Is Your Data Protected if Disaster Strikes?
Businesses have to be prepared for every eventuality.
There are plenty of situations that can be safely predicted. Employees will leave, the market will change, technology will advance. That’s just the way business works, and you’ll have effective procedures in place for when this happens.
But what do you do when the unexpected happens?
In many instances, businesses are far less prepared than they should be, especially when it comes to IT. In fact, a survey by Evolve IP revealed that just 47.5% of people said they are “somewhat prepared” to recover their IT systems in the case of an emergency.
And a further study by Gartner showed that 80% of survey respondents reported an incident in the past two years that required an IT disaster recovery plan. Just imagine if they hadn’t already created a strategy for dealing with such disasters, the results would have been catastrophic.
In this guide, we will show you how to create an effective disaster recovery strategy that could save your assets in a crisis.
What is disaster recovery (DR)?
Disaster recovery is all about how your business would cope if disaster strikes. It’s an organization’s plan of how they’d keep all aspects of the business running if a disaster occurred. This includes regaining access to data, handling operating expenses, IT infrastructure, and sensitive information.
DR is often part of a business continuity plan—when a business sets out the processes, procedures, and decisions to follow if a disruptive event occurs in order to keep the business going.
So, what kind of catastrophes call for a disaster recovery plan? Disasters can include:
- Natural disasters such as tornado, hurricane, volcano
- Power outages/failure
- Hardware failure
- Human error, e.g., accidentally erasing data
- Criminal or military attacks
- Malware or ransomware
A variety of techniques need to form a disaster recovery strategy, as, until something happens, it’s difficult to know the best way to tackle it. One hugely important part of disaster recovery is IT, because nowadays most data is stored digitally.
Once upon a time an office may have stored all of their important documentation and paperwork in a filing system. In this day and age, hardware is rarely used. It’s mainly stored online or in cloud-based systems.
Of course, this presents a new problem—what would happen if there was a cyberattack? Because there are always going to be threats to data, no matter where or how it is stored. Having measures in place that could minimize or even prevent data loss is vitally important.
What is a disaster recovery strategy?
Think of it as a contingency plan. It’s your organization’s method of how you’d prevent or minimize damage caused by a disaster.
Crisis management is at the forefront of a disaster recovery strategy. Some organizations employ a team that offers disaster recovery as a service (DRaaS) and specifically designs and maintains an effective strategy. But that’s not always necessary if you know the essential points to cover.
A disaster recovery strategy usually includes:
- Emergency procedures for employees
- Critical IT assets and their maximum outage time—RTO and RPO
- Contact information for disaster recovery teams
- A communication plan
- Tools that can help the recovery
What is RTO and RPO in disaster recovery?
Recovery time objective (RTO) and recovery point objective (RPO) are important elements of a DR strategy.
The recovery time objective refers to the maximum amount of time it may take to get your systems restored and running after a disaster.
The recovery point objective is the amount of data you could afford to lose if there was a server failure. Most businesses want to keep this as short as possible, so they back their data up every 24 hours. That means in the case of an emergency, they’d only lose 24 hours worth of data.
Critical elements in a disaster recovery strategy
Your disaster recovery plan needs to cover what you would do in any disastrous eventuality. Although you’re not going to be able to plan outcomes for every single potential disaster, there’s certainly a rule of thumb to follow.
Here are five major elements of a typical disaster recovery plan.
1. A recovery time objective (RTO) and recovery point objective (RPO)
The recovery time objective and recovery point objective are two very important steps in the plan. Setting up an RTO will help you establish how much time, effort, and funding should be spent on disaster recovery planning.
To establish an RTO, you need to analyze what’s possible by your IT department and gather a greater understanding into restoration speeds. For instance, an RTO of 30 minutes isn’t possible if restoration takes an hour. You can then use this information to create a realistic RTO.
Your RTO and RPO depend on your business. For example, a small business like a boutique clothing store may allow up to 48 hours for their RTO, meaning they only require a small budget. On the other hand, a large app developer company may have to meet an RTO as short as 20 minutes. Therefore, they are going to need a much higher budget.
Indeed, your RPO also needs to be proportionate to your business’s practices. Those in the healthcare industry, for instance, rely on their data being backed up more frequently, than say, a toy retailer. A toy retailer might be able to cope with losing 24 hours of data, whilst a healthcare provider might need to back up every 6 hours to be safe.
Make sure you’re realistic when setting your RTO and RPO because they are the starting point for the rest of your disaster recovery.
2. Communication plan
This section of your disaster recovery solution involves assigning roles and responsibilities. Consider the most important jobs in your business processes, and work your way back from there. Also, ensure each role has a backup person, in case your chosen employee isn’t there on the day of the emergency.
Create a list of all the roles and responsibilities, and include them in a handout to your employees to let everyone know their role. Don’t forget arguably the most important role—assigning the person (or people) who will declare the emergency and contact your IT service provider, contractors, accountants, and suppliers.
