Why Disaster Recovery Is The New Backup
Disasters come in all shapes and sizes, and when you least expect! Does your business have a real Disaster Recovery Plan?
When ransomware first hit the headlines in a major way with the WannaCry ransomware outbreak of 2017, Australia initially proved itself to be that “lucky country” once again and dodge any major fall out. Since then, however, the ransomware threat has only escalated, and many businesses who have either been under-informed of the threat, especially about the link between phishing and exposure to ransomware, or lagged on upgrading their IT security defenses have fallen victim. What once may have just been passing news, is now a critical issue for Australian businesses, with backup solution provider Datto reporting that in fact, Australian SME’s are hit the hardest in the world by ransomware today, with the average cost of downtime as the result of an attack in the hundreds of thousands.
Getting hit by ransomware or “cryptolocked” would most definitely constitute a “disaster” for your business, alongside an ever-growing list of other cyber incidents, data breaches and compromises. And its this very piece of the puzzle that most organisations simply don’t get around to planning, much less executing – Disaster Recovery Planning.
Why a Disaster Recovery Plan is essential
Businesses in the digital age need to complement their security and backup measures with a separate and distinct disaster recovery plan.
- How long would it take you to retrieve your backed-up data?
- Would you even be able to use that data if you were locked out of your business-critical systems too?
- If your business reliant on digital infrastructure, waiting minutes, not to mention days or even weeks, to reinstate your data or systems from a backup could be crippling…
There’s a never-ending list of scenarios where the longer your down-time, the greater your exposure to financial loss and business disablement. In fact, 31% of businesses have said that their business would not be able to survive beyond a week, if disabled by cyberattack – now the potential fallout gets up into the millions!
But wait! Remember that disasters come in all shapes and sizes
Whilst, cyber incidents are undoubtedly a big issue keeping business owners awake at night, Disaster Recovery Planning should take into account disasters of all types that have the potential to hamper or disable your business.
- What would you do if your office burnt down or was flooded? Where would your team go to work? How would they log in and access the systems/data they need?
- What if you lost key staff members or they required an extended period of leave to recover? Could the business continue to function?
- Who would be responsible for communicating with your clients or stakeholders and how?
- What if your business was broken into and experienced substantial losses, theft or damage?
- How and when do you initiate insurance claims and recovery support services ?
In Australia, we’re no stranger to natural disasters – floods, cyclones, and of course, bushfires – so your disaster recovery plan should take into account disasters of the technical, human and natural.
Losing your data/systems is bad enough, but there’s even more at stake!
Getting hit by ransomware or a disaster does not just result in data loss or lock-out; it has the potential to literally cause organisational paralysis.
Organisations hit by disasters find themselves battling property losses, disabled systems, dealing with reputations and client/staff relationships in crisis, most with data still locked up or systems unavailable, and mental health impacts on staff, businesses and communities. How will you also address the many moral dilemmas that will arise? If you’ve been crippled by ransomware, do you pay up or not? (Despite expert recommendations not to pay). If you’ve experienced a flood or fire, how do you balance your recovery priorities across staff, clients and the community?
Why having a good backup system is no longer enough
By now hopefully you will already see, that “oh yeah, we’ve got good back-ups” is not really an adequate disaster recovery plan. And yet this is by and large the most common response we get when we start talking disaster recovery to businesses. Most proactive businesses these days do automated backup routinely and there is pretty good awareness about the regularity of backing up and offside replication/storage. Yes, this will help you sleep a bit easier at night and help you restore data that you can no longer access…eventually… provided the back-ups are recent, complete and viable.
Business continuity depends on 3 key factors:
- Data and systems are available;
- Data and systems are secure;
- Data and systems can be recovered at any given time.
Systematic backup and using secure cloud-based storage solutions might ensure data is available…
Implementing security best practices to protect against cyber threats and human error might bolster your security…
But if your business was to suffer a cyber-attack or disaster, are your resources…or even your business… recoverable?
Other things to consider as part of the disaster recovery planning process:
- How long would it take for you to recover your data, systems, premises and operations?
- Where and how would you do this?
- How much would this cost?
- Who needs to be involved in this process?
- What legal and compliance issues do you need to satisfy in this process?
7 Key Elements of a Great Disaster Recovery Plan
Right, let’s get to it! Here are our tips on the 7 key items to include in your business’ new Disaster Recovery Plan!
- Communication plan with clearly assigned roles, responsibilities and contacts: Time is the essence. Your key spokespeople, managers and staff need to have documented plans and then be able to set them in motion.
- Plans for premises and equipment: This includes both cybersecurity measures, physical security measures, or lock-down or protective measures ahead of impending natural disasters.
- Data continuity systems: How is your back-up run, stored, accessed and restored? What other provisions or details do you require to ensure operational, financial, and safety systems can cut-over to redundant connections or systems?
- Back-up tests and checks: Regular, scheduled “drills” to check your back-up is running, and execute full restoration tests.
- Asset inventories: Ensure you maintain a detailed inventory of all workstations, systems, servers, printers, phones and other technologies in use along with key vendor/service provider contacts in use to assist with insurance claims and rebuild/restoration efforts. Include pictures and site maps/floor plans where possible.
- Emergency services/Utility service communication plans: Ensure you know who your emergency service and utility providers are and their channels to provide updates on service availability and restoration times to guide your own communication and restoration efforts.
- Contacts and details of channels through which staff, clients or community members can get updates, emotional or professional support and counselling, or assistance.
Other great Maxsum content you might like to read:
- 2020 IT Trends Watch- Continue Reading
- The Anatomy of a Cyber-Attack Explained- Fraud is nothing new – people have been tricking other people into parting with their money since money was invented. But while the internet has made many things easier and faster, so too has the internet made it easier for fraudsters to get at things that don’t belong to them.Continue Reading
- 5 Things in IT Security Leading Companies Get Right!- Continue Reading