The online guide to effective disaster recovery

Data backup and disaster recovery become more and more critical issues for businesses to address every year. Whether it’s Mother Nature’s violent unpredictability or hackers and malware attempting to harvest your business data, there are more threats than ever before to your business continuity.

But what, exactly, is meant by “disaster recovery?” Let’s distill it down to a usable definition, then we can explore the subject based on that definition.

Essentially, disaster recovery is security-based planning and preventative activity that aims to protect your business from negative data loss and downtime events caused by threats such as natural disasters, online threats, insider threats, or any other threat to business continuity.

Data is the lifeblood of the modern business. Which means effective disaster recovery is absolutely crucial to the survival and health of most businesses. And while having a working definition is useful, it doesn’t necessarily explain how recovery is planned and executed when the need arises.

In other words, before you can implement effective disaster recovery, you need to understand the full spectrum of what disaster recovery entails.

Don’t worry, we’re here to help. We’ve created this online guide to disaster recovery to outline the basics of how it works, the steps involved, and how to best begin to implement it in your business.

To get started, let’s build the ground floor of disaster recovery: data backup. After all, the other details involved in recovery are largely pointless if you lose your data with no way to restore it anyway.

Traditional data backup vs. cloud-based data backup

When we talk about traditional data backup, we’re referring to non-cloud-based backup. With traditional backup, one or more copies of all your mission-critical files and programs are created so that they can be loaded onto your hardware and machines in the event of a system failure.

Back in the day, this meant backups stored on CDs, thumb drives, and external hard drives. In more recent years, these kinds of backup have become outdated because they have several drawbacks that can cause difficulties.

Chief among the difficulties with portable storage backup is that your files and programs are not updated in real time but instead must be updated manually. This is not the only drawback to traditional data backup, either.

Problems with traditional data backup methods include:

  • Excessive downtime due to slow restoration on a per-device basis
  • Data loss due to theft or misplacement of physical hardware storage devices
  • Poor or inconsistent security or encryption protection
  • Operational or financial barriers to scalability across multiple machines or networks
  • Permanent data loss when both the original copy and backup copy are destroyed by the same data loss event

Cloud-based data backup

These days, most businesses can get maximum benefit by backing up their data to the cloud. With cloud computing, data backup and recovery is far easier and more reliable to implement while also far more secure.

This is because when you take advantage of cloud computing, all your mission-critical data and programs are stored on remote servers in professional data centers and accessed securely from any internet-accessible device.

These data centers have military-grade encryption as well as multiple levels of redundancy that ensure you have several alternative backup options. They’re also off-site from your business, so even if a disaster destroys your entire building, your data is ready and waiting to be restored.

Plus, with cloud computing your critical files and programs can be updated in real time, meaning your backup reflects all your latest work updates.

Advantages of cloud-based data backup include:

  • Unlimited scalability across multiple devices and networks
  • Real-time and scheduled file backup by priority
  • Mobility and data access from any internet-connected device (we’ll explain the massive advantage for disaster recovery later)
  • Multiple redundancies and off-site backup options to truly keep data safe from loss
  • Military-grade security and encryption to protect your data from online threats

Data backup is clearly a big part of disaster recovery. But don’t take that to mean it’s the only step necessary to recover after a disaster or data loss event. In truth, restoring your data, though a complex process in its own right, is one of many steps to successful disaster recovery.

5 Key strategies to minimize downtime

Disaster recovery is more than backup: you need a plan

So we’ve got the how, why, and where in place for backing up your data. What now? Now you need a plan. And not just any plan, either. A good disaster recovery plan is an extensive, if not exhaustive, list of all your mission-critical systems and data, how they will be restored, the timeframe for restoration, and who will restore them.

This is far more complex than it might sound. In the chaotic aftermath of a natural disaster or other data loss incident, time will be money. The longer your systems are down, the more money you will lose. Not to mention reputation, should the problem be from something other than a natural disaster.

A powerful, well-constructed disaster recovery plan protects your bottom line and your business reputation by minimizing downtime and preventing data loss. And no matter your industry, the plan will always have a few crucial details.

