Let’s start off with a true story that has absolutely nothing to do with cybercrime, for a change.
Back in 2013, an office building was struck by lightning, and that lightning strike caused a fire. One of those tenants just happened to be an IT provider that hosted servers for over 200 clients. As the fire raged, it melted cables, torched hardware, and basically destroyed the company’s entire infrastructure.
Disaster, right? Cue the lawsuits? Not so fast…
You’ll be pleased to know that the IT company had already taken the step of moving all of its servers to a remote data center. The IT company’s staff had to use a temporary office, but its clients weren’t adversely affected. And if we had to guess, this disaster actually made clients more likely to trust this company, not less.
This story has a happy ending. But many don’t because only 54% of organizations have an established, company-wide disaster recovery plan.
The Importance of Disaster Recovery Readiness
A thorough disaster recovery plan (DRP) is just one component of a business continuity plan (BCP) and focuses on helping a business quickly recover its IT infrastructure following a disaster. A good DRP can minimize downtime even in the case that something truly catastrophic happens — like a natural disaster or a ransomware attack. That’s important because downtime alone can be very expensive, let alone anything else, like a fine, a lawsuit, or the loss of customers.
IDC’s Worldwide State of Data Protection and Disaster Recovery Survey found the following:
- More than 30% of IT disruptions result in a direct loss of revenue
- Roughly 40% of outages damage brand reputation and image
- Half of the server failures cause staff to work overtime
Key Considerations for Disaster Recovery Planning
For some businesses, an hour or two of downtime would be inconvenient. For others, it could be catastrophic. That’s why DRPs can and should look different from business to business. But here is a list of considerations to get you started:
1. Identify What’s Necessary
What processes, tools, and data are essential for your day-to-day operations, and what could you go without for a week or two?
2. Identify Your Areas of Risk
Not only should you think through any potential risk that could disrupt your business — like the actions of a malicious employee or a fire — but you should also think through the potential impact each risk could have on your business.
3. Evaluate Your Optimal Recovery Timelines
Think through the tools and data that you’d need to function and how quickly you’d need each of them to be fully recovered in the case of a disaster. This is your recovery time objective (RTO).
Pro tip: downtime within some industries is more costly than others. If you’re in healthcare, finance, government, communications, or manufacturing, downtime can cost up to $5M per hour.
4. Decide on a Backup and Recovery Solution
Research and invest in a backup and recovery (BR) solution that is in line with your risks, your needs, and your RTO.
5. Plan for Testing It
Don’t skip this step! Make sure to test your BR solution to make sure it’s reliable and meets your goals. For example, if you’re relying on tape backup, make sure that the person who is performing regular backups thoroughly understands the backup and recovery process.
Once you test your plan, if anything at all didn’t go well, revise it and test again.
6. Consider Investing in Redundancies
If you identified any single points of failure in your IT infrastructure that would be catastrophic to your business, invest in redundancies. Pay special attention to your servers, data storage, and network infrastructure.
If you need help evaluating this or any other areas of risk, let us know. We offer thorough assessments to help you find out where your liabilities are and where your dollars would have the most impact.
7. Document Your Plan
Put your plan in writing — including any important procedures, roles, contact information, and special instructions — and keep it up to date.
8. Compliance and Legal Considerations
Make sure that your DRP is in compliance with any industry regulations and evaluate the potential impact of any violation of data protection and privacy laws. Many cybercriminals are adding extortion to their ransomware attacks, threatening to release sensitive information online or to the dark web unless you pay up.
Pro tip: Having a proper backup and recovery solution is only one component of an effective data protection strategy.
9. Decide on When You Should Revisit Your Strategy
Technology changes quickly, and so do cybersecurity threats. A plan that hasn’t been updated or reviewed in a few years likely needs to be refreshed.
10. Evaluate Your Vendor Relationships
Remember that story at the beginning? We unfortunately hear too many stories of clients who thought that their vendors were following best practices when that wasn’t the case.
Here’s another true story: one healthcare client assumed their print provider was following best practices. Unfortunately, they found out that 1) their provider wasn’t decommissioning their equipment securely, 2) the sensitive information of hundreds of thousands of patients was, therefore, exposed, and 3) the healthcare client was liable for the exposure.
Vendor due diligence is critical, but there’s one simple way to find out if your IT or managed print providers are doing the right thing for their clients: ask about their SOC report. If they’ve achieved a SOC 2 Type 2 for the service they’re providing, you can consider them safe to do business with. If they haven’t, you should ask more questions.
A Simplified Disaster Recovery Checklist
As managed IT providers, helping our clients protect their data, recommending effective backup and recovery solutions, and forming relationships with other vendors that are following best practices are directly tied to our ability to be successful. So we’re fortunate that it’s easy for us to dedicate the time and the resources to do it.
That is to say, no, you don’t have to completely reinvent the wheel with your DRP. You should absolutely think through your greatest areas of risk and recovery goals, but if you want to press the easy button on many of the above steps, we recommend Barracuda Backup. Not only is it an affordable, integrated local and offsite data backup and disaster recovery solution, but it also offers exceptionally fast and easy recovery.
And if that sounds more your speed, because we’ve formed a strategic partnership with Barracuda, we’re pleased to offer you special pricing and world-class support.
If you’d like additional help compiling the rest of your disaster recovery plan, we’ve attached a checklist to make the process as easy as possible. Click the link below to access it!