Disaster Recovery (DR) is something every business should have a plan for. It’s something no one wants to think about, but everyone should do. DR covers many different areas, however we’ll focuses specifically on the IT or technology that supports how your business processes data. Having a disaster recovery plan in place means that your business is able to continue working after catastrophe strikes—be it a hacker strikes or a natural disaster such as a flood. Disaster recovery takes time and effort, and includes a financial investment. However, the security DR provides in a dire situation is well worth these resources.
Consider weighing the cost of your disaster recovery plan against the cost of your business being inoperative. According to VeriStore, if you consider that of companies that had a major loss of business data, 43% never reopen and 29% close within two years, the cost of being down is quite high.
Not all businesses need the same disaster recovery plan. Consider a DR plan that is unique to your business needs.
Things to consider when strategizing your disaster recovery plan:
Your business’s DR plan requires you to examine your information systems. How will you backup your data? How will you recover data if there’s a server failure? How much time will there be before access to the system is restored? If you have to move to a temporary location, how long will it take to physically move. You also need to have an understanding of what will happen during an outage and how you will respond when services are restored.
Backing up your data:
According to an SMB survey conducted in 2011, Symantec revealed that only 23% of small or mid-sized businesses backup data on a daily basis, and 15% of mid-sized businesses don’t backup at all.
No matter what your business looks like, when it comes to disaster recovery it’s important that you have something to recover; that means backing up your data on a regular basis and validating that the backup copies can actually be used to restore systems. When backing up data, include copies of operating systems and application software as well as data on the server you’d need to get back up and running. Frequency of backing up should be determined by how often updates are made to systems and data and how much effort manual recovery would take.
A Corus360 survey found that of companies backing up their data, only 30% are using off site storage; very few use cloud storage. Cloud storage is a less expensive way for your business to replicate and store backup data, but you need to understand how it works, the risks introduced by using cloud services and what is right for your company.
When it comes to backing up data, you should do it in multiple ways and places. No matter how resilient you think one location may be, you will have greater security the more you diversify.
What to include in your disaster recover plan:
Backing up data on a regular basis doesn’t equal disaster recovery. Construct a plan that includes the following information:
- Hardware requirements and vendor contacts
- Software products you use with version numbers and vendor contacts
- Backup procedures and locations of backups
- List of employees critical to recovery with contact information
- List of users you need to contact
- Step by step procedure on how to restore system and operations
Testing your DR plan:
Corus360 also noted that of companies with a formal disaster recovery plan, only 28% have tested their plans. Of those testing, most don’t test often enough. Quarterly testing may not be sufficient. If you are going to invest in a disaster recovery plan, you need to test if that plan is actually worth your investment, and if you need to update or change it.
If you have DR in place, that doesn’t mean you’re covered. Make sure you are testing your investment and know it will work for you when catastrophe strikes. If you haven’t considered DR yet, it’s time. There are myriad of IT threats out there and many ways to protect yourself; don’t be left without a lifeboat.