Australians are no strangers to natural disasters. In 2016, widespread bushfires and floods resulted in major damage in Victoria, Tasmania, and Western Australia all year round. Aside from attacks caused by Mother Nature; business owners need to prepare for a new wave of cyber-attacks that threaten their companies.
Installing backups and disaster recovery solutions can help your business survive catastrophic events, but only after meticulous research and planning. Because, unlike off-the-shelf IT deployments, disaster recovery solutions need to be customised for individual businesses. And for effective disaster recovery solutions, you need to ask yourself the following questions:
Which disasters are we guarding against?
A disaster recovery solution should start with identifying immediate threats. Consider the types of disasters you are guarding against and rank them based on their severity, geographical location, and likelihood. This will help you think about what sort of backup plans your business needs.
For example, organisations in New South Wales, Victoria, Tasmania and Queensland that see their fair share of bushfires and storms every year will require remote cloud and virtualized solutions.
What are my key assets?
You need to know what exactly you’re protecting; and you can answer this question by gathering your management staff and having them discuss which assets are critical to daily business operations. Depending on the results, this could include company data, accounting software, email systems, servers, workstations, and employees.
Afterwards, quantify the value of these assets by performing a detailed business impact analysis (BIA). For example, one destroyed workstation can cost your business $700 dollars plus productivity loss. BIAs allow you to find out what one hour of downtime costs your business, which will help you complete the next step of your DR plan.
What are the RTOs and RPOs of specific data and applications?
The goal of your Recover Time Objective (RTO) is to calculate how quickly you need to restore data, applications, and business assets. Using your BIA, you’ll be able to compile a 3-tier recovery list.
The first tier covers mission-critical systems like servers and business software that need to be recovered immediately. The second should deal with applications that your business needs within 5-10 hours of downtime. And the third should include peripheral systems such as photocopiers and messaging apps that your business doesn’t need immediately
The goal of your Recovery Point Objective (RPO) is to calculate the amount of data loss and downtime your business can tolerate before it goes under. Generally, critical data like electronic medical records or financial documents should have low RPO; whereas routine data like shipping history can have an RPO of at least 24 hours.
How will I backup my systems?
Based on your RTO and RPO, you should be able to determine the appropriate type of backup solution for your business.
Most businesses usually opt for either remote cloud solutions or local data storage, but hybrid solutions that combine the two provide better flexibility and data redundancy. Hybrid cloud environments allow you to store non-critical data in the public cloud, secure applications and backups in the private cloud, and host mission-critical apps and data on-premises.
This hybrid environment allows for a variety of recovery options. Systems with RTOs of 30-60 minutes can use on-site data backups to quickly get back online. But if local backups are affected by natural disasters, there will be a secondary failover site in the cloud.
Do people know how to respond to disasters?
Your DR plan should give specific instructions for how to switch over to the secondary site; right down to the order in which data needs to be recovered and what hardware should be replaced.
We also recommend creating an employee communication plan to make sure your personnel understand their roles during a disaster. It should include contact information for technical support; scripts for dealing with government agencies and disgruntled clients, who is responsible for which recovery operations, and whom to seek out for further instructions.
What are the results of the DR test?
No matter how detailed it might be; a DR plan has no value for your business if it can’t protect your systems against a real disaster. That’s why DR administrators should simulate contained disasters like a power outage; and test as many backup strategies as possible without causing actual interruption of service to your business.
And, to evaluate whether your employees know their roles and duties in a disaster, consider tabletop tests. In this assessment, IT administrators, employees, and DR team members thoroughly discuss all the processes of your DR plan. Human errors discovered during this process will clarify whether your communication plan needs improvements.
DR testing should be conducted twice a year, but if your company rolls out major updates and infrastructure changes; you should conduct more tests throughout the year to identify any inconsistencies in your recovery plan and refine them before — not after — disaster strikes.
Taking the time to ask these questions about your disaster recovery plan can save your business a lifetime fixing data loss; decreased employee productivity, and damaged customer trust. Here at Empower IT, we take the time to thoroughly assess your business continuity needs and develop a plan so your business can withstand the worst of the worst. Want to know more? Contact us today so we can demonstrate our robust disaster recovery services to you.
Download: IT Business Continuity Plan guide