When it comes to speaking with business owners about their current Business Continuity and Disaster Recovery (BC/DR) strategy, I am usually met with one of the same four responses time and time again:

  1. “Our IT team handles that for us.”
  2. “We currently backup to a USB drive or a tape drive that is taken off-site.”
  3. “A disaster is highly unlikely.”
  4. The deer in headlights look.

The only way to appropriately protect your organization is to be properly informed about what the current threats are to a company, and properly educated on the right tools to combat them.  You don’t know what you don’t know, but business owners should come to understand the workings of their technology environment as it most likely drives much of their business.

But first, let’s all get on the same page.  What exactly is a BC/DR strategy?

Data backup answers the questions: “Is my data safe?”; “Can I get my data back in the event of a system failure?”.  Business continuity involves thinking about the business at a higher-level and answers the question: “How quickly can I get my business operating again in case of an unforeseen disruption?”.

An effective business continuity plan and data recovery capabilities will ensure you are proactively protecting your systems and data from disasters of all types (natural disasters, system malfunctions, malicious intent, human error, etc.).  This will increase savings, enhance system reliability and improve security so you do not forfeit sales, data, client relationships or your reputation because you are unable to control damage.

In today’s day and age, with our businesses so reliant on data and the functionality of technology, it is imperative that we take the threat of system failure and data loss very seriously.

Here are some stats on the main threats businesses face:


  • Hardware Failure: Roughly 45% of a company’s unplanned downtime is caused by hardware failure.  This could be out of your control, but by backing up your infrastructure and being mindful and proactive with replacing aging hardware can be the difference between a major problem, and not facing one at all.
  • Power Failure / Natural Disasters: Power outages account for 35% of unexpected downtime.  We’ve seen how disasters like SuperStorm Sandy, Hurricane Maria and the California wildfires in 2017 alone can wreak havoc and the damage they can cause.  Natural disasters will never not be a threat, and they can be quite often unforeseen.  Power can be out for days, or even weeks and an adequate BC/DR plan would address quickly moving critical business operations elsewhere.
  • Cyberthreats such as Ransomware: This is malicious software intended to block one’s access to their data until a “ransom” is paid, and it is one of the leading causes of business downtime.  Here are some not-so-fun facts:
  • 97% of IT professionals report that ransomware attacks against businesses are on the rise.
  • A whopping 6 in 7 IT professionals report business clients were recently attacked by ransomware.
  • An unlucky 26% of small-medium sized businesses reported multiple ransomware attacks in a single day.
  • 75% of businesses report a ransomware attack has led to business-threatening downtime; 57% report critical data and/or hardware loss.
  • The big one – 96% of companies survive ransomware if they have a reliable BC/DR solution in place.
  • Inadequate Protocols: 1 in 3 businesses were unprepared for disaster, despite having a plan in place.  This can represent internal issues, whether they be breakdowns in communications or inadequate protocols established.  Your business continuity plan and data recovery measures must be tested consistently to address any needs for improvement so there are no issues when it is time to put them in place.


With that, let’s dive into the common responses I get when I ask business owners about their plan for business disruptions:


“Our IT team has it covered.”  While this is absolutely a great answer, it can also be a misinformed belief.  Business owners should know precisely what their company’s BC/DR plan is.  The whole company should at that, as there should be a procedure in place the company as a whole must follow if a disaster were to hit.  Keep in mind, a disaster can be as simple as losing an important document in a ransomware attack to a full-blown disaster like a flood or fire that requires providing an alternate location for key company resources to continue operations.  When I get the response, “Our IT team has it covered”, I encourage the company to perform a parallel test to see if in fact their solution can live up to what it was sold to do.

“We currently backup to a USB drive or a tape drive that is taken off-site.”  Although technology has advanced by leaps and bounds, there are many companies who still continue to backup company data to a device that they store elsewhere – often times an employee’s house or a personal/company safety deposit box.  The good news is that technically this does allow for a copy of data to be stored in an alternate location. However, the bad news is that most times these tapes or USB drives aren’t encrypted which makes it easy to access sensitive data if the device is stolen, lost or unattended. It is also important to take into consideration that this media may not be handled properly or stored in an environment which can lead to corruption of the data (i.e.: not the appropriate temperature for storing the device). Sensitive data must be handled sensitively.

“A disaster is highly unlikely.”  This is obviously not an appropriate data protection strategy for any company and can usually go hand-in-hand with the fourth most common response I get when I ask, “What is your BC/DR plan?”:

The deer in headlights look.  Believe it or not, many business owners have no idea how their company’s data is being protected.

I can’t stress this enough – disaster can strike at any time, to any kind of business, and at any size.  To turn a blind eye to preparing for data loss or planning for service disruption is a sure-fire way to lose pertinent data and functions to your company, from which you may not recover.

So, what can you do? As a start, ask whoever is protecting your data the following questions:

  • When was the last time we tested our restore or business continuity solution/abilities?
    • If they were tested: How long did it take us to restore or become operational again?
    • Is the answer you receive adequate for your business operations?
  • What is your organizations RTO position? The term RTO stands for Recovery Time Objective which is the maximum tolerable length of time that a computer, system, network, or application can be down after a failure or disaster occurs.
    • How many hours can your business be down without having an impact on the business?
    • If the answer is “days”, is this acceptable?
    • If the answer is anything other than within 2 hours, is this acceptable?
  • What is the minimum amount of time between backups? This term is called RPO (Recovery Point Objective). If this is anything less than 4 times a day and not hourly then you should investigate further options.
    • Is the answer you receive adequate for your business operations?
    • Now ask yourself “Can my business stand to lose that much productivity?”
  • If you keep your servers and data within your physical office, what would happen in the event of a disaster like a fire or flood?
    • Would you lose everything?
    • How long would it take your business to become operational again?
    • How does such an event get perceived by your customers, vendors, and employees?


Take a look for yourself.  Click here for our Recovery Time Calculator so you can determine how much revenue your business would lose if you experienced downtime.

At the end of the day, a company needs to meet many objectives to reach their overall business goals, and preparing for the unforeseen to accomplish those objectives is vital.  A BC/DR strategy is your safety net, and your last saving grace should an incident occur and you lose data or operating time.  Reach out to Sax Technology Advisors to learn more, and to identify the right solution for your specific business.