Small businesses must make sure they test and have a good disaster recovery plan in place.

SMB recovery plan must be regularly tested

Stephen Perkins

Small and midsize companies often have the most trouble with the aftermath of a storm or outage, so it should follow that they test the disaster recovery plan every year, according to Business 2 Community contributor Erin Delaney. A recent report on EWEEK actually reported that 70 percent of businesses only update their disaster recovery plan once every year, with 17 percent never testing them at all. This could be a big problem for organizations who want to be ready in case anything happens.

"Small business owners may feel more secure by maintaining physical possession of their content in house, instead of allowing a relatively unknown entity to have it," Delaney wrote. "SMBs may not understand how the cloud works, and not realize that their data is more secure in the cloud than it would be sitting in the office."

Delaney suggests organizations always have a cloud or online data backup solution in addition to the physical backup on their premises. This way, even if there is a disaster, the organization should be able to get back up and running again easily.

Building an effective plan
Industry expert Bill Abram wrote on Small Business Computing that the first point of focus for building a plan should be covering basics, including establishing emergency contacts and succession planning. After this, organizations must look to understand the potential danger by figuring out what the threats and consequences of these disruptions hitting the company would be.

"To address these concerns in the DRP, start by creating a list of potential disasters and ranking each one based on the likelihood of occurrence," Abram said said. "With the list and rankings complete, identify the level of impact each one would have on your business and briefly outline the specific consequences for your business. This will provide a framework for what issues you need to include in the plan."

At this point, Abram suggested other steps, including:
- Prevention, detection and correction for threats and any other issue that may hit the company
- Address data loss to have a plan for what can be done in case there is a breach
- Frequent testing to ensure disaster recovery will actually come in handy when something goes wrong

After any test, Abram said shortcomings and failures should be addressed immediately. This may mean updating the plan to reflect any changes or possibly adopting a new application or procedure to help ensure the plan makes complete sense.

Categories: Data Management