Minimum elements an effective disaster recovery plan will cover:

  • Who will be in charge should a data loss event or natural disaster occur
  • The contact information for all mission-critical employees who will support recovering your business technology
  • A list that prioritizes the mission-critical programs and data you must have to get back to work
  • A communication plan with assigned responsibilities for each employee to resume network operations
  • A map of all systems and technology that will require restoration
  • The steps to restore service from all your vendors, including cloud service providers, data backup storage facilities, and any mission-critical program providers.

Keep in mind that the elements and execution of a disaster recovery plan are more complex than just this list. But these minimum standards should be enough to start building an effective plan that will minimize downtime and protect your business from data loss.

5 foreboding reasons you need a disaster recovery plan

Business continuity planning as part of disaster recovery

It doesn’t always take a full-on disaster to take your business down. Many businesses experience downtime as a result of smaller incidents that don’t involve data loss but do interrupt business operations. Whether it’s an internet outage or unresponsive mission-critical programs, a business continuity plan outlines your responses to issues that bring your workflow to a slow or stop.

Often it makes sense to outline your business continuity plan while you’re developing your disaster recovery plan, because there will be overlap in some of the strategies and responses.

It’s also a good idea to take on professional assistance when it comes to business continuity planning. If you’re already using a Managed Service Provider, there’s a good chance that BC is one of the services they offer. It might already be a part of your current contract, too.

If you’re not currently working with an MSP, you can certainly attempt to put together a BC plan on your own. To do so, your in-house IT department and other management teams will have to collaborate on how your business processes, communications and technology interact to operate your business on a day-in and day-out basis so that they can plan for the loss of various individual resources and what the response to that loss looks like.

5 throwback videos that can teach you about modern IT concerns

Disaster recovery audit

So, you’ve got a data backup service in place, and you’ve developed a disaster recovery plan. What now? Simple. Now you need to determine that your plan and your backup service work as intended.

As the boxer Mike Tyson once said, “Everybody’s got a plan until they get punched in the face.” While this is a hilarious but somewhat irreverent statement, the message has a lot of truth. How can you know whether your plan will work when the time comes?

The answer is disaster recovery auditing and testing. By taking the time to audit your plan for effectiveness and completion before disaster strikes, you give yourself the best chance to avoid downtime if things don’t go as planned.

3 steps to successful disaster recovery auditing

Number 1

Review your plan extensively.

Go over your plan periodically with your team. Things change, both in your business operations and your continuity needs. By walking through your plan in detail you can answer questions and concerns that crop up, while refreshing everyone’s knowledge on their ongoing disaster recovery responsibilities.

Number 2

Perform a tabletop test.

Think of this as the human element test for your plan. It’s a mock-live scenario where you sit your team down and require all team members to demonstrate that they know their responsibilities should disaster or a data loss event occur. By doing this you can identify any documentation errors, as well as any missing or inconsistent information that might be causing the plan to break down.

Number 3

Run a simulation.

Now that you’ve conducted a plan review and tabletop test, you’re still not ready to run a live test. Instead, it’s time to run a systems simulation. Think of this as the mock-live test of the system and technology elements in your plan. Part of this step will be engaging your various continuity resources or recovery sites individually at different points.

The goal here is to come up with a variety of downtime and data loss scenarios to see how your plan changes with each of them. By working through as many scenarios as possible, you can provide your plan with the best test of its successes and vulnerabilities. Which means you can build on the successes while shoring up the shortcomings.

Again, there’s more to testing and auditing your plan than these three steps, but they will constitute a good start. We highly advise taking on the services of a Managed Services Provider (MSP) for both developing and testing your plan.

Also, much like testing your disaster recovery plan, it’s a good idea to periodically test your backup service to ensure it is backing up properly.

A story of failed disaster recovery (and the lessons you can learn)

Sometimes experience is the greatest teacher. Except you’re probably not interested in experiencing data loss in order to learn from the loss. No problem. Let’s take a look a three disastrous stories of data loss and downtime to see what lessons you can put to work in your approach.

Ma.Gnolia, a social bookmarking company, lost all its data and eventually went out of business

This is the kind of data loss horror story that makes a company famous for all the wrong reasons. It’s also the kind of story that bankrupts an otherwise successful firm.

