Any sort of business will collect a lot of data over the years, no matter how long they’ve been open, and nearly all of that information is crucial to running the business. Over time, as the business grows and more money is spent on investing in a stable IT infrastructure, it’s good to remember an important aspect of safeguarding: creating a backup and disaster recovery plan.
While nobody wants their business to be struck by a devastating computing problem – whether it’s benign, such as a failure of some core components, or more devious, such as a manmade virus introduced to the system – the reality is that they do happen, and that they happen quite regularly. The importance of having a stable backup and disaster recovery plan is fundamental if you want to be absolutely certain that you are protected against any possibility, and that you won’t lose even a nanobit of data, no matter what happens.
Statistics and Research
The statistics really speak for themselves: 39% of small and medium businesses globally have no disaster recovery or incident recovery plan, which means that if they were the victim of a data breach or a cyberattack, the company would struggle not only to regain the trust of its consumers, but also to regain control over its data and operations. On top of all that, over 33% of any given folder in a company is open to everyone, meaning 64% of your employees can access any sensitive file – and while that might not be a problem from the outset, the reality is that most data breaches and cybersecurity attacks happen innocuously, because someone’s email or account is not adequately protected.
Furthermore, there’s the cost to consider: ransomware attacks can take down your system for up to 16 days, which means that not only will you need to pay an incident team to recover your access if you don’t have one already, but that you’ll miss 16 days of trading until it’s resolved.
Backups versus disaster recovery
Not all plans are made equal, and it’s important to decide which is better for you before you invest in a recovery plan; ideally, you have a version of both, to make sure that data loss is at a minimum and that you’re covered on all bases.
Backup specifically refers to making a copy, or multiple copies, of data in order to protect against data loss. Backup data is normally used in the case of database corruption, either maliciously (through malware or a virus) or routine (through a software update or accidentally getting deleted). Regular backups, regardless of the size of the company, are considered good practice for any IT professional, and you can enable them to work automatically, minimising the need for remembering to do it yourself.
Disaster recovery, on the other hand, refers to a specific process that rolls out in the case of a catastrophic failure within the system, whether it’s getting locked out due to ransomware or something as simple as mistakenly revoked access.
While you can absolutely opt for just creating backups, we’d strongly advise against it. Just having copies of the data will do very little to help you keep your business running unless you have a way of using that data without running into problems.
Is it necessary to have both?
Absolutely! Think of it as a little bit like preparing your house for the winter: while you can stock up as much as you want on heaters and blankets, good insulation will prepare you for even the most bitter winter, no matter how cold it gets. Similar to a storm, data recovery is never considered a significant problem unless it happens, and normally once it happens it is too late to implement any kind of disaster recovery.
While having backups is essential to building a good disaster recovery, simply just having backups is going to do very little if your business has suffered more than just data loss: for example, if your entire company is offline, you’ll lose business from customers who are anxiously waiting to place an order or waiting to contact you. Your employees will also need something to do until the company is back online, and as it might take a few days to recover everything, do you really want your employees to sit around while your business struggles?
We’re not understating the importance of backups. Regular backups can minimise data loss, or allow you to roll back your system to a version prior to the attack or failure, and it has saved more than a few companies from complete dissolution.
What do I need to know about backup and disaster recovery?
There’s many companies out there offering backup and disaster recovery services, but before you dip your toe and talk to one of them, you need to understand the importance of backup and disaster recovery to you, and see what you’re willing to put up with or sacrifice before you ask for a backup and recovery solution.
- Recovery Time Objective: how long are you willing to wait to recover from an attack? Remember that the time you spend dealing with the attack is time lost from trading or customers, unless there is a similar offline capacity that can keep you going for a few days until your systems are back online. This largely depends on the sort of business that you’re running, but our rule of thumb is that the faster back online, the better for you and your business.
- Recovery Point Objective: how far back do you want your systems to go? What amount of data is considered an acceptable loss? Unless you’re making a backup at the end of every day or more frequently, some data loss is going to happen. Make sure you have a point in mind for data that you’re willing to lose, in the case that you can’t recover everything the way it was prior to the outage.
- Failover: do you have a secondary site you can fall back on in the case of a major outage? That’s called a failover, where your primary systems switch out to a secondary set of systems without interruption to normal business operations.
