Getty Images/iStockphoto

Avoid the high costs of downtime for small businesses

Small businesses often lack technical support and resources, but they face many of the same risks as larger companies. Strong BCDR efforts can mitigate the risks of downtime.

Small businesses are unique in the corporate landscape. From a disaster recovery perspective, they are defined by limited IT expertise or dedicated support, little technical know-how, few opportunities to become aware of risks, and disbelief that they are a target. However, they are also the most devastated by downtime and service loss.

Downtime occurs when a business cannot produce its product, whatever that might be. The downtime could result in employees not working or customers being unable to purchase products or services, causing damage to the company's reputation or lost revenue. The cost of downtime to small businesses can be severe.

A proactive approach to even basic business continuity and disaster recovery (BCDR) planning can help these organizations manage downtime. This article examines downtime, demonstrates its causes and offers cost mitigation techniques for small businesses, from self-employed entrepreneurs to organizations with about 100 employees.

Common causes of downtime

There are many potential causes of downtime. Disaster recovery and IT teams must examine business processes and products to determine potential risks and vulnerabilities.

There are several areas to consider when it comes to downtime:

  • Human error is often the result of lack of training or knowledge, poor documentation or undocumented processes, or simple mistakes.
  • Cyberattacks like data exfiltration, ransomware, denial of service, and others can arise from unprotected or older systems.
  • Service outages might occur due to loss of power or internet access, device or computer failure, or cabling issues. While these types of failures might not be the fault of the business, they still affect productivity.
  • Modern hardware isn't just faster, it's often more secure. Keeping operating systems, applications and web browsers current is critical.

Organizations also must consider if their industry has specific regulations that must be satisfied. This is particularly true in high-risk areas like healthcare, banking, media and government.

How to mitigate downtime in a small business

Security and disaster recovery planners work to mitigate issues. They know that not all contingencies can be planned for, and some are not financially feasible. Mitigation refers to a reasonable approach to minimizing the likelihood of negative events.

BCDR teams might use several strategies to mitigate downtime, including the following:

  • Employ cloud services. From data storage to processing to website hosting, cloud services are built to be secure and available. Consider migrating some or all productivity tools to the cloud. Managed cloud service providers can handle the technical parts for you.
  • Budget for hardware and software maintenance. Allocate the necessary financial resources to maintain computer and network hardware, operating systems, and applications.
  • Recognize that small businesses are a target. Accept that malicious actors target small businesses. In fact, they often view small businesses as entry points to larger partner organizations.
  • Back up data. The advice to back up data has existed for as long as data has been around, and it's as true today as ever. Backup software can be automated and straightforward. Many cloud platforms exist.
  • Create a BCDR plan. Use online templates to create your own business continuity and disaster recovery plans. Remember to maintain paper copies in case systems are unavailable.
  • Define service-level agreements with vendors. SLAs set expectations. BCDR and IT teams must know what to expect from service providers during downtime.
  • Define SLAs with customers. Small businesses must also set expectations for customers with SLAs and other communication methods.
  • Have a second internet access method. Internet access is one of the most crucial services. Consider a cellular hotspot or other method of accessing internet services if the primary ISP fails.
  • Look for single points of failure. Take an inventory of every device and process in the production chain and consider whether any one is a single point of failure. Ask, "If this failed, how would I continue doing business?" Document this information.
  • Define response plans. Establish responses to single points of failure and recovery steps to ensure the business can react quickly and appropriately to failures.
  • Conduct a risk assessment. Consider hiring an expert in the field to conduct a security and risk assessment that includes specific mitigation suggestions for identified issues.
  • Confirm vendors are industry-compliant. Cloud service providers, website hosts and other vendors should demonstrate industry compliance. Make sure they meet these requirements.

Doing these things offers prevention, quicker recovery, data protection, reduced losses and better resilience. The upfront costs are outweighed by the potentially catastrophic losses of significant downtime.

What does downtime cost a small business?

Downtime costs include lost revenue, lost productivity that affects deadlines, recovery costs, and legal or compliance penalties. Not all costs are measured in dollars. Damage to reputation can be devastating, especially for smaller local organizations that rely on word of mouth.

Small businesses can adapt the following formula to their unique business to calculate potential losses:

Lost revenue + recovery costs + lost productivity + estimated cost to reputation or trust = Total cost of downtime

Reputation is difficult to calculate, but consider whether significant downtime reflects an amount of lost revenue that can be measured by time. For example, if systems were down for one week, how much income would the company average in that time frame? Plug that number into the formula.

Some business decision-makers don't recognize the importance of business continuity and disaster recovery planning until they see the results of these calculations.

Once you calculate potential lost revenue against the cost of proactive mitigation, it's easy to see that preparing for the worst is worthwhile. Organizations that recognize the risks and apply common sense tactics to address them position their small business to survive downtime.

Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to TechTarget Editorial and CompTIA Blogs.

Next Steps

Tips for disaster recovery insurance and funding

Dig Deeper on Disaster recovery planning and management