Be Ready for Anything: The Importance of Disaster Management

This post was originally published at https://invenioit.com/continuity/dm/

You already have a data backup solution, so what's the point of disaster management (DM)?

While it's true that backing up your data is extremely important, it's only one part of a business's disaster preparedness. Beyond IT, companies must consider all the various scenarios that threaten not only its operations, but also its people:

 ·      Could staff be put in harm's way?

·      How will people know how to respond or seek safety?

·      Who will communicate with affected personnel and how?

·      What protocols will help mitigate the impact?

·      How will the business recover?

Too often, the scope of disaster management and business continuity are limited to operational objectives. In other words, companies are narrowly focused on keeping critical functions running (understandably).

But if there are no personnel to carry out those functions, or no secure location for those functions to be carried out, then continuity won't be possible.

Up to 60% of small businesses never reopen after a disaster

This frightening statistic underscores the importance of disaster management …

According to the U.S. Federal Emergency Management Agency (FEMA), a staggering 40% to 60% of small businesses are permanently shuttered after a major disaster.

Small companies face enormous obstacles when disasters force them to shut their doors. Statistics show that when they can't resume their critical operations within 5 days, 90% of those businesses will fail within a year.

It's not a matter of bad luck. Businesses that develop comprehensive disaster management plans have far greater odds of surviving even the worst catastrophes.

Disasters come in many flavors

When disaster management is limited to IT, managers become too focused on the immediate risks within their purview. Justifiably, their concerns are focused on the threats to data and infrastructure:

·      Data loss

·      Failed backups

·      Hardware failure

·      Internet & telecommunications outages

·      Viruses, ransomware and other malware

Those are absolutely dangerous threats that businesses need to be prepared for (and we'll return to risk of data loss in a minute)—but they represent only a fraction of possible outcomes.

The IT department is usually not focused on things like fire evacuation routes or first aid kits—and they shouldn't be. But that's the kind of planning that needs to be taken seriously in order to be prepared for a much wider range of potential disasters:

·      Hurricanes, tornadoes, blizzards and other severe weather

·      Flooding

·      Earthquakes

·      Terrorism and active-shooter situations

A completely different, but equally disruptive, disaster is one that directly affects employee productivity, such as:

·      Transportation interruptions and road blocks

·      Work stoppages, strikes, breakdowns in union negotiation, etc.

·      Building construction and renovations

·      Utility outages

·      Production and manufacturing disruptions

·      Equipment failure

·      Flu or other widespread illnesses among employees

One commonality between all these disasters is downtime. When personnel cannot perform their jobs, that's where the costs can quickly add up.

Disruptions cost $10,000 per hour

A ransomware attack, for example, can cost businesses as much as $10,000 per hour, due to the downtime alone!

As CNN reports, these outages can take hours, days or even weeks to resolve: "On average, small companies lost over $100,000 per ransomware incident due to downtime. For one in six organizations, these attacks caused 25 hours or more of downtime."

How is it so costly? Because when workers can't do their jobs, everything stops, and yet the business still pays wages for those idle workers.

·      Idle employees / lost wages

·      Production interruptions

·      Revenue losses

·      Manufacturing / shipping delays

These costs are completely separate from other big expenses in a ransomware attack, like system recovery / replacement costs and ransom payments.

And again, ransomware is just one of many threats that has costly consequences. Thinking beyond the bottom line, disasters can be far more costly when talking about the human element: the safety and wellbeing of employees.

Disasters pose a threat to your workers

Natural disasters and other emergency situations pose a risk to anyone who encounters your business: employees, visitors, customers and clients.

Without the proper planning, nobody will know what to do in an emergency, increasing the risk of injury or worse.

For example:

·      If there's no evacuation route, employees won't know the safest way to exit a building in a fire.

·      Without periodic fire drills, there could be confusion among staff at the worst possible time.

·      If there's no designated room for shelter or access to first aid, employees won't know where to go or how to get help during an emergency situation.

These are just a few examples of things that can go wrong without the proper planning, underscoring the importance of disaster management.