- Failback: once the outage is over going back to the original systems is called a ‘failback’. Ideally, both failover and failback are performed as seamlessly as possible, allowing users to keep working even in the case of a catastrophic outage.
The best possible recovery plan would follow as needed:
- In the event of an attack, systems will failover to a secondary system.
- Employees can keep working while IT or an external incident team works to solve the error.
- Once systems are stabilised, systems will failback to their primary systems.
- Backup restoration procedures are initiated, and the data is consolidated.
With this plan, the risk of data loss is minimal and allows people to keep working in the event of any sort of systematic failure.
How can I invest in a disaster recovery plan?
Unless you have your own in-house team, creating a disaster recovery plan that’s good for business is not a task to be taken lightly. You’ll want the best possible outcome for your money, so consider outsourcing your disaster recovery plan to a team of seasoned professionals.
Disaster recovery as a service is a way that you can entrust the disaster recovery process to professionals who can deal with both safeguarding your data and restoring your data in the case of an outage. While there’s an inherent risk in trusting data recovery to an outside party, disaster recovery as a service is one of those areas where you should absolutely trust in professionals over and above anything else. A disaster recovery as a service company will be able to put in place disaster recovery processes that’ll allow you to keep working seamlessly while you deal with the threat – though some services will be able to deal with the threat in addition to everything else!
Of course, the con is that certain disaster recovery as a service companies might have multiple clients, and while it’s unlikely that you’ll need them at the exact same time as anyone else, ‘as a service’ companies will always take a little more time to come to your aid than an in-house team. However, they more than make up for the delay with a rarified skill set and capabilities that are hard to come across – and in the long-run, it’s cheaper than curating an in-house team.
Types of data recovery plans
Depending on what systems you use as your primary source of information storage, there are multiple ways to recover the lost data.
Cloud-based systems are becoming increasingly popular among small to medium enterprises; as an additional benefit, cloud solutions typically come with an infrastructure in-built for managing backup and disaster recovery. They’re also cheaper, and faster, than a physical infrastructure, and also provide the additional safety net of storing your data in a location other than your building.
Want the best of both worlds? Implement a cloud-based storage solution while also keeping your primary data centre in-house. This will allow you to scale your business fast, but also give you the additional safety of a remote storage solution.
Arguably faster, if you store all of your primary data on-site, the benefit is that your IT team (if you have one) will be able to fix any problem with lightning-speed – and it doesn’t come with the inherent risk of exposing sensitive data the same way that cloud-based systems have. However, you need to consider all the risks, and keeping your primary system information on-site comes with the risk of physical disaster – whether that’s a power outage, a break in, or a leaky roof.
This risk can be mitigated by storing your secondary data on a different site or in the cloud.
Five tips for the best disaster recovery plan
- Never wait for disaster to strike first. The best solution is to have a foolproof failsafe plan from the outset, allowing you to be able to respond quickly to any data problem without the risk of shutting the business down while you respond.
- Implement both a primary and a secondary site for your data. The secondary site should be miles away from your primary site, or in a completely different ‘cloud’ location if you choose to go for cloud-based services
- Know what data you absolutely need in order to keep your business running. By listing the most crucial aspects, you can keep your business online while an IT professional deals with the outage, saving you time and money in the long-run, and allowing your employees to keep working.
- Never rely on cloud-based services alone. Cloud-based services are great! But for disaster recovery, always manually back-up your data whenever possible, whether you choose to back up locally or in another cloud-based service. You’ll want the safety and peace of mind of having that backup ready to go in the case of a crisis.
- Test your disaster recovery plan. Run tests and simulations. Figure out where the weak spots are, and then work on them. There’s no such thing as overprepared.
While you can absolutely craft a disaster recovery plan on your own, we recommend getting seasoned professionals to help you with this particular aspect of your business – after all, in the case of a fire, you wouldn’t fight the fire yourself, you’d get a professional to do it! Similar to fighting fires, a business that specialises in disaster recovery can minimise your downtime and keep you online even when the rest of your company is offline, and might even be able to clear up whatever problem you’re having.
AIRO specialises in disaster recovery and backup, and we’ll be happy to craft a solution for you that can save your neck in a crisis! Drop us a message, and let’s talk!