Most business owners don’t normally think they will fall victim to a natural disaster, at least not until they are faced with an unforeseen crisis, and their company ends up suffering from thousands or millions of euros in economic and operational losses.

As we all know, unpredictability is a fact of life. A glimpse at media headlines on any given day offers a grim and unfortunate lesson for many overconfident business owners who think their companies are spared from the likelihood of cataclysmic weather, technological malfunctions, or human actions.

A 2014 survey by the IT Disaster Recovery Preparedness (DRP) Council reveals just how many companies worldwide are at risk: 73 per cent of businesses surveyed are failing in terms of disaster readiness. What does this mean? It means that three out of four companies are not prepared to handle emergencies and save their businesses from a worse-case scenario.

What could go wrong?

In today’s information-driven age, virtually every organisation or business uses some form of technology to operate and compete. Servers, computers, laptops, the use of e-mails and mobile phones are just some of the prevalent information processing or storage media that every organisation utilises in some form or another.

When a disaster or outage strikes, organisations often struggle to recover systems and applications they did not initially plan for

Businesses large and small create and manage large volumes of electronic information or data. Much of that data is important, while some of it will be vital to the survival and continued operation of the business. The impact of data loss or corruption from hardware failure, human error, hacking or malware could be significant.

Emergencies could involve the loss of one or more IT system components. This could include elements from a computer room environment, in terms of security, climate control, backup power or supply. An incident could also affect one or more items of computer hardware, such as networks, servers, desktops, laptops, wireless devices and peripherals.

Just as importantly, a crisis situation could result from an interruption in connectivity to a service provider (fibre, cable, wireless). Software applications, including e-mail, electronic data interchange, ERP, CRM and office utilities, together with data in general, could also prove vulnerable to the effects of such events.

Predicting the impact of a ‘disaster’ and planning for technology recovery

The process of resuming operations for an organisation following a disaster is known as ‘Disaster Recovery’ (DR). This includes regaining access to data and the applications and communications used to access and operate using that data. Most organisations view DR as an ‘expensive insurance policy’, and their investments are made solely for protecting the mission critical systems and applications.

However, when a disaster or outage strikes, organisations often struggle to recover systems and applications they did not initially plan for, resulting in a loss of information and valuable revenue. A plan for data backup and restoration of electronic information is essential. And it makes perfect business sense to invest in technologies and processes that can safeguard an enterprise, its operations and its data in the face of downtime.

And that is where DRP comes in. A DR plan is a documented set of processes to help organisations minimise disruption to business services in the event of an outage. Such a plan should include detailed procedures to be followed before, during, and after a disaster. Its purpose is to ensure a certain level of stability and systematic recovery after this type of event.

A DR plan should be developed in conjunction with a business continuity plan to address the risks discussed above. Not only can a solid business continuity strategy protect organisations from reputational damage and lost trade, but for those operating in regulated industries it can also prevent firms being hit with downtime-related enforcement action.

When formulating a DR plan, some fundamental questions need to be addressed, such as: how long can your business survive without a technical infrastructure? What do you do when your IT systems stop working? How long would it take you to recover and get your business back on track after a disaster? At what point would your customers lose trust in your organisation or brand? What would be the impact on revenue and profitability?

In this regard, a business impact assessment will allow you to predict the consequences of disruption of business functions, and to gather information needed to develop recovery strategies, with set priorities as well as recovery time objectives. This analysis should be accompanied by a technology recovery strategy designed to restore hardware, applications and data, in time to meet the needs of the business recovery.

This would encapsulate systems including networks, servers, workstations, wireless devices, applications, data and connectivity, with priority given to the recovery of business functions and processes highlighted in the business impact assessment. As a general rule, recovery times for an IT resource should match the recovery time objectives for the business functions that depend on that resource.

Start off by assessing where you stand today

If you’re not sure where you stand in terms of disaster recovery and the extent of your protection against the range of risks discussed, you could do worse than commissioning a professional assessment of your current IT infrastructure, processes and resources. When a disaster hits an organisation, it can be a stressful time for everyone involved. Having specialists guide you through the implementation and testing of your IT disaster recovery strategy will give you peace of mind and help you minimise the risk to your organisation.

Patrick Bezzina is chief technology officer at Ecovis Malta. Information on Ecovis Malta’s range of services can be found at www.ecovis.com/mt/. For more information, e-mail tech@ecovis.com.mt.