ShalevSoft is your trusted source for business software
Do’s and Don’ts of Disaster Recovery
2017 has certainly seen its share of disasters – from crippling cyber attacks to some of the most devastating hurricanes in history. While this year has shown that large-scale disasters can eat up valuable resources and almost half of the companies hit by a disaster may not recover, disaster recovery does not have to be a long, arduous process, or put you out of business if you have the right disaster recovery plan.
Whether you’re researching ways to create a comprehensive disaster recovery plan, or you’re in the process of reviewing your current DR plan, this blog post will help you get started with some basic do’s and don’ts of disaster recovery.
Disaster Recovery was Not Created in a Day
The most important thing to keep in mind is that disaster preparedness is not something you can plan once and then forget about it. A comprehensive BDR plan needs constant attention, such as annual reviews, frequent testing and drills, and most importantly, new considerations have to be factored in any time your environment changes, or whenever you see another headline about a new phishing attack.
The other thing to keep in mind is often overlooked by IT departments, because it’s not something you want to think about, and that is how to protect your department and possibly your job when it all hits the fan. For example, let’s say Frank in Marketing opens that suspicious email and takes down the entire company in one click. Guess who usually gets the blame? That’s right, the IT Department. In fact, during that massive Equifax SNAFU, the former CEO blamed a single IT technician.
Even if you have a solid disaster recovery plan in place, you can benefit the entire company, and especially your department, by ensuring that you’ve taken all the necessary precautions, crossed all your t’s, etc. Even having a DR checklist to show that you’ve covered all your bases could be all that you need. In other words, be the IT hero, not the company martyr. And all it takes is a little research, planning, and documentation.
Here are some real life, practical DR do’s and don’ts designed for business owners and IT pros alike.
DO Have a Written DR Plan
Creating a Disaster Recovery plan requires assessing your company’s needs, IT budget, and a written plan that includes your plan of action. This should also include a document all of your known resources – hardware and other equipment, software applications, a map of your entire environment and its configurations, and any other information you will need to rebuild your systems if they are completely destroyed.
If you have a maintenance plan with a backup vendor, be sure to renew your contract when it’s time. The last thing you want is to be left without access to support in emergency situations. Lastly, like your backups, make sure all of this information is stored in multiple locations and accessible at all times. This information will also be instrumental in making insurance claims if necessary (pictures are also good for the DR plan and insurance purposes).
DON’T Assume Data Backups are Enough
Even though protecting your entire environment starts with backups of your critical data, it doesn’t stop there. You’ll want to ensure that you can get all of your systems up and running as quickly as possible. Keep in mind that every DR situation is different, so in addition to backups you will need to have several recovery options in place.
If you find that you’re BDR plan is lacking in any way, do a little research and demonstrate how the company will save money in the long run by investing in a better backup solution, or more stable storage options.
DO Use Best Practices When Implementing Your DR Plan
We covered this one in a previous blog post. It’s worth a read, and definitely worth a recap here:
Use Reliable Hardware – Think about how relieved you will be when you’ve just saved the company from a cyber attack, but even though you prevented the cyber criminal from reaching your company’s data, you can’t get everything back online because you used an old crappy server. Yeah, we know that’s not a real IT scenario, but you get the point.
Check the Integrity of Your Backups & Replicas Often – You’ve probably scheduled your backups to run often, but how often do you check the integrity of your backups? Check those logs; they are there for a reason.
Secure Your Onsite and Offsite Storage – Do you consider storage redundancy part of your testing practices? See the best practices post for more tips on storage, but keep in mind that the main goal is to eliminate all single points of failure.
Test, Test, and Test Some More – We know we’ve said “test your backups often,” a lot. But we cannot stress this one enough. This takes very little of your IT resources, and if you catch a minor issue during a backup or a recovery test, then it won’t be a major issue when you’re in the middle of preparing for the next hurricane.
DON’T Assume that Management is Aware of all the Risks
While the media headlines have put cyber security in the limelight this past year, you can’t assume that management is aware of all the different types of cyber attacks or understands the potential risks. In fact, according to Computer Weekly, “More than 70% of executives say their organisations do not understand fully the risks associated with data breaches.”
It is up to you to keep up to date with the latest ransomware and to understand the complexities of data breaches (more on that below) and best DR practices. This will also help you with the next item on our list.
DO Advocate for Training
As mentioned earlier, an annual review of your written DR plan is a must, because you will need to refine your plan any time changes are made to your environment, etc. More importantly, advocate for regular training to ensure that everyone knows the plan, and practice implementing it regularly. Don’t assume that Management will take care of this part of the plan – it’s up to you to make sure everyone is on board.
Speaking of which, definitely advocate for training for all staff to protect against phishing emails, etc. Don’t let Frank from Marketing take down the company in the first place. Help prevent him from opening that email, and prevent your CEO from blaming you after the fact.
DON’T Underestimate Cyber Criminals
Many cyber criminal experts will tell companies not to pay the ransom and to have backups instead. But did you know that the biggest cybersecurity threats are inside your company? So don’t assume the attack would never come from inside the building… Ultimately, know what you’re up against and be informed.
On the data breach note, we would like to make the caveat that backups will not protect you at all from a data breach. Ransomware, yes, but a hack– only if they damage your data during the event. However, regular backups are definitely a part of healthy, well balanced cyber-defense diet, which brings us to our final point.
DO Ensure You Have All the Weapons You Will Need in Your Defense
No matter what happens, if you have the right weapons, you can protect yourself against almost anything, even a zombie apocalypse.
To help ensure this, you may want to start with the following questions:
- Does your backup solution provide flexible recovery options?
- Can your current solution store/archive backups for short and long term recovery?
- Do you have sufficient storage and recovery options for backups?
- How secure is your storage?
- Do you know your company’s RTO/RPO?
- Does your plan include a way to get your systems running again quickly?
Overall, you want to make sure you’ve done everything you can to ensure that your systems are fully recoverable after a disaster. Checklists are always useful, both in preparation and during a disaster. Most importantly, your disaster recovery plan should always include a reliable BDR solution that can support your specific environment.
Helping Alike Customers Recover from Disasters
We’ve helped many customers recover from disasters, including the recent hurricanes. Not only were these customers prepared with a reliable backup and recovery solution, but they were also prepared in other ways. Many of them used the best practices and tips mentioned in this blog, and by having access to our expert Tech Support team for emergency services, they were able to get up and running again quickly.
Mainly, we want to help people by providing them with the tools, tips, and security they need to get back on their feet after a disaster. And as for the IT pros out there, we don’t want you to be the fall guy (or gal) for a disaster. Check your pride at the door; even if you think creating a DR checklist is silly, you might then also want to think about that poor IT technician at Equifax.
No matter the risk or potential consequences, it is easy to be prepared for a disaster, even on a small budget. Don’t fall victim to being one of the worst IT disasters of the last decade. Let us help.
Alike provides some of the most comprehensive backup and disaster recovery solutions available for virtual and physical environments. We also offer a 30-day free trial. To learn more, check out some of our videos, or contact us if you have questions.