3 Growing Trends for Disaster Recovery and Business Continuity Plans

Murphy’s Law may not be scientific, but the spirit of the concept is more than a meme. Disruptive events like the COVID-19 pandemic and the 2007-2009 Great Recession prove every business needs to prepare for the unexpected. Times are changing, though, and so are the most critical business areas that require risk mitigation strategies. Protect your business assets from unexpected events by updating your disaster recovery and business continuity plans with these three trends in mind.

1. Beef Your IT Infrastructure for Rapid Transitions to Remote Work

The global pandemic has devastated our sense of normality. Yet some scientists are now warning that such viral disasters may be increasing in frequency. Expanding urbanization, increased Human and animal interaction, higher volumes of international travel and fewer health workers in some high risk areas. Trends show we’re living closer together and crossing paths more frequently. And since most highly transmissible viruses are animal-borne (including influenza and coronaviruses), increasing our animal-to-human contact promotes virus transmission.

Of the many lessons the pandemic taught us, one of the most important is to be prepared to go fully remote at a moment’s notice. Sudden lockdowns or interruptions to in-person operations can happen quickly. Hedge against this in your disaster recovery plan with an infrastructure that allows workers to transition to and from remote work environments seamlessly.

The prevalence of video conferencing certainly helped explode Microsoft Teams usage in the months following the COVID-19 pandemic. But while video conferencing usually proves vital for team communication, it isn’t the only essential tool for remote work. Telecommuters need the ability to securely access secure servers and data from anywhere for successful disaster recovery. Your business continuity plan should include investment in secure cloud-based data storage and encrypted connection technology such as VPNs.

In a similar vein, consider the risks associated with multiple device types connecting to secure servers or storing secure data in unsecured locations from home offices. On-site network firewalls aren’t nearly as effective when your staff is connecting from home (or with their own devices). Having a unified device policy with endpoint security installed on workers’ dedicated devices will help. You should also establish company-wide device standards or shift more operations to secure cloud-based environments that limit the risks inherent with a bring-your-own-device policy.

Implementing such policies and technologies throughout your organization will make this part of your business continuity plan work seamlessly. Should your disaster recovery efforts involve an immediate shift to remote work, having a secure cloud-based infrastructure ready would result in minimal (if any) friction or downtime.

2. Make Data Backup Essential

It’s an alarming statistic: 93% of businesses that lose access to their data center for 10 days or more file for bankruptcy within a year. Widely credited to the National Archives & Records Administration, the sobering number drives home the critical role data backup serves.

Businesses rise and fall on the quality and security of (and access to) their data. Some estimates suggest ransomware attacks, which rob businesses of access to their data, can cost upwards of $84,000 in recovery costs. That does not include the additional cost of losing access to critical data in the interim. Estimates taking the impact of downtime into consideration place the true cost of such a cyberattack at over $200,000.

Losing access to data can reduce your business’s ability to operate, resulting in revenue loss and damage to your reputation. And while downtime after a ransomware attack can stretch for weeks, small business don’t often have enough cash reserves on hand to cover such a time period. That math doesn’t work out in favor of survivability, so your business continuity plan must address the issue.

The solution to this problem is secure data backup—more specifically, your backup solution should be isolated from your main computing network so that the backup system cannot be directly seen from your computers or accessed using your standard, administrative credentials. This is often referred to as air gapping, and when done correctly it significantly increases protection.

3.  Prepare for Supply Chain Disruptions

The risk of global pandemic is one of several disaster types growing in frequency and relevancy. Damaging storms and political conflicts are also on the rise. All of these issues can create supply chain disruptions that could leave businesses in dire financial straits.

In a January 2020 review, McKinsey & Company explained how major storms and politics create complications in the supply chain. Disruptive weather events have increased in frequency in the past few years and become more damaging. The resulting larger loss values and longer cleanup periods have exacerbated the impact of storms on supply chains.

The review also cites geopolitical factors like the U.S.-China tariff war and Brexit as examples of how businesses need flexibility in responding to both the cost and availability of the goods or materials they require. And as we saw in 2020, major pandemics can disrupt supply chains. The resulting empty store shelves triggered price spikes and panicked hoarding by scared consumers.

Your business continuity and disaster recovery plans should account for unexpected events that increase the cost or reduce the availability of your supply. Build up excess supply, and investigate back-up suppliers and alternative delivery routes for your supply chain.

Not Prepared? A Few Tips for Creating a Business Continuity Plan

“If you fail to prepare, you prepare to fail.” It’s an apt expression for business continuity planning. Every business, regardless of size, needs to assess its infrastructure and cash flow model, identify where those areas could be disrupted, and create plans that will effectively respond to these events.

Understandably, smaller companies cannot spend enterprise-level money on disaster recovery and business continuity plans. But there are still low-cost steps even small businesses can take to prepare.

1. Research which parts of your business are most vulnerable. Identify your income drivers and consider what would or could happen to disrupt them.
2. Research ways to protect your critical income drivers. Consider methods that will help protect them from disruption or get them back up and running if a disaster occurs.
3. Write out a plan. Create a detailed, written plan that walks through each step that will allow you to return to normal operations (or a percentage of your normal operations) within 24-36 hours.
4. Store your business continuity plan in multiple locations. Losing access to your business continuity plan makes it useless. Store your plan in multiple locations, and issue a physical copy of your plan to key persons with critical roles in its execution.
5. Keep your plan up to date.  Do you have a new internet service provider? Are you running a new critical software package? Did you have an internal promotion and now someone else needs to handle an aspect of getting your business back online? For these reasons and many more, your business continuity plan should be reviewed and updated twice a year.

What does this look like in practice? Let’s walk through a quick scenario. Your managed IT service provider calls you at midnight. It appears one of your team members accidentally downloaded ransomware from a phishing email and has infected and locked the data on the local server.

Now that you’ve lost access to the server where all client files and data are stored you’ve also lost any ability to work on client accounts. And paying the 3 bitcoin ransom demand (equal to roughly $166,299 in April 2021) is impossible with your current cash reserves.

Thankfully, you’re prepared for this. You instruct your managed IT service provider to restore the most recent data from your backups and you contact your Cyber-Liability insurance provider. By the next day most of your data has been restored and you’re back to work. You did lose several hours of the most recent work, which will cost you a day to re-enter. But it could have been much, much worse.

Disasters will happen—and when they do, they can quickly grind your operations to a halt. Effective disaster recovery and business continuity plans allow you to restore your business functions as quickly as possible and reduce the negative cash flow impacts of unexpected events.