From managing the communication and collaboration needs of an ever-changing client base to anticipating new trends in technology, there are many unknowns that come with building and growing an accounting business. Often overlooked is how to effectively mitigate the threat of natural and cyber-based disasters.
No one can predict when an earthquake will threaten your firm in Los Angeles, when a flood may take your offices in Baton Rouge offline, when ransomware will encrypt each computer and decades of data in minutes, or when your Houston firm will withstand a “100-year flood” for the third year in a row.
Natural and cyber disasters take businesses and individuals by surprise and can leave you reeling, not just from the initial disruption but also the long-term, continued recovery efforts. When your place of business no longer exists or your offices and IT systems are inaccessible for an extended period, the resulting disruption can be devastating to a firm that is ill prepared to respond effectively. Firms with a response plan in place for any disaster will find they are able to face an unknown future and return to service faster than their competitors and with little notice by their clients. Unfortunately, fully 90 percent of companies that experience a disaster scenario without a recovery plan will go out of business within two years of the catastrophic loss. That is a staggering statistic that must not be overlooked.
Are you confident in your accounting firm’s ability to survive and quickly continue to thrive during an emergency? While you can’t control the when in a disaster scenario, you can proactively protect your firm from the devastating consequences. Beyond the basic step of scheduling regular cloud data backups, here are three cornerstones of disaster recovery that will ensure your accounting firm is prepared to respond effectively in a worst case scenario.
1. Corporate Agility
It’s one thing to experience an emergency as a partner or executive in an accounting firm – you’re likely to understand how to respond and are prepared to execute on a strategy that puts the needs of the firm first. But, how confident are you that your employees would know what to do? Telling results from an informal survey run by the American Institute of CPAs (AICPA) found that many accounting firm employees are more likely to head home and go back to bed than dive into handling an emergency crisis. While likely expressed tongue firmly in cheek, the meaningful message is that most employees are not prepared.
For an accounting firm, one of the most important aspects of effective disaster recovery preparation is implementation of a response plan so that employee expectations and guidelines are clear. Employees need to understand who to call, where to report, and what to do if the office is compromised. And they need to be familiar with the nuances of how those instructions may vary in response to different emergency situations. When employees are informed and confident about what to do, your organization is positioned to respond to natural disasters with speed and agility.
2. Data Protection
Accounting firms often think about data protection solely in terms of storage and backup. To that end, yes, moving data backup to the cloud will help avoid catastrophic loss of firm and client data, but unless the firm’s risk of losing access to data — along with the programs used to work with that data — is addressed, then an unheeded problem remains. Loss of physical hardware in a disaster, like computers and servers, does not need to hamper access to data or a firm’s technology toolkit. Truly protecting your business from being pushed offline and potentially out of business during a natural disaster requires a two-pronged approach: first, the protection of data; and second, virtualization of workstations, servers, and other technology tools you rely on. Protected data can then be restored into the last good state of a virtualized IT network so your firm’s operations are rapidly reinstated free of ties to legacy hardware or a specific location. While this initially seems daunting, there are straightforward steps you can perform before an emergency strikes.
Here’s a short list of processes and decisions to deliberate in advance of an emergency situation in order to facilitate a quick and complete recovery:
- Do you have a tested, tried-and-true disaster recovery response plan?
- Have you created that plan with a vetted recovery plan provider?
- Have employees been educated to avoid disaster-related scams and phishing tactics?
- Is data stored entirely online or, if in physical servers, in multiple, geographically disbursed locations?
- Do employees understand how data is prioritized and what data will be recovered first?
3. Disruption Mitigation
Some disruption to your business is inevitable during and immediately after a disaster. It’s only natural that in an emergency the immediate safety of your clients and employees should take priority. However, the real test of being prepared for a natural disaster is how well your organization mitigates that disruption and gets back to serving and supporting clients. Here are a few ways your accounting firm can prepare to mitigate the disruption that comes with a natural disaster:
- Invest in a data storage and protection partner you trust to support you through an emergency.
- Regularly verify that off-site documents and virtual systems are up to date and functional.
- Arrange for a backup worksite or remote workforce plan in the event your offices or physical equipment are too damaged for use.
- Train your employees to respond, not just react, in the most common emergency situations that might affect your type of business and location.
- Test your natural disaster recovery plan annually to ensure that directions are clear and easy to understand in a real emergency.
No one can predict, control, or prevent natural disasters, but you can prepare and mitigate consequences by creating a contingency plan — now. Construct that plan on principles of agility, data protection, and elimination of reliance on one location or one computer, server, or hardware device. Your disaster response plan should eliminate any single point of failure and create geographic redundancies so that as soon as you, your employees, and your families are safe, you can implement your response plan and be back in business. That way you’ll approach each day with peace of mind knowing you’ll be the first to recover your normal daily operations in the aftermath of an emergency.