In 2009, the company had all of their mission-critical servers go down. Once they got them back online, they discovered that the crash had corrupted all the data on them. Though the cause of this crash was unclear, initially it didn’t seem like too big a problem. After all, they were prepared with a data backup solution for just such an occasion.

There was just one problem. The data backup server was on-site, rather than off-site. Which means the data in their backup was also corrupted by the same network crash.

Ultimately, the company lost all of the stored bookmarking data their clients depended on them to store. For good. Their clients, left totally without options, lost faith and jumped ship to a competitor.

Though Ma.Gnolia threw up a Hail Mary attempt at rebranding, they ultimately shut down after another year.

The lesson:

Check your backups. And back them up off-site (While you’re at it, follow the 3-2-1 data backup strategy). Automated backup processes fail from time to time. Or other things happen to interrupt the process. Don’t wait until you need it to make sure your data is backing up, or you might discover too late that it hasn’t been backing up.

Believe it or not, this happens. Automated solutions are fantastically convenient, but do not use a set-it-and-forget-it strategy. Be mindful of the possibilities.

Five terrifying data backup and data loss statistics (and lessons)

It’s clear that natural disasters are a serious threat to your business continuity. Don’t wait until disaster is coming down the pike to worry about how you’ll stay in business afterward.

Downtime is a business killer. Not only is it expensive, but it also has the power to destroy your reputation. Make sure you have a strategy in place to get back to work ASAP. The alternatives aren’t worth the risk.

This one is obvious. Having a disaster recovery plan puts you ahead of the competition while protecting your business from the negative effects of downtime and data loss.

Three months is a long, long time for even part of your network to be down. How many workers can afford to go three months without a paycheck? How many companies can afford to pay their employees for three months when no revenue is coming in? No matter how you do the math, it amounts to a death blow for most businesses.

The odds of success if you’re not prepared are not in your favor. Be prepared. Backup your data. Have a plan.

Conclusion

Disaster recovery is serious business. As the stats and scenarios have shown, failure to take it seriously can have long-term consequences for your business. It can even put you out of business altogether.

Let’s recap the main takeaways from this online guide for clarity and helpfulness.

Cloud-based data backup and storage is the way to go.

As mentioned, the cloud has a lot of advantages over more traditional data backup strategies. Don’t forget to practice the 3-2-1 rule of data backup, and don’t forget to check your data backup service regularly to ensure it is working.

Failure to develop, implement and test a disaster recovery plan can have serious consequences.

Backing up your data is not enough. Without a disaster recovery plan, you’re still likely to experience a ton of confusion and lost productivity due to downtime after a data loss or disaster incident. Develop an extensive plan, and do your best to cover all the bases. Keep in mind this needs to be a living plan, and will require periodic updates.

Put your plan to the test through both simulations and live testing, and try to make it fail in order to shore up vulnerabilities and weak points. Make sure to dial in both your human and technology responses before disaster strikes. Also, plan for multiple different scenarios so that you understand the unique challenges of each.

Keep up with ongoing threats and growth-driven issues

As your company grows and changes, you need to evolve your strategy for disaster recovery to keep up. Not to mention that as threats evolve you need to evolve your defenses. This may seem overwhelming, but it doesn’t have to be. We recommend one more thing most of all …

Engage a qualified MSP to maximize your response and minimize downtime.

The best way to protect your business from disaster is to seek out a professional assistance. That means seeking out and partnering with a qualified managed service provider with plenty of experience dealing with disaster recovery planning and data backup strategies. The right MSP will have multiple solutions that you can engage to keep your business safe from disaster while minimizing downtime in the event a disaster takes place.

Disaster recovery planning is a complex business. And while the only way to gain direct experience is to go through a data loss or disaster event, you can instead simply partner with professionals who already have the experience to guide you through the planning and execution stages of disaster recovery. It literally could be a life or death issue for your company. Why not prepare your business for a more secure future?

 

Managed Services: Your ticket to a growing and productive business

Running a business is no easy feat. Succeeding involves overseeing many initiatives and facing many challenges on many fronts. In short: you have a lot going on. When it comes to the overall health of your business, managing your IT network should never be the straw that broke the camel’s back. Unfortunately, that’s exactly how it can feel for a lot of business owners and employees. Managing your IT network is a full-time job (sometimes many) and you already have a full-time job. In this eBook, we will illuminate the many reasons for foregoing self-management of your IT network in favor of partnering with a managed services provider to meet your technology goals.

