Information technology plays an integral part in every aspect of a company and is crucial in the successful running of a business. Access to data is a must and therefore it is vital to have an effective and well-planned data recovery system that will ensure continued access to data in case of disaster.
While local statistics are hard to come by, a US-based research group found that almost 60% of North American companies do not have a disaster recovery solution in place. Considering that additional research showed that 50% of companies that lose their data due to disasters go out of business within a year and that 93% of businesses closed their doors within five years, the importance of a disaster recovery plan becomes crystal clear.
Planning for disaster might seem a hefty task, so we have compiled a three-piece article on how best to plan for disaster according to your business’ unique needs.
- Regularly test the disaster recovery plan
The latest research shows that almost 90% of companies test their disaster recovery plans or systems only once a year, if at all. In the event of a disaster, these companies are left at the mercy of the theoretical success of their disaster recovery plans – which is simply not good enough. In fact, it might be better not to have a test at all. Technology is ever-developing so that alone requires regular testing. Testing should take place twice or more per year under realistic circumstances, while simulating conditions similar to that of a striking disaster. This will also prepare employees better and make sure that new faces to the company are quickly introduced to these valuable protocols.
- Do not neglect off-site backups and storage
Most disasters will make access to on-site back-ups difficult if not impossible. This would include fires, rain and flood damage, storms, tornadoes and acts of terrorism. Having a backup storage site that is not in close vicinity to the company’s offices becomes vital, as this will be the only data left or accessible for a while. To determine how often backups need to be taken or sent to this site, you need to establish the company’s recovery point objective – the time between the last backup and when a potential disaster or disruption may occur. Typically, backups should be done once a day (usually overnight), but some companies might need continuous data protection. It is highly advisable to use the cloud as at least one of your disaster recovery plan’s backup storage sites.
- Make sure BYODs are also backed up
Although employees are usually required to work on their home drives when connected to the company’s server, many do not and work on their desktops if they are using mobile devices such as laptops and tablets – i.e. “bring your own device” or BYOD. This implies that their work is not part of the daily backup of the server, and might be lost in case of theft or human error. Implement a system whereby employees routinely back up their laptops and tables. While these files might specifically be kept of their desktops for privacy reasons, it is better to put encryptions procedures in place and have a strict IT privacy policy in place (especially for the IT technicians) to protect data. Remember that once data is gone, it is gone forever. The best option to prevent such losses is by using an automatic desktop and laptop protection and recovery solution as part of your disaster recovery plan.
- Redundancy is good
Have redundant servers for all critical data on your on-site and off-site locations. These provide an alternative way to access essential components of the disaster recovery plan. Redundant servers at the off-site disaster recovery plan location can decrease the time to implement the disaster recovery plan and get back up and running significantly. You will need less time to download any backed up data, software programs and applications as it already has a secure source.
Consider the following to ensure you have the protection you need:
Planning: Recovery Point Objective (RPO) and Recovery Time Objective (RTO) – RPO is the maximum period tolerable in which data could be lost. RTO is the target time for resumption of IT activities after disaster occurs. These are two of the most important considerations for your disaster recovery plans.
- Do data restoration tests
While it was used very effectively for many years, tape as a data backup system is outdated and ineffective. Disk to disk systems are a lot more effective and reliable, to name but a few benefits. Howsoever, you need to check the quality of data backups on a daily basis to make sure your backups are effective and that this vital part of your disaster recovery plan is working. You should also implement monthly tests to ensure that your backed up data can be restored in full and in exact quality, should the need arise. Inspect the quality and improve the system where necessary to ensure that your disaster recovery plan will run smoothly and your business recover timeously in case of disaster.
- Implement theft recovery and remote data wiping solutions for mobile devices
With the accessibility and ease of use of today’s mobile technology, a large majority of the workforce uses mobile devices such as laptops, tablets and even smartphones to work from anywhere, at any time. The fact that the location of data is not limited to the physical site of the business means that information becomes more vulnerable to theft or loss. To make sure that your company’s valuable and sensitive data is protected, should a device on which this data was being worked on is stolen or is lost, you can install software programs that will recover this information as part of your disaster recovery plan and then remotely wipe it, so that the person in possession of the device has no access to any of t data stored on it.
- Install regular virus pattern updates
Viruses and malware are extremely prevalent in today’s digital environment. It takes one unsuspecting employee to open a malware-carrying email to create havoc in your entire company’s machines. By installing regular virus pattern updates, you can protect your company’s data and systems as part of your disaster recovery plan. As a matter of fact, this may prevent disasters in the first case!
- Use a disaster recovery service provider
Small to medium-sized enterprises often lack the resources of a specialised IT professional to drive the disaster recovery planning process. Using an external service provider with the necessary expertise to implement the disaster recovery plan that has been designed and signed off by your company’s disaster recovery plan committee might be a good option. These service providers usually also offer server, storage and network infrastructure support and can prove invaluable when disaster strikes to the extent that your employees and company infrastructure cannot cope by itself.
- Have realistic expectations
While you should of course aim to recover most if not all of your data, you need to remember that a complete service is more expansive than one that focuses on recovering key data and information. Basically, you need to first understand that you get what you pay for. You cannot take a less extensive plan and expect 100% recovery. Secondly, it’s unfortunately one of those things that certain data or information cannot be safeguarded and restored as it was before within a limited amount of time or scope. Once you understand these limitations, you should set up recovery point objectives (when does recovery begin and what is acceptable or at least bearably as an outage) and recovery time objectives (how current is the recovered data, i.e. how far back do your back-ups go and how recent should they be).
- Who is responsible for what
When planning your data recovery strategy, you need to assign clear and unambiguous roles to the different role players. When disaster strikes there will be no time to organise a reactionary process, so this should already be in place before anything that might go wrong does so. Hand in hand with this goes proper training and compliance to national health and safety practices and standards. The employees assigned to key roles must be equipped to execute them, and well enough trained to do so without hesitation.
- Identify all the relevant risks
The plan first needs to address and define exactly what would qualify as a disaster. Once this is done, the different applicable variables should be identified and taken into consideration, with careful plans put in place to counter them, should it become necessary. An example would be planning for a fire and taking into consideration not only the physical fire and potential risks it holds for employees, furniture, IT equipment and the overall structure but also the implied risk of a shortage leading to a power outage or physical damage to a server.
Consider the following to ensure you have the protection you need:
Replication and Automatic Failover – If one of your production systems goes down, will you automatically failover to your offsite replica? Will your users still be able to access the services and applications needed with minimal disruptions while your IT team work to restore normal operations.
- What cost might be incurred?
While data recovery is a considerable expense and, as with most insurance products and services, not appreciated until it’s too late, you need to understand the cost of not having it in place. Look at the ideal: how much would it take to do a 100% recovery versus what would be the minimum you would need to move on and keep the business running? As with any insurance situation, only you as business owner can truly answer that. You will need to choose between spending the money or taking the risk. If it makes it easier, see it as an investment. An investment in the continued existence of your business, even.
- How solid is the technology?
Once you have decided on the extent of your data recovery strategy and the different elements within it, you need to find a partner that will listen to your needs and can give you right advice where necessary. You need someone who uses state-of-the-art technology and has a clear track record of achieving successful data recovery. Choose someone who uses new technology as it provides a higher performance and often comes at a better ratio of what you need versus what you get. Make sure your service provider has a secure off-site back-up facility.
- Password protection
In order to protect vulnerable and confidential data, you need to have passwords as part of your disaster recovery plan. The passwords should be secure, given to only the right people and never to only one person.
Floods, fires, storms, tornadoes and terrorism are only a few disasters that can strike a business and destroy its data, which will almost surely lead to a short business life ahead.
A disaster recovery plan can help you prepare for such scenarios and save your data and your business. This is why putting a disaster recovery plan in place is one of the first and foremost actions you should take as a business owner.
As much as one would prefer to avoid thinking about disasters, once you have designed and implemented your disaster recovery plan, you can tend to your day-to-day business and to growing your business with peace of mind knowing that, should the worst happen, you won’t be caught off-guard.