This Question is One That Plagues All Business Owners.
Our answer is always the same… Do you have a Business Continuity Plan? This plan should include how to recover from a disaster and how you mitigate your risk. It should also include redundancies that you have built into your network, power, software, external communication and backups. If you take any data offsite it should be encrypted. That includes backups, phones, USB devices…
It is important to spend the time planning for as many contingencies as possible. How long are you willing to allow your office to be down for? 1 day, 5 days, weeks? The answer is usually "not at all", but as you get into what is required to not ever go down (if that is even possible) the answer usually gets extended. Now, that's when we work backwards. What could be affected is daunting to detail. A few key components would be phones, office management systems, surveillance, PC's and servers, printers, and other important equipment.
What are some of the worst case issues?
Bad actor gaining access to O365 and emailing customers through a phishing campaign
Ransomware such as the recent Kaseya compromise, which hit many businesses in North America.