Disaster recovery and business continuity explained


Despite the best laid plans, disasters can and do strike businesses of any size, often without warning. Whether it’s a natural disaster or a security breach, many organisations have to face adversity.

Some of the key ways that disaster may strike a company include:

  • Cyber attacks and security breaches
  • Natural disasters (fires, floods, earthquakes, tsunamis, etc)
  • Manmade disasters (terrorist attacks, arson fires, etc.)
  • Theft
  • Epidemics or pandemics
  • Power outages
  • Failure of third-party systems (internet connection, cloud CRM or accounting system, etc)
  • Hardware or equipment failure
  • Unexpected loss of staff or internal resource

So, how can businesses plan for any eventuality and ensure they are protected, prepared and able to function during these difficult situations.

In this article, we’ll explore the ideas of business continuity and disaster recovery, and provide some helpful tips to ensure you’re better prepared for anything IT related that might happen in the future.

Cyber Security ebook

What is disaster recovery V business continuity?

Disaster recovery refers to a business’ ability to regain access to files and data, and to restore functionality to its IT systems following a disastrous event. An event may cause the loss of data, or system downtime that results in lost income, delays to customer service or other factors that result in reputational damage.

A disaster recovery plan is therefore an important consideration, providing an action plan that allows your business to get its systems back up and running as quickly as possible. In some circumstances, where property or hardware is destroyed, there may be longer periods of downtime, so the plan needs to account for contingency plans to reduce downtime.

Business continuity, on the other hand, refers to a business’s ability to maintain services and critical processes in the event and aftermath of a disaster or unplanned incident. It is about continuing operations in the face of adversity, and is a part of an overall disaster recovery plan.

What does an IT disaster recovery plan look like?

Every business should have a disaster recovery plan; a living, breathing document that outlines how the company or organisation will respond in the event of a disaster. There are several considerations to consider when mapping out a disaster recovery plan.

Here are some of the essential things you need to think about and record.

Recovery time objective (RTO)

This is the maximum time your business can tolerate following a disaster before normal service is restored and resumed. Your RTO will depend on your business and industry; in some cases it can be minutes, and for others it might be days or weeks.

Recovery point objective (RPO)

Similarly, RPO refers to the maximum amount of data your business can afford to lose in the event of a disaster. Again, this will vary depending on the situation, with some businesses unable to operate without an hour’s worth of data, compared to others that can lose days or even weeks worth of certain types of information.

Hardware and software inventory

You should have a record of all your business’s IT hardware and software, with each item labelled in the following scale:

  • Critical — items that are absolutely essential to the running of the business (i.e. that your business can’t function without)
  • Important — items that are used regularly (i.e. daily) and that could disrupt operations if access was lost
  • Unimportant — infrequently used applications, software and hardware that are not essential for the day-to-day running of the business

Your inventory should be updated regularly and always accurately reflect the assets within your IT infrastructure.

Personnel roles and responsibilities

As part of the plan for prevention, business continuity and recovery, key responsibilities should be allocated to stakeholders within the business. For example, you should have named personnel responsible for data backup and IT maintenance (i.e. an IT Manager), customer communication (Customer Services) and media management (PR team).

Physical site considerations

Your plan should include any requirements for physical locations in the event that your premises are damaged or otherwise unusable. For example, what’s the minimum space you’d need for a new office or warehouse?

You should also consider where any data is stored, and how you’re able to access this in the event of a disaster.

Communication plan

In the event of a disaster, it is important that there’s a framework for communicating to relevant people internally and externally. You’ll need to quickly and effectively communicate any news and updates to:

  • Staff and employees
  • Media
  • Customers and clients
  • Suppliers and vendors

What steps can you take to avoid an IT disaster?

To reduce the chances of a catastrophic event being terminal for your business, there are a number of steps you can take to be more prepared. Not every disaster can be prevented, but by having robust systems in place, you can greatly reduce the impact that an unforeseen event has on your business.

Here are some of the ways to avoid an IT disaster, or reduce the negative impact one might have.

Regularly backup your data

Data backup should be an ongoing part of your IT operations. If you lose a file, what would that mean to your business? In some cases, you’ll be unable to recover. So, make sure you’re regularly backing up your data so there’s always a fallback option if the worst does happen.

Use the cloud to store important files and information

In certain circumstances, disasters can cause physical damage to property or hardware. If live data is stored on computers on your business premises and backed up to devices that are on those same premises, it can be difficult or impossible to recover in the event of significant local disaster such as theft, fire or flood. If you’re not already, consider using the cloud to backup data and files. Using a reputable cloud service for your live data, will also potentially reduce the chances of total loss as well as enabling more flexible working. However, ensure that this data is also backed up to a secondary location..

Ensure you have a strong cyber security stance

With cyber criminals constantly innovating and coming up with shockingly ingenious ways to steal data or access networks, it’s important that your cyber security is up to the task. You should review your current setup and consider running a cyber security audit to understand where there may be any vulnerabilities — and then get those gaps plugged.

Consider “what if” scenarios

There’s only so much preparation you can do; sometimes, situations arise seemingly from nowhere. For example, who could have foreseen a global pandemic completely transforming the way we work prior to the Covid-19 outbreak?

Still, it can pay to consider every eventuality. Are you adequately prepared for a natural disaster? Could you access your data if your premises were suddenly ruined or inaccessible? Would you be able to maintain service if some key staff were suddenly unable to work?

All of these should be things you think about and have contingencies in place for in the event of a disaster.

Invest in your infrastructure

Technology can and does fail. When it does, the costs can be crippling, particularly for small businesses. It’s good practice to continually monitor performance, invest in your IT infrastructure and ensure that everything is running as smoothly as it should. You can’t always prevent a breakdown, but with proper maintenance, you can reduce the chances of an outage; specialist equipment such as a UPS should always be considered a part of your disaster recovery planning. Remember, computers get old and their parts do become vulnerable to failure, even non-moving parts like circuit boards, so replacing old equipment will reduce the risk of failure.

Keep your software and programs up to date

Updating your software when new updates are released is important to help to avoid security vulnerabilities which allow cyber criminals in. In some instances, it’s worth waiting a few days after a roll out, in case of any bugs, but you should then install updates, particularly those which relate to tightening of security.

Use an IT service provider to help manage your infrastructure

It can be difficult to keep on top of IT maintenance and resolving support tickets whilst also proactively planning for the worst. An IT support partner can therefore be a great ally, providing the security of a professional and knowledgeable safety net.

Your managed service provider can take care of many aspects of your IT, including helping to set up the infrastructure, manage software updates and provide constant monitoring, threat detection and ongoing advice.

Are you adequately prepared for an IT disaster?

Preparedness is key. In an ideal world, you’ll never need to act on your disaster recovery plan. But if disaster does strike, would you be able to continue operations and recover effectively?

Although it’s not a nice thought, you need to consider the worst case scenario and then ensure you’re prepared as best as you can be.

The PC Support Group has extensive experience in providing IT support to small and medium sized businesses, including disaster preparedness, data backup and cyber security management. Call us on info@pcsupportgroup.com or call 03300 886 116 to see how we can help you.

If you want to learn more, download our free ebook, Protect, React, Recover: A Guide to Cyber Resilience for SMEs:

Cyber Security ebook