The growing threat of cyber attacks has moved IT disaster recovery planning up the agenda for many small businesses, but why pay every year for something you are never likely to use?

Instead of outsourcing the entire responsibility for disaster recovery to external service providers, it’s possible for smaller businesses to plan and protect their business, but only pay should disaster strike.

The first step is to undertake a business impact analysis that identifies and prioritises critical IT components and systems. A variety of recovery strategies will help ensure systems can be restored quickly and effectively, with a contingency plan to replace damaged systems.

Regularly testing the plan identifies problems and allows everyone to train for implementing the necessary procedures, whilst highlighting potential improvements. It also ensures the plan is current with changes in infrastructure or business operations.

For smaller firms, it’s about balancing risk against the costs associated with recovering from a virus or cyber-attack, hardware & software malfunction or even human error.

Businesses will back up their data regularly and some will even check that recovery is possible from the back-ups. But the age of the backed-up data is another point of risk and each firm will have to assess how much data they are prepared to lose – generally, the more current the back-up, the more expensive the solution.

But just because data is backed up, what will this data be recovered to, if the IT system, servers, applications, licenses etc. no longer exist?

Most recovery options cost more than smaller businesses can afford, yet smaller businesses can accept more of the responsibility with a slightly  increased risk to recover at a much reduced cost. This balance of risk versus cost is the equation smaller firms must evaluate.

Innovative solutions like Inactive/Active Disaster Recovery help smaller businesses protect their future, without committing to the higher costs associated with traditional recovery solutions.

The inactive phase begins with an assessment of the IT infrastructure a business needs to function normally, together with all the information needed to create a copy of the IT environment at extremely short notice – usually within hours. The snapshots taken of each physical or virtual server being supported are stored at the disaster recovery centre.

The necessary server space is guaranteed, with the power and communications to turn this virtual, inactive environment, active, following a disaster. After the initial consultation fee, there is only a small annual maintenance charge until the service is required.

Once active, the business supplies the latest backed-up data, sending tapes or hard drives by courier if necessary. Only at this point are the costs associated with new hardware, software or licensing etc., incurred, which are usually covered by the business insurance – but worth checking.

Businesses continue to pay for a service they’ll never use alongside the insurance they have to cover their assets. Yet with a little planning and an innovative solution like Inactive/Active DR, they can protect their operation and spend money on what they want to happen, not what might happen.

Matt Rhodes, Commercial Services Manager, Quiss Technology plc