A popular Chinese proverb says that the best time to plant a tree was 20 years ago. As businesses deal with constant stresses of change, many will be looking ahead to further mitigate disruptions to their business. Whether it’s a data breach or a localized natural disaster, planning for such events can be a daunting task. Business interruptions are stressful and making critical decisions during a crisis is usually less productive than laying out a plan in advance.
Several surveys over the years suggest that upwards of 75% of small and medium sized businesses do not have a formalized disaster recovery plan and for those that do, these plans are not reviewed at regular intervals. Now is the time to plant that tree!
Prior to recent events many businesses had focused on mitigating disruptions by focusing on one or two areas such as reducing downtime events, or recovery of lost data. Now businesses are starting to broaden their scope to accommodate for more dynamic changes such as shifting business models, changing supply chains, prioritizing vendors, and decentralizing operations to work in mobile environments. Heavily regulated industries such as finance and healthcare will need to consider how to carry out their plans while maintaining compliance and data security measures. This type of planning is more intensive and requires a unique approach to analyzing people, processes, and data across the entire organization.
Reliable, secure, and compliant communication is foundational, and every business sector has its own set of unique challenges. Analyzing how information is exchanged even at the departmental level is paramount. Roadmaps and diagrams can help to visualize points of convergence of virtual and physical systems and how they interact with the people and processes.
Some examples of other areas to explore more thoroughly are:
- Internet availability, capacity, & redundancy
- Data storage (local/cloud)
- Modes of communication (software tools, virtual meetings, e-mail, telephone)
- Critical data backups
- Technology infrastructure management capacity
- Physical asset’s (Personal computers, cell phones, ect)
- Physical and virtual threats to data infrastructure (e-mail phishing scams, viruses, ransomware, fire, natural disaster, ect..)
The challenge here becomes thinking in terms of both breadth and depth about all the threats to maintaining the continuity of business operations. Subtle nuances need to be addressed such as knowing the difference between having data backups available, testing backups to ensure they work, and then teasing out recovery time objectives. Calculating downtime cost can help to reframe how such short disruptions can cause a large loss in revenue and depending on the type of business, this can be as much as $300,000 per hour.
Downtime Cost Formula: Cost of Downtime (per hour) = Lost Revenue + Lost Productivity + Recovery Costs + Intangible Costs
Questions will arise such as what changes need to be made? What is the process for carrying out changes? How can these actions be tested to ensure things work properly? How can gaps in a disaster recovery plan be identified and the findings documented in such a way that it can be referenced quickly?
Complexity is your enemy. Any fool can make something complicated. It is hard to keep things simple.
– Richard Branson
Addressing crises situations is not an easy task as it requires a tremendous amount of resources, but for many businesses there are ways to simplify these challenges. Leaning on the experience and expertise of others can provide a fresh perspective to identify, inform, and implement businesses specific continuity programs. Mandry Technology tackles daily business challenges for diverse organizations who need a simplified approach to stabilizing business operations amid uncertain events.