This one isn’t so much a philosophy as just a sensible business practice. You MUST have some type of disaster recovery plan in place. And not just for your technology, but for your entire organization’s operations. (By definition this includes all of your technology.)
Back in late 2001, a colleague of mine managed a small non-profit in DC. The building in which his organization was located received one of the anthrax letters sent during that time. As a result, their office building was closed for the better part of the week. Unfortunately for them, they had no real disaster recovery plan in place. They were unable to access any of their electronic files (all housed on an internal server). They were unable to redirect their phone calls so that all they could do is change their outgoing messages and then check for messages every hour.
With today’s technology (e.g., cloud computing, software-based phone systems, etc.) there is no excuse for being completely cut off from your files or your phones. But beyond the technology, you need to have processes in place so that staff understands what they are to do in times of a disaster. How do they report in? How do they access their business files? Who is responsible for which systems? And so on.
We live in a volatile age, where a small event could escalate to a large disaster in very short order. Is your organization prepared to operate under those conditions?