grows more important.) RTO depends greatly on the type of disaster, but worst-case scenarios should see an RTO of only several days at the most – if possible. Lesser disasters should see a same-day or next-day RTO, which often means having a thorough plan for quickly identifying and getting rid of malware, as well as dealing with the fallout from data theft. As you can see, it’s: RPO and RTO goals will help you keep on track.
Control How Your Devices and Services are Used.
You should try to prevent malware and other viruses from attacking your company in the first place. You can’t really prevent a flood, but you can certainly prevent hacking attempts with the right security. That means limiting access to important data, reviewing employee actions, watching for suspicious account behavior, and of course having authentication and firewalls in place. This is not purely digital strategy, either: Employee training and awareness are a key defense against phishing schemes. And your recovery will go much more quickly if everyone is aware of the guidelines they need to follow.
As you can see, disaster preparedness involves a lot of planning. If you aren’t sure where to begin or if your company needs a specific service, ask us! {company} in {city} provides a range of data services and consultations for businesses just like yours. Contact us at {phone} or {email} to learn more.