When things are good, it’s hard to imagine how the world could ever wrong you. But when something goes wrong, it’s nearly impossible to see the sun through the clouds. Disasters happen without warning, and they can cripple a company if you’re not ready.

This is the entire reasoning behind investing in a disaster recovery plan. These procedures help companies get back on their feet after a major catastrophe, and they’re often the reason businesses don’t go belly-up following such an event.

That said, a large number of companies aren’t properly prepared for the worst. They may have disaster recovery solutions, but they haven’t fully worked them out. This can be just as dangerous as not having any plan at all, and we would like to rectify these issues by discussing some aspects of disaster recovery that you may not be considering.

1. You need to test constantly

“Everyone has a plan until they get punched in the face.” That’s a quote from Mike Tyson, and it’s just as true in boxing as it is in disaster recovery planning. Actually coming up with a plan is great and puts you ahead of the companies that haven’t, but it’s impossible to know if your procedure will work until you’ve put it through its paces.

“A huge portion of organizations just aren’t putting any priority into testing.”

Sadly, a huge portion of organizations just aren’t putting any priority into testing. Some test once or twice and think they’re done, while other literally never test at all. Therefore, it’s up to you to ensure that your company’s plan actually works.

TechTarget recommends starting with a test that checks data recovery, application recovery and communications. That last aspect is the most important, as not being able to discuss issues with your team can lead to widespread panic and confusion. The site states that these tests should happen on a “regular basis” all throughout the year, so don’t think you can do it once and be done.

Finally, you’ll want to examine audit logs to see exactly what worked and what needs some more tweaking. With enough patience and testing, you can come up with a procedure that will hopefully see you through the worst disasters.

2. What about your employees?

Although most people think of data systems and downtime when discussing disaster recovery, it’s important to realize there is a much more human element to this process that you’re want to consider. Specifically, you need to figure out what your employees will be doing during such an event.

Of course, the first step is to make sure everyone is alive and well following a catastrophe. After this, you’ll need to think about where these people can work. Will they be able to simply log in from home? Do they need access to data systems stored in the office? Do they have all the equipment they need at home?

After considering this, TechTarget asks administrators to consider the possibility of employees being displaced from their homes. In such situations, work is the last thing on an employees mind. While there’s nothing wrong with that, it’s up to you to figure out what the next step is. TechTarget recommends gaining access to trained psychological professionals in order to help workers mentally readjust.

What happens if your employees lose their homes? When an employee loses their home, they generally don’t worry about work.

3. Your workers are a major threat

Clearly, your employees are a valuable asset. That said, they’re also often the ones most responsible for disasters in the workplace. According to a 2014 report from IBM, 95 percent of data security disasters can be traced back to human error.

Although you trust your employees, this statistic shows that the best way to avoid a disaster may be to better train your employees. Exactly what that means depends on your industry and what employees have access to, but the point is that thinking about external factors like tornados and earthquakes while ignoring human error can have disastrous results.