Disasters are inevitable, often unpredictable and bring abrupt disruption to your business.
From small service interruptions to total business shutdowns for days or months, or even fatal damage to your organisation, the effects vary in type and magnitude. Disasters can also result in revenue loss with US businesses reportedly losing $700 billion a year to IT downtime.
To minimise disaster losses, a good disaster recovery plan is a necessity for every business unit, system and operation within an enterprise. Your IT support and services team needs to respond swiftly to minimise the damage to your business. Research reveals survival rates for companies without a disaster recovery plan stand at less than 10%.
However, when a disaster occurs, disaster recovery plans can fall flat. 33% of businesses do not respond adequately to a disruptive event, despite having a disaster recovery plan in place.
This indicates one of two possibilities (or a combination of both): the protocols were inadequate and staff didn’t know how to respond, or the business continuity systems failed.
Organisations need to rethink their outdated disaster recovery plans, improve their IT support and services strategies and take a proactive approach to disaster recovery. It’s not an easy undertaking with many businesses making these common disaster recovery mistakes...
1. Focusing on the wrong causes
The word “disaster” conjures up images of the end of days where flooding, earthquakes and other extreme natural phenomena wipe out your systems.
However, the causes behind a business disaster are often quite benign with 45% of all unplanned downtime caused by a hardware failure and 35% of unexpected downtime caused by a power outage.
Solution: Identify the threats to your business
The causes behind any disaster are highly unpredictable and difficult to manage. But you can take a proactive approach to mitigate the risks inherent to your business.
It’s important to identify and prioritise the likely causes behind a disaster by conducting a thorough risk analysis of your business. During a risk analysis (which is sometimes called a business impact analysis), you need to evaluate your existing security and control systems, and assess their adequacy with respect to potential threats.
You should begin by listing the essential functions of your business, which are those functions whose interruption would considerably disrupt your business operations and may result in financial loss.
These essential functions should then be prioritised based on their relative importance to your business operations.
For example, if you discover a specific data centre is prone to power failures, you could install a backup generator to ensure a continuity of service, or move your systems to the cloud. Alternatively, to protect against hardware failures, you could implement a backup infrastructure or a roadmap to help you replace aging hardware.
2. A lack of regard for your data
What would happen if you lost all of your corporate data? If your data is not recoverable – for example, because it was not been backed up or it has been deleted from all sources, could you business continue to function without that data?
Probably not. It’s a striking stat but 25% of SMEs do not survive a critical data loss.
Data breaches also impact your customers. With the introduction of the GDPR this year, a data breach means your business could also be fined 4% of your annual global turnover or up to €20 million, whichever figure is highest – particularly if you cannot demonstrate that you did everything to prevent a data loss.
Solution: Take data redundancy seriously
In order to maintain business continuity in the event of a disaster, a reliable data redundancy strategy is essential. You need to factor in the following:
- Use multiple power or communication channels within your IT infrastructure - if you have multiple paths, the loss of a single path is inconsequential because your connection can switch to another source.
- Use multiple copies of your data stored in different environments - if you experience data loss or a network failure, you can restore your data by connecting with another storage location, which could be in an online or offline environment. Some organisations use the 3-2-1 backup strategy. Here, you keep (at least) three copies of your data, keep your data backups in two different environments, and one copy of your data is offsite. As a result, you have multiple backups in a range of environments and locations, which increases your ability to recover your data.
3. Not testing and updating your disaster recovery plan
Disaster recovery planning is a constant process. As digitisation sweeps the enterprise and technology continues to advance at breakneck speeds, cyber threats are continuously evolving. For example, attacks involving cryptojacking increased by 8,500% and 5.4 billion attacks by the WannaCry virus were blocked in 2017.
Yet, these threats probably weren’t on the radar of most CIOs and IT managers in 2016.
You also need to adapt your disaster recovery strategy for any external or environmental changes to your business and its infrastructure. For example, if you move your systems to the cloud, how are you going to respond in the event of a disaster? Or what happens if a new service level agreement is implemented?
Solution: test your disaster recovery plan and policies regularly
While disaster recovery plan testing is an important measure, full-scale tests are time-consuming and often expensive to conduct. As a result, you will not be able to run such thorough tests regularly - many businesses only do a full-scale test once a year. However, you can run partial tests every quarter.
For example, if your business has multiple disaster recovery locations that require geographic distances between source and recovery sites, you may decide to conduct standalone tests for each location in rotation.
However, it can be difficult to conduct disaster tests with enough frequency. Most companies, especially large enterprises, should also consider disaster recovery monitoring tools that allow for the near-real-time analysis of their disaster recovery setup and processes.
If the worst happens and disaster strikes, your IT support and services team need to be able to react quickly and appropriately to keep your business up and running and ensure its survival in the long term.
Robust disaster recovery is a continual and challenging process. If you’d like to find out how to protect your business, click here to contact us and receive a free IT audit.