Dull, complex and unaffordable
Disaster recovery plans are not high on the agenda for many small to medium-size businesses (SMBs). While some entrepreneurs are of the opinion that ‘it will never happen to us’, others are engrossed in obtaining new clients or releasing an innovative product. The idea of setting aside time to devise a dull disaster recovery (DR) plan may seem pointless and distracting from the day-to-day business hustle.
Some SMB executives find planning tools too complex and consider risk assessments and impact analysis too involved and somewhat intimidating. Also, the process of establishing a resilient DR strategy is misconstrued as been expensive. SMB owners think that implementing disaster recovery means forking out on pricey consultants and spending more on backup hardware and additional software.
The fact of the matter is that small businesses do encounter disaster accompanied with data compromise. Those SMBs that are unprepared run the risk of significant financial loss and consequent damage to their reputation. Following a catastrophe, some SMBs never see the light of day again. How would you cope if your IT infrastructure was paralysed by a disastrous event?
You owe it to yourself and others
‘Owe what?’ you may ask. The answer is simple. You need to have comprehensive business continuity (BC) and DR plans in place to secure both your network and your business. Every day that you step out into the working world you are faced with an array of unforeseen risks. These can range from hardware failure to downtime resulting from a cyber-security threat. To avoid these risks you need technology that is impenetrable to intrusion and data theft. You owe it to your employees, clients and stakeholders to implement BC/DR strategies that are effective in safeguarding your precious IT infrastructure.
In this white paper, you will have the opportunity to examine why many SMBs fail to have an adequate continuity/recovery plan implemented. More importantly, you can explore avenues that will assist in design the best BC/DR strategy for your business and the necessary steps needed to put it in place.
SMBs do too little
You know already that many SMBs aren’t being proactive when it comes to disaster planning. This notion is almost inconceivable given that companies process and store more data than ever before. With the onset of the GDPR close at hand, data loss or breach doesn’t simply mean downtime and inconvenience. SMBs placing sensitive personal data at risk will find themselves paying a high price for negligence in business continuity.
According to ITProPortal, a technology commentary and analysis firm, about 49% of UK businesses do not have a comprehensive BC plan. This statistic is alarmingly considering the impact that disaster can have on business operations. A study conducted by Forrester Research, a Massachusetts-based technology research institute, found that 65% of SMBs with 100 employees or less do not have a tested response either to tech issues or disasters such as flooding and fire.
Size is unimportant
Some SMB executives are under the misconception that BC is reserved for corporations, the likes of Barclays or Tesco. This is not the case. Even tiny start-ups having a handful of employees need robust BC/DR solutions to keep the wheels of industry turning. The cost of having no solution in place is too high. Ironically, the smaller the business, the higher the price. A few hours of downtime is likely to result in thousands of pounds of lost revenue per hour. Gartner, a US information technology advisory firm, estimates that the cost of IT downtime to business is £4,300 per minute.
Take a reality check by considering what happened to British Airways in May 2017: A power failure in a London datacentre took up BA’s IT systems across the globe, which means that passengers were unable to check-in. The outage lasted 15 minutes but more than 3,000 flights were cancelled impacting more than 70,000 passengers. BA reluctantly had to pay up to £150 million to disgruntled passengers by way of compensation. It didn’t end there. BA’s parent company, International Airlines Group (IAG), had €400 million knocked off its share value following negative publicity of the event.
The long-term impact of an outage
You not running an operation the size of BA, but clearly, downtime has a greater effect than the immediate and tangible costs of significantly reduced productivity and decreased revenue. Long-lasting repercussions exacerbate the total loss of overtime. Spend a moment considering the impact of downtime on customers, reputation and employees.
Downtime and customers
ITSMF UK, a leading association for IT service management professionals, explains that once the damage has been done to customer loyalty, it’s difficult, if not impossible to repair. The client or customer of today lacks patience and understanding. When unable to access the required services or products, they move to another vendor without giving their actions a thought. Moreover, competitors also take advantage of server blackouts by poaching clients and spreading the word of your demise and thereby bolstering their marketing efforts. Your customers might not jump ship immediately but further downtime events will erode their confidence and eventually they will leave. SMBs suffering downtime also loses opportunities since potential clients opt to engage with a reputable provider that is reliable and trustworthy.
Downtime and reputation
Living in the days of Facebook and Twitter as we do, negative customer experiences have the potential to go viral in the blink of an eye. A few tweets and retweets can cause irreparable harm to an SMBs name and reputation. Brand and reputation building are fundamental to an SMB’s success, and so much business is acquired via word-of-mouth, especially in the early days of a company. When those words turn nasty and demeaning, that’s when the trouble starts. Once an SMB gets a negative reputation, it’s a long, steep road back to the way things were before disaster struck.
Downtime and employees
Most SMBs employ one or two IT technicians who are responsible for managing and monitoring the internal IT infrastructure, troubleshooting daily hardware and software issues, and maintaining IT security. When downtime prevails, these engineers, usually stressed and overworked, are forced to take on the role of a damage controller. The end result is that talented employees who should be focussing their efforts on meaningful development projects may become dissatisfied with the status quo. They will seek employment elsewhere, looking for better job prospects and a work environment in which they can apply their skills. High employee turnover together with the inability to embrace an employee’s knowledge and expertise for revenue-generating tasks are costly mistakes for all SMBs.
SMBs don’t prioritise BC/DR
As discussed earlier, if you ask an SMB CIO why they have not implemented DR strategies, a likely response will be: ‘We don’t have the budget. We don’t have the time. It won’t happen to us.’ Famous last words. But what is the underlying reason for small enterprise not to prioritise BC/DR, even when they are aware of their vulnerabilities?