The communication plan should include the following:
- Roles and responsibilities
- Guidance on who to report to
- Contact information to key personnel
- How duties may change during disaster recovery
- Any precautions employees may need to take
- Client communication plan
This vital step in your disaster recovery plan will allow you to execute your strategy as smoothly as possible. Include this information in employee contracts and your employee handbook, so they know how you handle situations if a disaster occurs.
In some situations, working on-site may no longer be an option and employees may have to temporarily work remotely. If this happens, you need to ensure you’re using software that can also be accessed remotely.
RingCentral is a platform specifically intended to help those who need to work away from the office. You can still connect with the team through team messaging, phone and video calls with this powerful tool. Consider having such a system in place already, so when an emergency does strike, the team isn’t tasked with adapting to a new work system in the middle of a crisis.
3. Backup check for a business continuity plan
Business continuity planning is the main goal of a disaster recovery strategy. You need to plan well enough that your business can bounce back and recover as much as possible. To ensure this is the case, you need to run frequent backup checks.
If you backup your data on-site, there’s a chance that it could get damaged or be unrecoverable depending on the emergency. Backup your data in accordance with your RPO, and aim to store it on an off-site location data center that’s accessible in a crisis.
Follow the “3-2-1” data backup rule:
- 3: Keep three copies of data
- 2: Store two copies on separate media
- 1: Copy located off-site
By adhering to this backup rule, you’re securing your data in the best way possible. You can’t always rely on the first on-premises backup, but a second and third is (almost!) guaranteeing safe data recovery.
You might also choose a cloud-based system for your off-site data. Cloud storage is stored on remote servers, but still easily accessible. It can be maintained, managed, and backed up whenever necessary.
4. Testing with replication drills
Testing your disaster recovery solution with regular drills is important for checking that the plan is effective and that your critical IT assets are covered. You should be running tests of your disaster recovery at least twice a year.
Here are some examples of how you may test your DR:
- Walkthrough test. This is where you gather the team to walkthrough the key roles and responsibilities that would come into play on the day of an emergency. It ensures that the team is kept up to date on any changes in procedures and that they all understand their role.
- Team test. A team test will need all key figures from each department. You will then propose a hypothetical disaster scenario that affects critical systems. The team leaders can then explain what they would do in this situation. This is your opportunity to iron out any discrepancies in your plan.
- Restoration test. This goes one step further than a hypothetical team test. Here you will evaluate how well the system would respond to an emergency and how it will be restored. You can use a virtual machine to test this.
- A full drill.x This is the closest to the real thing you can get. It involves some risk, as it could lead to some downtime. Best not to run this drill first thing on a Monday morning. Some businesses don’t want to go as far as a full drill, so check with your IT team whether they believe this is necessary.
If you’re a larger business, you may want to run drills more often, particularly if you have considerable RPO and RTO costs. You need to conduct a business impact analysis after each full drill.
5. Take inventory of all assets
You need to take inventory of all assets as part of your disaster recovery plan. This includes:
- Crucial assets for your business continuity plan. This is the IT technology that is crucial for your business operations. This means your servers, key software, data, and network equipment.
- Important assets. This includes assets that could be challenging for the business to have to work without but those that can be replaced if needs be, such as desktops, mobile decides, and workstations.
- Other assets. If you were to lose these assets, it wouldn’t have a drastic effect on your business continuity. For example, television screens in the break room.
Bonus: Use software that can aid recovery
This is the part of a disaster recovery plan that many businesses fail to organize, even though it’s a key factor in business continuity. The systems have gone down, and you’ve got a team working on restoring it. But what happens to the rest of your workforce and, importantly, your clients?
Your workforce may need to work remotely, and this could have a direct impact on productivity. Make sure you’re using a great communications software to combat this. RingCentral has been designed with remote work in mind. This tool will let your employees conduct meetings, performance reviews, and conferences in real time with video conferencing, even when they’re not in the office.
Ensuring that your team is still able to work efficiently and effectively through an emergency is important for your business, team morale, and client satisfaction.
You should also invest in cost-effective cybersecurity software, so any cyberattacks are prevented as much as possible. This is why many businesses prefer the option of cloud-based storage solutions. Cloud storage is housed in a data center with its own security in place. It’s a cost-effective yet simple way of storing data. And, the provider will do all the maintenance and updates for you, freeing up time for employees to take on other tasks.
Remember: if you can prevent having to use your DR plan, it’s worth it.
Create your disaster recovery strategy
Disaster recovery plays an important part in the success of your business. It allows you to have a solid plan in place in emergency situations beyond your control and helps you resume normal operations as quickly as possible. The elements we’ve covered will put you in good stead for when disaster strikes.
- Audit your current processes
- Ascertain potential risks
- Establish critical points to include in your DR plan
- Share roles and responsibilities with the team
- Continue to test your plan
Invest in video conferencing software that will help your business stay connected, prep your employees for their roles in a disaster, and, most importantly, be ready to assure customers that you’re still able to look after their needs.
Business continuity is key, and you need to ensure your organization’s ability to meet commitments despite setbacks.
While you can’t predict when it happens, you can prepare for how your business responds to it.
Written by Andy Chang, Content Marketing Manager for RingCentral.