When you’re operating in the business IT space, data backup and disaster recovery are two topics you can’t ignore. Your business runs on data. If you were to lose access to it, you could suffer tremendous costs and lose the confidence of your clients.
The best way to think of a data backup plan is as an insurance policy. Your business may be covered for financial loss and other risks by your insurance company; you need the same type of protection for your data. With a plan in place, you’ll be well-positioned to get things running again, even if you suffer a catastrophic loss of data.
Today, most businesses have at least some type of data backup plan. In its simplest form, data is stored remotely through a cloud service or on a local storage device. Backups are done regularly depending on the needs of the business – maybe once or twice a month. If there is a disaster, data can be accessed and restored to the point before the disaster occurred.
This basic strategy is a good start, but it might not be enough if you suffer a catastrophic loss. For example, an individual can restore their personal data easily enough if it’s stored securely in the cloud. But they may have to restore it piece by piece. That can take a lot of time.
You need to recover your data quickly enough to keep your operations running without interruption. You also need to ensure your system for backing up data can’t be compromised in and of itself.
What Happens During a Disaster
There are plenty of ways you can suffer a catastrophic loss of data. In 2017, there were 1,579 data breaches in the United States, with 179 million records exposed and 91.3% of those exposures occurring in the business sector. Cyber attacks such as malware and ransomware are perhaps the most talked about, but they aren’t the only threats out there.
Others include natural disasters and internal threats such as disgruntled employees, poor employee password management, or theft of certain devices that can access your network (such as smartphones).
Imagine your business is hit with a ransomware attack. All your data is being held hostage and will be erased unless you pay. If you have a secure data backup plan in place, you can rest assured that your crucial data is safe, even if you don’t pay the ransom.
But what if you’re only backing up your data once or twice each month? That means you risk losing two or more weeks’ worth of data if you don’t pay. This could severely impact the continuity of your business as well as your ability to recover.
Now, imagine your office building is flooded and the devices holding your business data are destroyed. You’ve been backing up data onto your own storage device. If you keep this device in the same location, you run the risk of losing all of your data, despite your backup plan.
There may be other risks that you haven’t considered. It’s important to update your plan for every conceivable threat. If your backup plan hasn’t changed in a few years, it might be time to re-examine it.
Create a Data Backup and Recovery Plan
Your data should be backed up to a secure, offsite location. But it should also be easy to recover. Ideally, you’ll be able to pick back up where you left off quickly after you suffer a disaster.
A good data backup plan involves three copies of your data, using two different medias, one being offsite. This is what’s known as a 3-2-1 strategy.
First, you should have one copy of production data. This is the data your company uses to complete day-to-day activities. This data should be readily available and easy to access. Second, you should have another copy of your data that is stored locally, but on a second media. And third, you should have a final copy of your data that is stored offsite, on a third media.
To come up with a good recovery strategy, there are two needs you must assess:
Recovery Time Objective
Your recovery time objective is your assessment of how quickly you need to be recovered in the event of a disaster. Your objective could be to recover in real time or to recover within a week, for example.
Recovery Point Objective
Your recovery point objective is your assessment of how far back in time you need to recover to. For example, you may need to roll all of your production data and your servers back two whole weeks, while maintaining file access for a whole year.
Run a Data Backup and Recovery Plan Audit
To determine if your current plan is enough, run a data backup and recovery audit. The idea is to simulate the process of recovering your data as if a disaster were actually occurring.
You’ll need certain assets for this type of audit, such as emergency hardware and a knowledgeable IT staff. If you have an internal IT department, they should already have a step-by-step disaster recovery process in place.
Once you run through the process, identify key weaknesses, areas for improvement, and new processes to make recovery faster. It may be that you need to backup your data more often or you need to store it more effectively to make recovery more efficient.
If you need extra help, you can augment your IT department with an IT service provider or rely on a managed security service to run your audit for you.
They can even help you determine which data needs to be backed up, how long it should take you to recover, and what your backup schedule should look like. An IT service provider can even serve as your team for data backup and recovery.
Your cyber information is critical. The safest approach is to assume you’ll eventually suffer a data breach. Ensure your backup and recovery plan is strong enough to support your business in the worst circumstances.