Business nowadays is data dependent. Any company, big or small, is defined by its ability to effectively process and manage data and, by extension, ensure optimal customer experience and interaction. Data protection is a priority for large corporations. SMBs have the same responsibilities but are constrained by limited budgets. Typically, a start-up focuses all resources at customer-facing endeavours. Money is not spent on anything that does not drive short-term revenue. This means that a large proportion of SMBs fails to employ some basic BC/DR safeguards to protect their IT infrastructure and data. And we all know how that ends.
Improve your BC/DR planning
You can immediately improve your BC/DR planning, thereby securing your IT network, by following three relatively simple steps: recognising the need and importance of continuity and recovery, contacting a business impact analysis (BIA) and by looking to virtualisation technology and cloud computing for BC/DR solutions.
Recognise the need
To reiterate, although SMBs are aware of the need for BC/DR strategies, they are often put on the back burner while other pressing business matters are prioritised. Given the cost of downtime as reported by Gartner, leaving BC/DR too late can only spell disaster. After all, can any business afford to lose £4,300 per minute which equates to £258,000 per hour?
To formulate a robust BC plan, SMBs need to be cognizant of all possible disruptions to business. Business continuity must encompass technology failure, cyber attacks, theft, natural disaster and human negligence, and more. In fact, anything that threatens business and profit margin needs to be included in a BC plan. Small business needs to recognise that even an internal ‘single-point-of-failure’ may result in the collapse of an entire operation.
Business impact analysis
Knowing the technology responsible for each phase of your business helps to minimise downtime. Fully understanding the functioning of your IT infrastructure enables you to conduct a comprehensive business impact analysis (BIA). This analysis can be used to determine the overall effect on business operations when a specific technology, such as a server or software application, fails or is unavailable for a short time.
A BIA is the foundation of a solid business continuity plan. Besides evaluating the impact of technology, the BIA provides valuable insight into critical business processes and how the role of every employee affects these processes. You can then decide which factors underpin successful business operations and focus on securing these. The BIA will also shed light on new opportunities for cost-saving and income generation. As an example, you may discover that you are using more applications than needed. A way forward would be either to discontinue the use of non-essential applications or apply consolidation through a third-party IT vendor.
Risk assessment
Risk assessment is determining what could render each component of your IT infrastructure non-functional. Risk can be classified as either internal or external threats. Internal threats include application failure, server malfunction and human error. External threats range from natural disasters to power outages and even acts of terror. Given our dependency on technology, the foremost external threat is cyber attack including malware, virus, phishing schemes and even theft or compromise of BYOD devices.
The adage ‘baby steps’ can be applied when implementing a sound BC plan. First focus on addressing daily disruptions. By documenting, reviewing and testing the success of small-response scenarios, your SMB will be better prepared for any potential disasters or lengthy disruptions.
Virtualisation technology
Virtualisation technology allows businesses to condense data and applications onto fewer servers. It involves the creation of a virtual version of something such as an operating system, a server, and storage technology or network resources. With virtualisation, SMBs benefit from high availability (HA) without needing to pay for an expensive backup data centre to be built. Virtualisation means that operations can be restored more quickly as your entire network is accessible in a primary virtual container.
Cloud computing
Why not think about migrating to the cloud? An increasing number of companies are utilising cloud computing to negate the effects of disaster and downtime. The cloud means that SMBs are able to backup operations remotely. This means enhanced business continuity at a reduced cost.
Software-as-a-Service (SaaS) packages often include BC solutions. Data backup processes occur automatically, either onsite or remotely. In essence, this minimises the impact of disaster by ramifying the risk. Put simply, all your data, software, applications, and network management tools can be stored in the cloud and remain safe in the event of a cyber threat, accident, or natural disaster.
A further benefit of the cloud is remote working. Should a serious disruption occur onsite, you can enjoy ‘business as usual’ since your staff are able to access your SMBs communication and collaboration applications from anywhere and at any time.
BC planning is an investment
A sorry state of affairs is that many SMB executives believe that there is no real ROI for a BC programme unless the business is in serious peril. This train of thought is a recipe for disaster. Without a durable BC/DR solution in place, your company is faced with innumerable vulnerabilities including lost inventory, reduced productivity and significant revenue loss.
AS the owner of an SMB, you are probably hesitant to spend money, unless it is well-spent. Think for BC/DR planning as an insurance; an investment from which you reap the benefits should disaster strike.
Managed services for BC/DR planning
If you are like many other entrepreneurs who think that BC/DR implementation is too complex, rest easy knowing that your local Managed Service Provider (MSP) will lend a valuable helping hand. The MSP has garnered years of experience from a broad spectrum of clients and can make available the latest technologies such as SaaS and BaaS (Backup-as-a-Service) to securely manage and monitor your IT infrastructure.
The MSP can offer disaster-recovery-as-a-service (DRaaS), intrinsic to your BC/DR solution. DRaaS is the replication and hosting of physical or virtual servers to guarantee failover in the event of catastrophe. You can work with your DRaaS provider to test and adapt solutions as your company grows. The MSP will never adopt a ‘set it and forget it’ approach to business continuity.
The outsourced MSP will provide objective recommendations for your BC/DR plans. Moreover, by carrying out risk assessments and a BIA, they can identify opportunities for streamlining your business operations. Cash flow and limited resources are no longer an excuse for ignoring business continuity. Whether your SMB is a start-up or is fortunate to have a large staff compliment, neglecting BC/DR planning means you’re missing out on ventures to improve ROI. Can you or your business afford that?