There’s a lot for you to manage. Try managed services.

Surgeons perform surgery, accountants handle our taxes, and pediatricians take care of our children. No matter what kind of business you have, chances are that you’d rather focus on your actual business than the intricacies of running a modern IT network. So, who do you turn to when it comes to properly running your network? That would be a managed services provider (MSP). A managed services provider is any company that performs a contract service associated with your network or your infrastructure. While the specific services offered will vary from provider to provider, there are a few that we believe are most valuable, including:

Cybersecurity

Cybersecurity

One of the most essential managed services offerings is a full-scale and, most importantly, ongoing cybersecurity plan. The best cybersecurity solutions will address all the modern threats to your network, including cyberattacks, insider threats, and user error, as well as helping you keep up with the frequent changes and advances in network technology and malware.

Backup

Backup

In the USA, approximately 140,000 hard drives fail every week. If your personal computer or main server stopped working today, how much of your data would survive? If your machine crashes, or if you are hit by a cyberattack that compromises your data, you want to make sure that everything you’ve worked on can be retrieved from a secure location. To do this, make sure to speak with your MSP about a data backup plan.

Disaster Recovery

Disaster Recovery

If disaster strikes, you need to have a plan in place to not only survive but continue to thrive. A recent example is the onslaught of hurricanes that impacted the Gulf Coast in 2017. Many businesses went under because they were unprepared to continue business in the face of a natural disaster. A disaster recovery plan is something you and your MSP design together to function as a guide for recovering your data and network systems to continue working outside of your normal operations.

Helpdesk

Helpdesk

No matter how reliably or smoothly your network runs even in normal working conditions, issues will still pop up from time to time. Your employees can be more productive when they are able to quickly solve IT issues. For this reason, we suggest utilizing a 24/7/365 helpdesk. The helpdesk is particularly beneficial when you consider that many industries and key roles are becoming increasingly mobile, working extended office hours from a variety of devices and locations. Working with a dedicated helpdesk means you can benefit from a larger pool of expertise and assistance at any time.

Network Monitoring

Network Monitoring

The pinnacle of managed services for your business involves a hybrid of network monitoring and remote services. While the help desk ensures that your employees can quickly solve problems on their end, network monitoring provides a 24/7/365 overview of your network from the inside out. With network monitoring, technicians on your MSP’s team can not only maintain a real-time view of any possible intrusions, threats, or other network anomalies but also complete steps to mitigate and resolve issues as they arise.

Which managed services do you need?

The secret to choosing the right MSP for your business is in identifying the areas that need improvement and finding an MSP that provides a managed services package that fits those needs.

Guard your business with managed cybersecurity.

A cookie-cutter virus protection program just won’t suffice in a world where cybercrime is projected to cost $6 trillion annually by 2021. The attacks are coming. When they find your network, you want to be ready. $6,000,000,000,000,000 is an astronomical number and it can be hard to picture what that means to the average business. Let’s zoom in.

Cybersecurity is one of the most important services provided by MSPs. Rather than a one-size-fits-all approach, an experienced MSP’s approach to cybersecurity involves analyzing your strengths and weaknesses and maintaining complete and constant oversight of your network security. From creating best practices for your employees to implementing important software and maintaining patches and updates, your network is never safer than under the watchful eye of a managed services provider. The best cybersecurity solutions should address all types of threats. Here are the ones we find most common:

1. Sneak attacks

Your business should maintain a constant defense against cyberattacks. Modern cyberattacks are increasingly clever, relentless and evolving, and cybercriminals exercise an unprecedented lack of prejudice – they target anyone and everyone.

There’s sometimes no escaping the attacks, but there can still be preparation and fortification to minimize the effect. With so many types of sneaky cyberattacks, here are two you can recognize and avoid:

Phishing

You’ve probably had this happen before… You type in the URL for a website and the site opens but looks slightly different than the homepage you access most other days. The resulting page is asking not just for your username and password but also for other personal information like your credit card number or social security number to “verify your account.” If you’re a real quick-draw, you’ll wonder about the extra requests, check the URL and notice that you entered the wrong address. This cyberattack called phishing involves intruders pretending to be a trusted entity in an attempt to steal your personal information. They rely on their victims to be in a hurry, unobservant and willing to share far too much.

