The world is a dangerous place for business data. Risks abound at every turn. There is the increasing threat of natural disasters along with a laundry list of cybercrimes—any of which has the potential to destroy your IT infrastructure and either destroy or deny you access to the business data you depend on. Tragically, many businesses never recover from disasters like this—FEMA puts the number at 40%. What about your organization—do you have a disaster recovery plan template, or would you be out of business on the spot?
Think you’re immune?
There are multiple ways your data could be lost or become inaccessible, from physical destruction of your servers, to cybercrimes like phishing, denial of service, cryptojacking, extortion, or blackmail. Any of these could create a situation where you have no access to your historical data and slim resources to conduct daily, routine, and vital business transactions.
Smaller companies can feel immune to data disasters like these, falsely believing cybercriminals only target larger enterprises. In fact, companies with less than 2,500 people are consistently the most targeted group for cyberattacks according to the SEC, with 43% of cyber attacks directed at small businesses. Not only are these companies less likely to have a disaster recovery plan (27% have no cybersecurity protocols), but 60% are unlikely to protect themselves after an attack (2015 State of SMB Cybersecurity Report). Unfortunately, this behavior only encourages repeat attacks. The stakes are high, so while you might never be able to fully prevent disaster from striking your organization, you can—and must—prepare your organization for the possibility of such a strike.
Can you rely on your backups?
Likely (and hopefully), you are diligently backing up your business data. But where do those backups live? Will they be accessible in the event of a disaster? Is the backup data off-site, and if so, what are your strategies to get it up and running again? From an IT perspective, would you be able to restore backups and rebuild your company data, networks, and working platforms? Does your hosting company have the capability of restoring your working platforms?
It’s important to not only ask, but also answer these questions so you understand the key steps to recovery before disaster strikes. In addition, you should be thinking beyond the backup itself, considering the following:
- Where do you restore the data—do you have the physical or virtual hardware to accomplish the restore?
- Do you have a compatible backup medium? If you’re using tape, is there a tape machine available to restore? Is your medium so old that it’s no longer viable?
- Do you have the software available to restore the backup?
- Do you have the software available to use the restored backup data?
- Do you have the licenses for the software, both backup software, and location of where you’re restoring the backup to (i.e., SQL)?
- Does your software have customizations? Can they be re-applied if you had to start from scratch? Are the customizations stored separately from the data or software?
Steps to develop a disaster recovery plan
There are several key steps your organization can take to begin fleshing out a disaster recovery plan.
- Take an inventory of all your IT assets. This includes:
- Physical servers or hosted servers, including phone systems.
- Software running on these servers, including the requirements to run this software.
- Licenses necessary to run all the software.
- Note where they exist physically or electronically (this sounds obvious but saves you time digging around in a crisis).
- Note how all assets are connected to each other.
- Rank all the assets in your inventory list according to need for the business:
- Determine which IT assets are absolutely critical to your business.
- Rank the remaining assets in groups according to how long you could live without each IT asset (i.e., hours, days, weeks, etc.).
- Estimate the time required to acquire, re-provision, rebuild, or restore each IT asset to an operational state.
- Make a detailed plan to accomplish a full recovery:
- Detail every step to complete the recovery.
- Note where to find the backups.
- Note where to get replacements.
- Try completing the plan to restore just one of the IT assets … not necessarily your most critical need.
- Try completing your most critical group.
- Try completing your entire plan.
- Learn from any missteps or shortcomings.
- Add a disaster recovery plan for all your new IT purchases:
- For IT assets you can’t control, such as hosted servers, at least document the plan before you place them in service.
- Make sure each of those assets fits with your company’s requirements.
- It doesn’t help if your new hosting company has a recovery plan but has never practiced. Ask them about expectations for downtime—do they estimate a one week restore time when you need one day?
Make practice a priority
Many companies make the mistake of thinking they have a sufficient disaster recovery plan, but never attempt to practice what that recovery could look like. Make it a priority to practice various recovery scenarios that could be followed depending upon the nature of the disaster or attack. These are key steps in developing a disaster recovery plan template.
Be prepared—not afraid
When it comes to disasters, it’s not a question of if it will happen, but when it will happen. So, it’s natural to feel a bit overwhelmed when you consider the impacts of a natural disaster or cyberattack on your business. But it’s not okay to let your fears keep you from acting—it’s vital that you begin to prepare your organization to survive the storm. Begin by chipping away at your disaster recovery plan template bit by bit, then practice restoring your assets regularly. By asking the right questions and taking the right steps, you can create a better strategy that will best prepare you for the worst.
The Velosio team is here to help connect you with the resources you need to develop and implement a disaster recovery plan template that fits your business and your risk tolerance levels. Start the conversation by contacting us.