Disaster management works

So, what is disaster management, and how does it help an organization prepare for these situations?

Think of DM as a 360-degree approach to managing all aspects of a disaster, from prevention to recovery. Whereas the term "disaster recovery" is often used specifically within IT, disaster management is an umbrella term that encompasses all disaster planning at an organization.

Disaster management is comprised of 4 stages:

·      Prevention: Systems and protocols to prevent disaster scenarios from occurring (i.e. smoke and fire detectors)

·      Preparation: Steps that help an organization prepare for an anticipated disaster (i.e. employee training and drills)

·      Response: Procedures for responding to and mitigating a disaster situation (i.e. restoring critical operations in a secondary location)

·      Recovery: Protocols that help to fully restore operations (i.e. restoring workforce levels)

Together, these stages make up what's known as the disaster management cycle. Each stage flows into the next and continues revolving. Lessons learned from a real-world event help to improve upon any weaknesses identified throughout the cycle.

Businesses are shuttered all the time

Nearly every day, small businesses around the world permanently close their doors due to unforeseen circumstances.

It's not always the big natural disasters that force these closings. Often, it's "little" events, like data loss, that cause a break in operations, leading to unsurmountable costs. Smaller companies are especially vulnerable to these disruptions, because they often don't have the financial resources to sustain a lengthy loss of revenue.

Some businesses are fortunate to survive a major disaster – though the recovery can literally take years. 

When Hurricane Harvey slammed the coast of Texas, many businesses were shuttered. Among them was a popular seafood restaurant, Reef. Catastrophic flooding destroyed the restaurant's dining room and all the furniture in it.

Two years later, the business has only recently managed to reopen its doors (and only with the delayed assistance from insurance companies).

1 in 5 companies have no DM plan

Despite the risks, many small companies are extremely unprepared for disasters of any kind.

1 in 5 small businesses spend no time at all on disaster management or continuity planning, according to FEMA. Meanwhile, larger companies tend to have a better understanding of the risks of downtime, not to mention more resources for planning. FEMA says that 20% of larger companies spend a minimum of 10 days a month managing their continuity plans and other disaster preparedness.

Without any planning in place, small businesses are far more likely to be shuttered by an unexpected disaster.

Data loss kills business too

Remember that disaster management helps to prepare for all possible risks to a business. Part of that planning absolutely must consider the impact of data loss at your organization.

Data loss may not cause physical harm, like natural disasters do, but they can be just as destructive on a business.

Statistics show that as many as 7 out of 10 small companies that experience major data loss go out of business within a year. And the reasons for that data loss can span a wide range of causes:

·      Ransomware and other malware

·      Accidental deletion

·      Server failure

·      Software corruption

·      Overwrites during data migrations

·      Theft of devices (or misplacement)

·      Cyberattack

Deploying a data backup system is a vital step that can significantly minimize the disruption caused by a data-loss event. Regardless of the size of the business, data should be backed up at least once a day and be easily recoverable—within seconds, not hours or days.

Emergencies need established plans

The moments immediately after an emergency will largely dictate how successful (and quick) the recovery is.

Without established plans in place, businesses leave themselves exposed to costly missteps during these critical moments. Consider these seemingly simple questions that arise when incidents occur:

·      What is the process for communicating with public emergency services, and who handles it?

·      Which contractors or response teams need to be notified to mitigate the situation?

·      How will inquiries be handled from news media, personnel, families of affected individuals or the local community?

As part of the Response stage of Disaster Management, businesses must have an incident management plan that establishes what needs to happen in an emergency—and who will oversee those efforts. The plan should consider all applicable procedures, equipment, facilities and resources that will aid the response.

Where to start

The smallest businesses may not feel the need to develop extensive disaster management protocols or deploy expensive investments in emergency response technologies. But they do need to start somewhere.

Every business should at least have a basic plan for responding to various disaster scenarios. This can a rudimentary list first, and then expanded on to outline how the business can help to prevent, mitigate and recover from such disasters. That is the basis of your disaster management planning, which you can review, revise and build onto as your business grows.