Malware

Downloading malware is as simple as opening an unknown attachment from an unfamiliar or questionable email. Something as simple as “You’ve won a free coffee, download certificate here” can turn anticipation and excitement into a compromised network. Malware can release unwanted code into your network, consuming your computer’s processing power and causing programs, or even the entire system, to crash. This is why we stress user education and training. It’s not enough to say never open an attachment from an email address you don’t recognize. Even a seemingly familiar sender can turn out to be a phony. Helping users become more vigilant is the key – including watching for suspiciously named attachments or URLs, plus emails using bad grammar, misspellings, incorrect personal references, or even incorrect information in the company footer or signoff.

2. Ransomware

Think of how this scenario would ruin your morning: You open your browser or desktop program and a message pops up: “Pay us $1,077 or we will delete the information on your computer/server.” $1,077 is the average amount of money lost per ransom attack. And these attacks are very common.

Avoiding ransomware is tricky. This type of malware can be delivered through emails, fake ads and malicious websites. It leaves behind code that blocks user access to the machine and demands payment to restore control and release data. Besides training your team to recognize the risky situations, extra tools can help with filtering and monitoring network and email traffic and unsafe URLs. It’s critical to remain aware of new and more convincing approaches emerging all the time. Ask your MSP to detail a plan for analyzing and safeguarding your network against cyberattack vulnerabilities.

3. Insider threats

You might be asking, “Where do all of these attacks come from?” Well, some are from malicious outsiders seeking to cause financial harm to your business and make an easy buck. Others are from within your own ranks.

Of that number, three-quarters were intentional and only one-quarter were accidental – meaning 45% of all cyberattacks are perpetrated by malicious employees. Your MSP should be able to work with your team to minimize insider threats with network checks and balances that involve access control, device registration, network monitoring, and assigning roles and permissions only to valid individuals.

Why Cybersecurity as a managed service?

With attacks coming in more variety and greater frequency, cybersecurity as a managed service is more important than ever for protecting your mission-critical business network. Partnering with professionals ensures your team gets the consistent, comprehensive and expert attention and protection to unify your cybersecurity efforts across channels, devices, users and systems.

Plan your backup to weather the unexpected storms.

With professional network monitoring and a solid cybersecurity plan that evolves with the times, your MSP will help you drastically reduce the chance of significant setbacks for your network. Even so, disasters do happen – and usually without much warning. The secret to surviving the unexpected or worst-case scenario is a backup and disaster recovery plan. A backup and disaster recovery (BDR) plan is a practical guide to maintaining the integrity of your network and restoring its operation in the face of critical failures. The ideal BDR plan will include a hybrid of preventative measures and practices that will secure and replicate your key systems and data, along with action points to focus on at the time of the disaster. Of course, your first questions might be, “Why bother? What are the chances that I will really need this?”

Data loss dangers

A recent industry report found that only 51% of business users back up their data to on-premises computers or external drives, and only 35% back up their data to the cloud. Almost a third of organizations surveyed don’t perform daily backups of their data. And worse, more than two-thirds don’t back up critical customer data. Ignoring the risk of data loss is dangerously negligent for business. A study by Verizon found that a small data breach where only 100 records are lost would most likely cost an organization between $18,120 and $35,730 – but as much as $555,660. Besides the potentially fatal financial loss for businesses, data loss creates a breach of trust that can also contribute to the loss of client relationships.

You get the point: Data loss is bad news. So, what causes data loss? Usually, data loss happens because of one of the following reasons:

Hardware failure

Computers aren’t built to last forever. They will all eventually break down. And that’s okay. As long as you don’t lose data when your computer shuffles off to the ethernet in the sky. Working to regularly copy your data to redundant physical servers, cloud servers will give you peace of mind that you can meet customer demands and regulatory standards like HIPAA standards.

Human error

If you haven’t had one of those “Did I just completely destroy my computer?” moments, consider yourself very fortunate.

