View All Posts

How to Build a Disaster Recovery Plan That Actually Works.

Published on
March 17, 2026

Most business owners treat backups like a spare tyre. You know it’s in the boot, you hope it has air in it, and you pray you never have to use it. But here’s the uncomfortable truth: having a backup isn't the same as having a recovery plan.

In the world of managed IT services UK, we see this distinction play out every week. A company loses a server or gets hit by a "glitch," and they confidently say, “It’s fine, we have backups.” Then they realise those backups haven't run in three months, or worse, they take four days to restore.

If your business can’t afford to be offline for four days, your current setup isn't working.

Building a disaster recovery plan sounds like a job for a room full of people in suits. It isn't. It’s about making a few sensible decisions now so that if the worst happens, you aren't making those decisions under extreme pressure.

Why "Backup" is a Dangerous Word

When people talk about backups, they usually mean they’ve copied their files somewhere else. That’s a great start, but it’s only half the story.

Imagine your office suffers a flood or a serious cyber security incident. You have your data on a hard drive or in the cloud. That’s your backup. But how do you actually use it? Where do you plug it in? Which files do you restore first? Who is allowed to click the "go" button?

A disaster recovery plan is the manual that tells you how to get your business back on its feet. It’s the difference between having a pile of bricks (the backup) and having a house (the recovery).

Step 1: What Could Actually Go Wrong?

Don't start by thinking about hackers in hoodies. Start with the boring stuff. In our experience, disaster recovery usually kicks in because of something mundane.

  • Human Error: Someone accidentally deletes the "Accounts 2026" folder.
  • Hardware Failure: A server that’s been humming along for five years finally gives up the ghost.
  • Power Outages: A local power cut lasts longer than your battery backups.
  • Corruption: A software glitch that could cause downtime.

When you look at these risks, you realise that "disaster" doesn't always mean a burning building. It usually means a Tuesday afternoon where nothing works. Identifying these threats helps you realise which parts of your tech are most vulnerable.

Step 2: Decide What Matters Most

If your entire system goes down, you cannot fix everything at once. You shouldn't even try.

You need to categorise your business functions. We think of this as the "Can we survive without it?" test.

  1. Critical: If this is down, the business stops. This is usually your email, your customer database, or your quoting/accoutning system.
  2. Important: You need this to work efficiently, but you can survive for a day or two using Excel or paper.
  3. Non-Essential: This is the "nice to have" stuff. Your marketing archives from 2018 can wait a week.

By prioritising, you ensure your managed cybersecurity services and recovery efforts focus on the things that keep the lights on.

Step 3: The Only Two Technical Terms You Need

We promised no jargon, but you’ll hear these two acronyms from any reputable IT provider. Let’s translate them into plain English so you can make an informed choice.

RPO (Recovery Point Objective): This is your "How much data can I lose?" number.
If you backup once a day at midnight and your system crashes at 4:00 PM, you’ve lost the whole day's work. Is that okay? If it isn't, you need a shorter RPO (backing up every hour, for example).

RTO (Recovery Time Objective): This is your "How long can I be offline?" number.
If your server dies, does it take four hours to get back up, or four days? Your RTO is the target time for being back in business.

Knowing these two numbers is the secret of IT recovery. You don't want to pay for a five-minute recovery if your business can handle a five-hour one. But you definitely don't want to settle for a five-day recovery if you’ll be bankrupt in three.

Step 4: Build Your Strategy

At Origin Connect, we talk about 3,2,1 This means high-end tech that isn't overly complex or overpriced, but isn't a basic solution either.

Your recovery strategy should follow this rule. A solid plan usually involves a "3-2-1" approach:

  • 3 copies of your data.
  • 2 different types of media (e.g., local server and cloud).
  • 1 copy stored off-site (completely separate from your main network).

One thing we often recommend for cyber security for small business is "immutable" backups. That’s just a fancy way of saying "backups that cannot be deleted or changed." Even if a hacker gets into your system, they can't wipe your backups. It’s the ultimate insurance policy.

Step 5: Who is the "Disaster Captain"?

When things go wrong, people panic. If there isn't a clear plan, three people will try to fix the same thing, and they’ll probably get in each other's way.

