Small businesses can be affected by cyber attacks, breaches, and natural disasters just like large companies.
However, as much as 75 percent of small businesses don’t have a disaster plan in place. Moreover, more than half of these companies say that they would need three months to recover from a disaster due to loss of cash flow.
These numbers speak for themselves: without a disaster recovery plan, your small business is at risk -- almost 40 percent of companies never reopen after such an event.
If you want to protect your small business and remain competitive even after a crisis, you must put together a disaster recovery plan.
Here’s a simple guide to building a disaster recovery plan for your small business that can help you adapt after a crisis and restart your activity as soon as possible.
Do a Business Impact Analysis (BIA)
A business impact analysis gives you a clear picture of your business and how much shutting it down during a crisis costs. Based on these estimations, you can decide how long you can afford to keep your gates closed after a disaster without putting your activity at risk.
This first step allows you to look at all internal processes and workflows, and analyze their availability and integrity in case of a disaster.
It calculates how much your business can function without any of these processes working and reveals your priorities after a disaster -- which operations you should retake first to keep your company working.
A BIA is the starting point for writing an efficient disaster recovery plan, based on the specific needs of your company.
Identify Risk Factors and Ways to Prevent Them
Based on the BIA, you can identify possible threats that could shut down your company -- generally, natural disasters, like earthquakes, floods, tornadoes, hurricanes, or wildfire.
However, these aren’t the only risk factors your small business should cover.
In 2016, 55 percent of small and medium-sized companies experienced a cyber attack. Recovery from such events is slow and expensive, as many companies don’t have the infrastructure or the budget to handle this type of challenge.
Unfortunately, current technologies let little room for prevention, as they can rarely detect and block cyber attacks. You can install anti-virus software and get an intrusion detection system, but your company is still at risk.
To protect your business, you need to have a data backup, restore and recovery solutions already in place.
Of course, some risk factors are more probable than others. Prioritize, and try to be prepared for every scenario that can
Put Together an Emergency Team
Your emergency team is the heart of your disaster recovery plan. Write down the names of all the people that you should contact in case of emergency, depending on each scenario.
On the list, you should have names, their roles inside the company, phone numbers, email addresses, and any other contact information needed in case of emergency.
Furthermore, you should name an employee (or a team) to call these people and notify them about the disaster. The list needs to include everyone involved in the recovery, from inside your company and from services providers.
The sooner these people get to work, the higher your chances to minimize damages and get back in business. So, make sure you keep all information up-to-date in your database.
Every person in the emergency team should have clear responsibilities and roles during a crisis.
In this stage, you should also name key persons to communicate with the authorities and to speak in the company’s name with the media, your clients, your employees, and victims if any.
Write Down Precise Instructions
Your instructions should refer to every stage of the plan, from the moment in which the disaster occurs until you retake your activity. Attention to details is vital to keep things moving in the right direction.
When you write your instructions, you can’t leave room for ambiguity. As your employees go through a crisis, they’re more likely to make irrational decisions, so you should make sure that all your directions are clear enough and easy to follow by an average user.
Write everything in chronological order and don’t miss any step -- just because some stages seem obvious, it doesn’t mean the person in charge sees things in the same way as you do.
Be specific with every task that needs to be performed, to avoid human errors, delays, and more damage caused by a misunderstanding.
Use simple words and familiar terms to describe every step of the process. Don’t use business jargon or too technical terms that can create confusion.
People are more likely to understand and follow instructions when expressed with active, positive verbs.
Plus, keep sentences short and add relevant visuals (like screenshots) where they can help your emergency team understand better the actions they have to perform to recover data or restart the system.
Test Your Data Recovery Plan
Don’t wait until you have a problem to evaluate the efficiency of your disaster recovery plan. Test your teams and see how they handle pressure, how they follow your instructions, and whether there’s any communication error that can slow down the recovery process.
Identify gaps or ambiguities, and improve your disaster recovery plan. It’s the only way to keep your small business going after a crisis!