Human error – a mistake as simple as spilling coffee on a server, clicking the wrong setting, or dropping a laptop down a flight of stairs (it happens!) – accounts for a massive amount of data loss. So, it pays to be prepared for the show to go on.

Natural disasters

Hurricanes, tornadoes, earthquakes, and related electrical storms, floods and fires, can all have a catastrophic impact on your business. If you don’t back up your data, you’ll lose more than just your physical property, you’ll lose vital customer information, operational files, and the ability to serve your customers. The truth is, data backup not only saves you from unwanted downtime, it keeps you running. Ultimately, you can think of BDR as a parachute. You wouldn’t jump out of a plane without making sure you have one, would you?

About Disaster Recovery

Once you have a plan to make sure all the right data is backed up for a rainy (or coffee-covered) day, you want to deal with the network operation issues surrounding a disaster. That’s when a disaster recovery plan becomes priceless. The recovery aspect of BDR will cover everything from the steps to relocating your network to accessing your data offsite backups to activating the services you will need from vendors supporting you in the continuation of IT operations. To survive and thrive after any disaster, you need to be able to get back to business as soon as possible. The disaster recovery plan will contain delegation of key IT recovery functions, a mandatory checklist, and security protocols to guarantee your employee and customer data is safe. Just like data backup, your recovery plan will have to adhere to both your professional standards and industry standards. Make sure to trust an MSP that has knowledge of your industry.

Your helpdesk keeps your network healthy.

The ideal goal of managed services is to create a network that minimizes the occurrence of significant IT incidents. Since we’ve established that many IT incidents are due to user error, addressing user IT issues is critical to maintain a functional network for your business. So, the best reason for having a helpdesk is explained by Murphy’s Law: Anything that can go wrong will go wrong. And that’s okay. The important thing is to have procedures and experts in place to handle issues as they arise. Notice that the key words there are as they arise. Your business operates in real time. Which means every minute, hour and day that an issue isn’t resolved is just more time that your employees can’t complete their work. A helpdesk will take care of those issues on the spot. What types of user support can a helpdesk provide?

Weekend Access

Example 1:  Weekend access

Dr. Rivera is a general physician working from a secondary office over the weekend. While attempting to access patient records for an upcoming appointment, he notices that the network has locked out his laptop and he doesn’t have the correct network password. Solution:  Dr. Rivera contacts their 24/7/365 helpdesk and they are able to securely verify his identity and reset his password. His preparation is completed, and the appointment goes on as scheduled.

Bandwidth barriers

Example 2:  Bandwidth barriers

Kit Harlowe is home health provider. She is completing a regular patient visit with updates to their charts and treatment plan, when the internet speed suddenly slows to a crawl. Solution:  Kit contacts her managed helpdesk and they are able to walk her through the settings to run a network diagnostic. Through remote services, the helpdesk technician realizes she has downloaded a computer worm that’s sending an overflow of traffic to the network. They filter out the false traffic, which gets the network running faster and keeps Kit working.

In both examples, we address some of the most common reasons businesses choose to incorporate a helpdesk into their managed services

Flexible

Incidents and errors don’t clock in at 8 a.m. and leave at 5 p.m. They show up all the time, anytime, killing your team’s productivity. The only way to help your employees handle issues during their working hours is to have a knowledgeable team on hand.

Mobile-friendly

For many businesses, it has become imperative for employers to accommodate a workforce that has become both more mobile and more reliant on a variety of devices.

When your team is working on their own devices, they need someone who not only knows their network but has knowledge of these individual platforms.

Experienced and knowledgeable

When you have an entire helpdesk team working for you, you benefit from the combined knowledge of multiple technicians. Now consider all the other services we have spoken about. Who could possibly understand the intricacies of your network better than the team who builds them every day? Whether your team is facing normal issues in day-to-day operations or the more complicated incidents that crop up in the evolving mobile workplace, you can count on a helpdesk to provide superior and timely solutions.

We really enjoy chatting about ways to improve your network.

With expertise and experience in all of the above-managed services, RWA will work to build a custom solution that fits your specifics business needs. Contact us at your earliest convenience and we’ll share as much info about the above-managed services as you’d like.