Disasters can happen to any business, no matter how big or small. Most large corporations have disaster recovery policies in place to help them overcome disasters, but many smaller companies may not have considered this. In this blog, our Development team talk about how you can protect your business' vital technological assets from disaster so that your company can keep running no matter what.
What counts as a disaster?
'Disaster' is a broad term that covers countless events, from natural 'acts of god' such as earthquakes, flooding and accidental fire, to vandalism, break-in and arson. In terms of preventing technical failure, and for the purposes of this article, a disaster is anything that can cause catastrophic physical loss of, or damage to, equipment, data and premises. This is distinct from, for example, a PR disaster, in which a company's reputation is damaged. We'll talk about this in another blog!
What is 'disaster recovery'?
Disaster recovery is the steps a business takes to overcome disaster so that the business can keep running. It is distinct from business continuity. Disaster recovery focuses solely on the restoration of the technology and hardware a business uses (e.g., computers), whereas business continuity focuses on the entire business system and function (e.g., making sure products can still be distributed).
Disaster recovery should be a major consideration for a company's IT team. At times it could be as simple as making sure you have 10 important backup files, while other companies might have huge off-site data centres and the capacity to replace millions of pounds worth of hardware.
Why do disasters happen?
Disasters can happen for lots of reasons. Natural disasters can come in all shapes and sizes, from a wildfire burning down a building to an old pipe springing a leak and destroying your computers. They can also be caused by intruders trying to vandalise or steal equipment, and possibly, in extreme circumstances, rival companies attempting industrial sabotage. Many natural disasters are unforeseeable and impossible to control. However, there are measures you can take to protect your business from most disastrous situations.
What can we do to prevent disasters?
A lot of the time, we can't do anything to stop disasters as they are completely out of our control. You can't stop an earthquake, nor can you stop flooding. What you can do is make sure that you account for obvious potential issues. If your business HQ is in an area prone to flooding or wildfires, ensure you follow local guidelines for safeguarding your premises (or consider moving). To prevent break-ins, make sure your premises are secure and have plenty of security measures in place.
On top of prevention methods, you can also ensure your business has a robust disaster recovery plan in place to reduce the impact of a disaster if it happens. This can include building in redundancies in your systems, keeping regular backups of data, storing critical equipment in a secure location, arranging a backup internet connection and a phone line, keeping backups in a separate location, and so on.
What do I do if a disaster occurs?
Keep calm, keep backups, and have a plan.
The steps to take depend on the kind of disaster you have suffered. If your entire premises has been compromised, do you have an alternative site you can use? How quickly will you be able to get things up and running at a new location? If you operate in a high-risk area, it's a good idea to have a secondary site with adequate facilities that you can fall back to if the worst happens.
If your equipment is damaged, stolen or suffers an irreparable failure, you will need some form of data backup to recover. If your hard drive fails, you can download your latest backup from the web or NAS drives and continue.
It doesn't hurt to have some rainy day capital set aside in case of disaster. You may need to replace that computer or other piece of expensive hardware at a moment's notice to make sure essential work can still be done.
Finally, if disaster hits, communicate. Let important stakeholders know what has happened. The company and your customers should be given reliable time frames so they know what to expect.
What are your top tips for disaster recovery?
1. Identify what is important to your business.
Unless you are a huge corporation, it's impractical to have redundancies everywhere. Invest in a few backup computers, for example, and store them off-site.
2. Identify reasonable ways to protect yourself from failures.
In the last 20 years, the price of office technology (especially hard drives) has dropped quite significantly. This means that there is no excuse not to have either another local copy of your files or to have them backed up in the cloud.
3. Have a plan
Have a plan in place detailing exactly what you would need to do in the event of a disaster to get back up and running as fast as possible, and review it every year. Don't store the plan on-site!
4. Use a cloud-based service
Use a cloud-based service like Google Workspace to backup your files and emails. For added protection, use a backup service such as Spinbackup, which will save your G Suite data on a totally separate system every night in case Google goes down. Always be careful when backing up sensitive data, and if in Europe think about GDPR.
5. Get good insurance
Get good insurance that will help you get up and running again straight away without making you wait months for a payout.
6. Have a list of hire companies and third party data centres
Compile a list of hire companies and third party data centres that can be contacted straightaway to minimise downtime.
7. Back up off-site nightly
Any files stored on physical drives in the office should be backed up off-site nightly.
8. Have a list of the software and serial keys you use
Keep a list of the software you use with the serial keys handy so you can quickly re-install it if you need to set up a new computer.
9. Have 3G data dongles
Keep some 3G data dongles in your office in case the broadband connection goes down.
10. Invest in Laptops
Laptops are a useful resource if mains power is interrupted. Make sure you keep them charged up.
11.Use a cloud-based password manager
Use a secure cloud-based password manager such as Passbolt to make recovering your accounts much easier.
How long does it take to recover?
Depending on the severity of the disaster, it can take minutes or it can take months. The loss of a building, server room or warehouse could take days or weeks to put back in order. Replacing essential systems can be done quickly, but also needs to be done correctly.
There are different levels of backup site - hot, warm and cool. If hardware is critical, companies may choose to maintain a hot backup site, which is a complete duplicate of the main production site. Warm sites have the hardware in place but it can still take time to configure from backups. A cool backup site is just a room that will take a few days to set up. The choice of site is a trade-off between cost and necessity.
How much does disaster cost a company (on average)?
The cost of disaster recovery is normally directly related to the cost of running the company. It has been suggested that a single hour's worth of downtime for a small company can incur losses of up to £5k. Top online ecommerce companies can stand to lose huge amounts if they cannot get their systems up and running again. Whatever type of business you have, investing some time and money in your disaster recovery policy is well worthwhile.
If you have any additional questions about disaster recovery, please don't hesitate to contact our team.
Who wrote this?
He / him. Tom is a pioneer of technical solutions and unrivalled "edge case thinker". If you have a problem, chances are he saw it coming, and can write some code to fix it. As Technical Director, he oversees all the nerdy work we do, as well as getting beard-deep in the coding of advanced web and app development projects. Powered by the Raspberry Pi in his pocket and genetically descended from a cat, Tom is a 3D printing, statistic loving, real ale drinking, blimp drawing legend.