Your plan needs names.

  • Who is authorised to declare a disaster?
  • Who calls the IT provider?
  • Who tells the staff what to do?
  • Who talks to the customers if there’s a delay?

Write these names down. Keep the list in a place everyone can access, even if the main computer network is down. A physical folder or a shared document on a separate system (like a personal phone) is a lifesaver.

Step 6: Documentation (Keep it Simple)

You don't need a 200-page manual. You need a "In Case of Emergency" sheet. It should include:

  • Step-by-step instructions on what to do first.
  • Emergency contact numbers for your managed IT services UK provider.
  • Location of the physical backups (if you have them).
  • Passwords or access keys (stored securely, obviously).

If the instructions are too complex, they won't be followed in a crisis. Think "fire drill" instructions, not "rocket science" blueprints.

Step 7: The "Schrödinger’s Backup" Rule

A backup exists in a state of being both "working" and "not working" until you actually try to use it.

The biggest mistake we see is companies that pay for backup software but never test it. They assume because the green light is on, everything is fine. Then, when a file is lost, they find out the backup has been corrupted for months.

You must test your plan. At Origin Connect, we don't just "set and forget." We run restoration tests to prove that the data is actually there and that it can be brought back within the RTO we agreed on.

A test doesn't have to be a massive production. It can be as simple as: "Hey, can you restore that random spreadsheet from three weeks ago?" If your IT team can do that in ten minutes, you're in a good spot.

Step 8: Keep it Fresh

Your business changes. You hire new people, you move offices, or you start using new software. If your disaster recovery plan was written in 2023, it may not in 2026.

Review your plan once a year. It takes twenty minutes. Look at your list of "Critical" systems and see if anything has changed. If you’ve moved more stuff to the cloud, like with a modern workplace transition, your recovery steps will look different.

Practicality Over Perfection

Don't let the fear of not having a "perfect" plan stop you from having a "good" one. A basic plan that your team understands is 100% more effective than a complex one that sits in a drawer gathering dust.

Disaster recovery is really about peace of mind. It’s about knowing that if you walk into the office tomorrow and the server is smoking, you have a clear path back to "business as usual."

If you’re sitting there thinking, “I actually have no idea how long it would take us to recover,” that’s a red flag. It’s a gap in your managed cybersecurity services that needs filling.

Getting It Right

At Origin Connect, we help businesses find that "Goldilocks" spot. We provide the high-end technology you’d expect from a massive corporation, but we deliver it with the personal touch of a local partner. We don't do jargon, and we don't do "it’ll probably be fine."

If you want to move away from "hoping" your backups work and towards "knowing" your business is resilient, we can help. We can look at your current setup, find the gaps, and build a plan that actually works for your specific needs.

Why not start a conversation with us? We can sit down, have a coffee, and look at your strategy without making your head spin. Let's make sure your business stays up and running.

Nick Johnson
Published on
March 17, 2026
Contact

More Industry Insights

Stay updated with our recent news and insights

Global Shipping
January 26, 2026

Business Continuity for SMEs: Founder-to-Founder

Business continuity for SMEs: remove single points of failure and set simple fallbacks so you can keep trading when IT goes wrong.
Read post
Global Shipping
January 26, 2026

Remote Working Security: Protecting Hybrid Businesses | Origin Connect UK

Protect your business with expert remote working security tips from Origin Connect. Secure data & devices for hybrid teams beyond the office. Read more now!
Read post
Global Shipping
November 27, 2025

Simple Steps to Boost Cybersecurity Awareness | Origin Connect Guide

Boost your team's cybersecurity awareness with practical tips from Origin Connect. Learn key steps to protect your business from cyber threats today.
Read post
View all
Abstract geometric logo with four rounded shapes forming a hexagonal pattern.

Let’s Talk About IT.

Man with glasses and beard wearing headset, gesturing while talking during a video call at a desk.



Ready to improve your IT?

Reach out to discuss your setup, ask a question, or book a free Discovery Call. Just tell us what you’re looking to achieve, and we’ll provide clear advice, actionable next steps, and a solution built for your business. No fuss, no technical drag, just a plan that works.

Book a Free IT Discovery
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept