When we read the phrase Disaster Recovery we might think about a catastrophic event that has happened in an area where a tornado has hit or something, but what really has happened is a hurricane has came through and wiped out your data center and systems and knocked you out of commission for a while. (The definition of disaster recovery would be appropriate here – Disaster recovery (DR) is an area of security planning that aims to protect an organization from the effects of significant negative events. DR allows an organization to maintain or quickly resume mission-critical functions following a disaster.
What do you do now? This is why where we learn why it is so important to have a plan in place for a disaster. recovery and continue to do business during the meantime. It’s easy to dismiss the idea that it will never happen to any type of business like yours and can only happen to major corporations like banks and other big players, but in reality it can happen anywhere at any time. with the way the technology world is and the hackers intelligence gaining in this tech world today. Some small businesses aren’t as fortunate as bigger businesses as having the top of the line equipment of switching to an alternate system in the case of a disaster, but its not to say that they cannot purchase something or invest in something nice that will prevent them in the future from a significant cyber attack to a natural disaster.
The first step on the route to developing a disaster recovery strategy is to have a plan. In its simplest form, this will simply be a case of documenting where your backups are and who is responsible for retrieving and restoring them.
The bigger the business, the more complex the plan will become, as you need to have provision for finding alternative accommodation, sourcing new equipment, getting communications up and running, and more.
You need to understand where your systems are. For example, what is run and stored internally and what is in the cloud? Just because something is in the cloud doesn’t mean you can ignore it from a business continuity point of view.
You need to consider how you would access it in the event of a disaster, but you must also plan for what would happen if the cloud provider itself were to have a problem. Do you have online backups of your data elsewhere?
Making a disaster plan also involves deciding the relative importance of different systems. Which are essential to your operation and need to be retrieved quickly and which are less vital and can be left for later? The amount of data you have comes into play here too. The more files you have, the longer they will take to restore. You will want to think about how you structure the retrieval.
You need to think about the type of disaster you might encounter. Immediately we think of fire or perhaps cyber attacks, but what about other things? Flooding, for example, can be devastating and if your company is in a vulnerable area, you might want to think about moving to reduce the risk. Think about other problems beyond your control: power outages, theft, vandalism, or even one of your major suppliers experiencing a disaster that prevents them from fulfilling their commitments to you.
As you develop your plan you will need to think about who will be in charge of the different areas of the plan and who has the experience of those areas so the plan can be carried out with efficiency. As only having a plan is just a small part of the picture, you must keep it up to date and know your areas of concern when something happens. This should be the first plan you draft up when becoming part of the IT leadership team and heading up a business.
Online and Offline Backups Matter
At the heart of all disaster recovery solutions is an online cloud backup. Software and data are the lifeblood of your company’s systems, so you need to have up to date copies should you need to restore your systems.
It’s essential to have a structure to your backups too. If you backup to the same external disk each week and only discover a virus infection after you’ve done your latest save, then your backup will be infected too. It’s important to have structured backups so that you can go back to an earlier version if required. The ‘grandfather, father, son’ approach where you have three generations of saves is one of the most common ways of doing this. It is a safe way of doing things this way as you will save your data and your clients by having this backup and you will be able to run your business still with this backup.
A lot of companies will rely on the cloud and storage capabilities to manage their backups of data and such. The areas that they will not pay attention to are that they need to update the cloud infrastructures as well and make sure they do not fall apart. In order to make sure this is complete and accurate they should hire on a professional team of IT gurus and ensure their systems will be ready and prepared for any disaster.
Business Continuity Communication Solutions
So, with the focus being on all the system protection and backups, there are other areas that must be part of your disaster plan that need to consider. Primary among these is communications. If your business can’t operate normally for a time, it’s essential that you can let your customers and suppliers know what’s happening.
If your building is out of service, you can arrange for a service to divert incoming calls to another number so that your business contacts can still reach you. Of course, you need to be able to contact your staff too – whether it’s to bring critical employees in or tell others to stay at home. Make sure you have an up to date list of contact details with landline and mobile numbers plus email addresses.
Office for Business Continuity
Another aspect of the disaster plan includes that if your business has multiple sites of work areas or staff located elsewhere, then you will have to think about where to redirect those members and how to get your equipment back up and running over there. Of course, office or production space is only part of the problem. You must make sure your teams have the right equipment to work with. This might mean sourcing new PCs; it might mean allowing some staff to work from home. In the latter instance, you need to make sure they have equipment and connectivity that’s up to the job. If you allow them to use personal equipment for business use, it’s important that there’s adequate security in place.
There are other areas of knowledge that you will need to know to make your disaster plan a great and efficient one.
- Recovery Point Objective (RPO) – RPO is measured in time and then dictates disaster recovery procedures. For example, if the RPO is set to 30 minutes, then a backup of the system is required to be done every 30 minutes.
- Recovery Time Objective (RTO) – RTO designates the amount of “real time” that can pass before the disruption begins to seriously and unacceptably impede the flow of normal business operations.
IT disasters are real and can happen often even when we are not expecting them. Make sure you have your plan and know what areas need to be covered and updated periodically to prevent a major downtime in your business.