Professional support


25th October, 2022

Disaster recovery planning basics for business managers

The best disaster recovery plans are comprehensive, tested and updated regularly – and they’re always worth the effort.

The word disaster makes most of us think of a flood, earthquake or fire – major natural events that make the news and cause widespread devastation.

But for businesses, disasters can be more mundane. A malfunctioning server, the loss of a key staff member, a product failure or a security breach can all cause serious, ongoing problems for a business.

If you don’t have a disaster recovery plan, coping with the unexpected – mundane or not – could prove challenging.

What would happen if your work equipment was destroyed or you lost access to key files? What’s your plan if someone with deep, institutional knowledge leaves suddenly?

Without a specific, strategic plan of action for a range of disaster scenarios, your business could be in trouble.

What is a disaster recovery plan?

A disaster recovery plan – sometimes called a business continuity plan – lays out the specific steps your company will take to get normal operations back on track after a disaster. This could involve retrieving or reconstructing business data, recovering equipment or product, restoring damage to premises, re-accessing software systems, shifting operations to new facilities and more.

The details of any plan, but especially one as critical as this, will depend on what your business does and the type of disaster you’re dealing with.

With natural disasters on the rise and cyberattacks at an all-time high, disaster planning is more important than ever. With malware, ransomware, phishing and other cybercrimes costing more than $6.9 billion in 2021, businesses are open to serious loss.

It’s true that natural disasters affect smaller businesses more than larger organisations – probably because they don’t have the time or funds to spend on disaster planning and testing. However, one survey on enterprise level businesses found that half of respondents believed their current disaster recovery plan may not be adequate based on their latest test.

No matter the business size, it’s hard to argue the need for a tried and tested plan.

Different types of disasters call for different plans

Disasters and disruptive events can come from any direction, and each type can affect your business differently.

Natural disasters

Wind and water damage from storms, flood damage, loss of buildings or access to facilities during bushfires, destruction and safety issues caused by earthquakes – planning for these disasters involves not just data recovery but also staff safety planning and emergency procedures. Specific plans will depend on your location: Australian businesses are, unfortunately, more likely to deal with bushfires, while New Zealand organisations need to consider earthquakes and flooding.

Disease and illness

As the past few years have taught us, illness can have an extreme impact on business operations. One positive of COVID is that we have learned how to plan for an infectious disease outbreak – covering staff absences, giving remote access to work tools, and implementing health restrictions and rules in the workplace.


Hacking, phishing, malware and ransomware – cybercrime is on the rise, with almost two out of three mid-size businesses experiencing an attack in the last 18 months. Preparing for a cyber-attack involves putting robust security in place, setting up backup systems in case you lose access, and planning communication with customers in the event of a leak.

Internal errors and sabotage

Sometimes, disaster comes from inside the business. Human error can lead to the loss of key files, equipment theft can make it difficult to get work back on track, and deliberate sabotage or a purposeful data leak can cause serious reputational damage. Limiting access to sensitive data and keeping backup copies can help you mitigate the damage.

IT failures

Paperless offices are great – until your network crashes or key equipment breaks down. This type of disaster can lead to data loss, missed client meetings, delayed work and unexpected downtime. If your business is well-prepared, you’ll have a backup system ready to go and a plan to replace hardware ASAP.

Staffing issues

The unexpected loss of a key staff member – whether through resignation, illness or death – can have a severe impact. A disaster recovery plan should include cross-training and process documentation so that no one person has business continuity on their shoulders.

Reputational damage

Events like product recalls, products causing illness or harm to customers, and negative media coverage can all knock your reputation and finances. Preparing for this type of disaster could involve working with your PR and marketing teams to create a contingency media plans.

How to create your disaster recovery plan in 6 steps

1. Set your goals

What are the key goals of your recovery plan? Think about what you’ll need to get back to normal operations and set goals around protecting those elements, for example, access to cloud data and work tools, remote access for employees, restoring your office or factory and buying new hardware.

2. Audit IT resources

Create an inventory of all the hardware, software and data assets in your digital infrastructure so you know exactly what you have and how to consolidate and protect it.

3. Identify any weak points

Your audit should help you spot weaknesses in your systems. Is your cloud provider offering top-notch security? Who has access to business data, and do they need it? What happens when people work from home? Is all your critical data backed up – and where is it stored?

4. Fill security gaps

From there, you can work on strengthening security and eliminating those vulnerabilities so you’re in a better position if a disaster happens. For many businesses, this means switching to cloud software and securely storing work tools and crucial data offsite.

5. Record, publish and communicate your plan

Disaster recovery plans should be specific, well-documented, communicated to relevant teams and accessible to key employees. Ensure that employee and emergency contacts are included and regularly updated. If the worst happens, make it easy to find and follow your plans.

6. Assign specific tasks

In a disaster, who is responsible for recovering files and checking your office? Who is in charge of communicating with employees and ensuring safety in an evacuation? Setting roles for specific people gives you clarity and helps ensure you don’t forget vital tasks in the chaos. One study found that having a dedicated incident response team drastically reduced the time and cost of a data breach.

Review, test and rework

Disaster recovery planning isn’t just about the plan itself – it’s about continually reviewing, testing and reworking so it fits your current situation. For example, if you upgrade your business management software, your entire plan will need to change.

Testing may involve working with your IT provider to check data recovery speed and ensure that security settings are up to date. It can also mean working through various disaster scenarios with stakeholders and carrying out practice drills. You’ll identify weak points in your plan, test timing and confirm that everyone knows their role in the case of a disaster.

Of course, it’s also about having the right tools on hand.

Many businesses are switching to cloud software solutions as part of their disaster prep. Cloud ERP systems don’t just make it easier to manage day-to-day operations. They also help ensure that key processes, business data and work tools are safe and accessible, no matter what happens. Because cloud-based ERP solutions securely store data in remote cloud servers, it’s accessible from anywhere. If the worst happens, those capabilities will be vital for getting your business back on track.