Disasters can come in many forms. In business, it means a catastrophic disruption. For small and medium businesses (SMBs), it means loss of income, perhaps reputational damage and the possible loss of jobs inside and clients outside. It is also, literally and figuratively, not the end of the world. With the benefit of a disaster recovery plan drawn up in advance, it is possible to be back in business in a short time and back to full operational efficiency not long afterwards.
The cause of such a disaster could be a natural disaster, such as an earthquake or a tropical cyclone. It could be a power outage owing to nothing to the weather. Sadly, in this day and age, the disaster could be caused by a terrorist attack, either a physical one or, increasingly, a cyber-attack. In recent years, cyber criminals have raised their game and become more high-profile by causing havoc to large companies by shutting down their operations through their reliance on digital technology.
This applies to many SMEs because the very technology that makes them efficient becomes an Achilles heel when it is disabled
Defining Your RTO and RPO: Understanding Recovery Time and Data Loss Tolerances
The language of disaster recovery is full of terms only coined fairly recently, because cyber-attacks didn’t exist until the IT revolution. It is useful now to know what these terms mean, and let’s start with RTO – recovery time objective, which is the length of time a business can stand being out of action.
RPO is the recovery point objective – and note the two italicised words. RPO defines the amount of data that can be lost before it becomes impossible to get back on an even keel. This essentially comes down to the length of time between backups.
Knowing the RTO and RPO of your company may not really impact how you react to the disaster, because any business proprietor will have their people working on getting back to normal ASAP, if not sooner. There will be those who panic and those who concede defeat unnecessarily. There will also be those who keep calm and carry on, hoping against hope that it will turn out all right in the end.
In the throes of a disaster, there is no point in cursing your lack of planning or your low level of protection; the time to think about that was before the incident, and if you have yet to experience a disaster, the time to do something about it is now.
The 3-2-1 Rule of Backup: Why Offsite and Offline Copies are Essential
There are various rules of thumb about backing up files, but they all now include the fact that physical backups are essential because the mighty cloud, where your information may be stored and remain easily accessible, is a weakness precisely because it is easy to get at. If it’s easy for you, it is also easy for the kinds of technological wizards who have gone over to the dark side.
Here is one rule of thumb: you’re only safely backed up if your files are stored on several duplicated external hard drives stored in secure locations several kilometres from your core of operations. There may be some flexibility in the numbers, but that is a sound principle.
This leads us to the 3-2-1 rule of backup, which says you have three copies: one in your computer, one in the cloud and one on a hard drive miles away.
The formulation is up to you, and you can err on the side of caution if you wish. What you can’t afford to do is cross your fingers and hope. Prepare for the worst and hope for the best is the best idea.
The 2 in this is two types of storage devices, i.e. cloud and external hard drive.
The 1 is the copy you keep off-site, but as we have seen above, this is not the only number. You could drive yourself crazy thinking about this, and have secure storage facilities on different continents if you are concerned that cybercrime escalation or the weather implications of global warming are going to make even 3-2-1 in your own country insufficient.
Beyond the Files: Planning for Application and System Recovery
Safeguarding your existing files is clearly crucial, but what about the applications and systems that enabled you to create the files in the first place? Here we’re going to get into highly technical areas and jargon that is best left to the professionals. If you are happy talking about failover systems and redundant cloud regions, by all means do your research, but you’re getting into territory where you’re not qualified.
This is where you need to call in an expert, go through all your hopes and fears with them and listen to the options, complete with explanations in words of one syllable (not possible, of course, but you have to aim high).
The Importance of Testing: Why an Untested Plan is a Failed Plan
All of this is fine in principle, and you can spend a lot of money preparing for something that you hope will never happen, but how do you know when you have set this up that it’s actually going to work? The only answer is to try it out. Much like a fire drill, you need to set aside a time when you can try out these backup plans and go through emergency reactions.
Disaster Recovery as a Service (DRaaS): Outsourcing Your Business Continuity
There are companies that offer DRaaS, where you can back up your data and IT infrastructure to the cloud. What you will need here is assurances and trust. Insurances too – it is vitally important to be covered to the extent that disruption costs can be recovered and, if the worst comes to the worst, you have the wherewithal to start again. But no one wants to have to do that.
The simple advice, then, is to give this a lot of thought, make sure the management team and directors know about it and get yourself protected to the highest degree possible. If you need advice to ensure you are properly protected, contact our team at Nerds 2 You for expert data backup and recovery solutions.
