Several years ago, a hurricane rolled through the Cincinnati area, leaving one of our current clients without power to its building for several weeks. Day after day the company was unable to process income, but still had to keep writing checks to vendors. The company was helpless until power was restored.
Then we heard recently from a colleague across the country: Her company’s office was located in an area where a mass shooting took place. The building was cordoned off for months as part of an FBI investigation and no employees could get in.
Could your company survive disasters like these?
Research shows that only a quarter of small businesses have a disaster recovery plan in place. It’s a risky gamble: 10 percent of businesses can’t survive a disaster, according to Small Business Computing.
Making a Disaster Recovery Plan
Whether they are natural or manmade, disasters don’t announce their arrival ahead of time. But, you can plan for your response. After all, when something has gone wrong, that’s not the time to figure out your next steps. Quick and thorough action is important to avoid losses of money, time, data, reputation or even employee safety.
An effective disaster recovery plan should protect your company if all or part of your operations or the tools (including technology) you use stop functioning. The recovery plan should cover prevention, detection and correction. The plan should include a business continuation piece, which maps out how daily operations could carry on, despite the loss of a workplace or inability for employees to report to work.
One important part of the overall plan involves designating a point person who understands the plan and how to respond to the situation. This could be someone outside the company, like an Intrust team member. If you and your co-workers don’t know who to turn to after a disaster, then your plan has failed you from the very beginning.
The cyber security and technology piece of a disaster recovery plan is what we at Intrust IT help our clients create.
Protection Through Detection
Our Intrust team uses a range of tools to detect if something unusual is occurring with our clients’ technology systems. These software and hardware tools warn us about abnormalities so we can quickly address them before a security disaster occurs. If a workstation is compromised, for instance, we might notice a storm of data on that particular device and disable it. Our constant monitoring of backup systems allows for post-disaster correction.
Part of the disaster recovery plans we devise for clients involves education for end users. If your employees understand the signs of a cyber threat, they can help ward it off (or at least not welcome it). We train clients to “stop and say something.” If they notice any anomaly or something that seems not quite right, they can contact us for verification. We welcome those calls: Even if the situation turns out to be nothing threatening, we always want clients to reach out.
Once your company has devised a disaster recovery plan, it should be reviewed annually, or whenever the business experiences a major change, like the installation of a new server or the purchase of another company.
To test a plan, we recommend running a simulated disaster. The object is to reveal shortcomings in the plan before it faces a real-world emergency. Testing is critical because it’s very difficult to imagine every possible negative impact. I always say if your disaster plan runs perfectly, you’re either an amazing planner or you haven’t thought of everything.
Plan Ahead to Get Ahead
While none of us wants to think about suffering damages, making a plan can give you peace of mind that your business is prepared. We are happy to help devise your recovery plan. Contact us today to discuss your needs.
"14 Non-Technical Things You Can Do Today to Protect Your Business from Cyber Crime"
Here's what you'll learn:
- Why your employees are your weakest link and what to do about it
- Easy ideas for keeping passwords secure
- How to tell if your cyber insurance policy is worthless