Whether you’re worried about fires and floods or a ransomware attack, you probably realize your organization needs a business continuity plan. However, while thinking about how to recover from a disaster, don’t forget to include avoidance as a cost-effective element of your overall plan.
What is the difference between disaster avoidance and disaster recovery?
- Disaster avoidance involves designing your systems to prevent potential disasters from impacting your organization in the first place.
- Disaster recovery involves implementing backup systems and procedures so that when a disaster happens, you can get back to work as quickly as possible.
The danger of focusing only on disaster recovery
While every organization needs a plan for recovering from a potential disaster, many neglect steps that might help them avoid the disaster in the first place.
If you have key servers in a downtown San Francisco office building, for example, they’re at risk for everything from power outages and sprinkler activations to an earthquake. You could choose to reduce that risk with a disaster recovery plan that involves creating duplicate systems in another location and backing up data regularly from your primary system to that backup system. However, that doesn’t completely solve your business continuity problems:
- In a disaster that destroys your systems, you’ll lose any data after the last backup or replication cycle.
- Testing your ability to do a full data recovery from backup is often complex and expensive and so not performed regularly. You can’t be confident your recovery plan will work properly when you need it most.
- If the staff you rely on to perform the recovery are in the same geography as the primary system, their own ability to respond to a disaster may be impacted.
- In the moments immediately after a disaster, when your need for functional communications systems like phones and email is most urgent, you’ll have to wait for your recovery plan to take effect before you can contact employees and respond to customers.
Disaster Avoidance for the win
When you consider the potential impacts of downtime, you may discover that preventing the impact of a disaster is more practical and affordable than recovering afterwards. A few common-sense business continuity practices can effectively minimize, if not eliminate, the impact of a disaster:
- If your office is in an area prone to natural disaster, relocate your critical systems. With modern remote access technologies, you can move your systems to a data center in a safe remote location and keep using even older business applications without sacrificing performance and productivity.
- Take advantage of cloud service providers who have the scale and experience to deliver high availability and performance no matter where you are. Office 365 works the same whether you’re in the office, at home, or in a temporary rented space. Hosted phone systems will forward your voice mail as email and redirect incoming calls to your mobile phone when you can’t get to your desk.
- Protect your systems from malware and other digital threats by keeping your software and operating systems up to date with regular security patches, implementing multi-factor authentication for access to all systems, using anti-malware and web-filtering software that protects every remote and on-site laptop and workstation, and training your employees to recognize when they’re under cyberattack.
Business continuity planning done right
Backup and recovery have become simpler and more affordable in recent years. That should make it easier to implement a business continuity plan that includes the following elements:
- Use cloud-based technologies or locate your systems in a data center in a location not subject to natural disasters.
- Keep your backups offsite and under separate security. This protects them even if your primary systems are destroyed in a natural disaster or a cyber attacker is sophisticated enough to try to leap from your primary systems to your backups.
- Practice your full recovery plan regularly to ensure it works when you need it.
- Make sure the people responsible for executing your recovery plan won’t be so affected by a disaster that they’ll be unable to implement it.
- Carry insurance, but don’t rely on it.
By the time you realize your servers are under cyberattack – or under a foot of water – it’s too late to figure out what to do to save your business. Your best hope of surviving a disaster is to assume one is going to happen, do everything you can to protect yourself against it, and if that’s not possible, know what you need to do to get back to business as quickly as possible. Xantrion is here to help at every step, starting with a full risk assessment and ending with complete and tested business continuity and disaster recovery plans.