There are lots of myths surrounding disaster recovery policies, whether you need them and how good they need to be. Here, we’ll discuss some of the biggest misconceptions about disaster recovery.
DRP stands for disaster recovery plan, which refers to a set of protocols and procedures that should be used if something happens which causes loss of data or service downtime. Some features of a disaster recovery plan might include:
- Making a plan for what to do with critical hardware in case of a natural disaster
- Taking a detailed asset inventory
- Training staff on what to do if an incident occurs
- Implementing a data backup solution
What’s included depends on the data, hardware and facilities your business uses.
The aim of a DRP is to help a business recover from an incident as quickly and efficiently as possible. It seems like a no-brainer to implement one, but the fact is that more than 35% of businesses report that they have no disaster recovery plan in place.
"Disasters are unlikely to happen"
One reason why some companies believe they don’t need to implement a full disaster recovery plan is because they think that an incident is unlikely to happen, so it’s not worth the investment. However, ‘disaster’ can cover a huge range of problems which lead to data loss.
It’s easy to tell whether your business is likely to be affected by natural disasters – maps and statistics for flood levels and earthquake risk can be easily found online. But even if your office isn’t on the San Andreas Fault, something as simple as a power cut can also lead to data loss, and these occur quite often. If, for example, you’re in the process of transferring data, and power is dropped to both machines, any data that was in transit at the time could be lost or corrupted.
Another example of an often-overlooked issue is software updates. Software powers businesses at many different levels, and all of these components require updates every so often. However, if software is not properly prepared before an update it can cause service failure. Processes need to be paused to facilitate updates, and if the new version isn’t compatible with other pieces of the puzzle, it might need to be rolled back to get everything back up and running.
Human error and malicious attacks are two other common occurrences which can result in data loss. We’ve previously discussed the risk of ransomware attacks to small businesses, which shows that these man-made data losses are more frequent than you might believe.
"It costs too much"
There’s no denying that putting a disaster recovery plan in place can incur significant costs. The thought that ‘it’s not worth doing’ often comes up, and the price can be daunting – especially for a small business. But as discussed above, disaster can strike at any time, and it pays to be prepared. Ultimately, the potential costs incurred by being unprepared for a disaster can far outweigh the cost of establishing a solid disaster recovery plan. According to recent estimates, around 40% of businesses never reopen their doors after a disaster.
With this in mind, while the initial price can be high, it’s always worth having a disaster recovery plan to ensure the longevity of your business.
"It's an IT problem"
Another widespread myth is that disaster recovery is purely an IT responsibility, but this could not be further from the truth. While protection against cyber attacks relies on the IT department, other areas of a correctly-implemented DRP rely on many other areas. For instance, preventative measures against natural disasters need to be implemented by the facilities team.
All employees should undergo cybersecurity training to ensure they’re on the lookout for potential threats, and know how to evacuate their workplace in case of an emergency. Managers should be aware of what to do in each situation, including who to call, and what action to take (such as unplugging machines from a network in the case of a ransomware attack).
The recovery plan should also be tested as often as possible. 46% of SMBs have never tested their DRP, which means they would have no idea whether it worked properly until a disaster actually occurs – at which point many find that one or more areas have failed.
"Basic backups are enough"
Another misconception is that by simply acquiring any backup service, your disaster recovery plan is in place. While this is more effective than having no backups at all, just signing up for a basic solution will not provide the protection you may need in case of disaster. If data loss occurs, the best case scenario is that your most recent backup was from immediately before the incident. This is highly unlikely, but the more frequently you take backups, the more recent the restored data will be.
Therefore, it’s worth paying for a cloud-based solution which allows you to customise how often your backups are taken, and exactly what data they back up. This can also help you store your backups more efficiently.
For example, if you have some data which only changes once a month, you can set this to only be backed up each month, rather than unnecessarily making a new copy each day. On the other hand, if you have business-critical data which updates in real time, you could take a backup every ten minutes to ensure as little as possible is lost in the event of an outage or breach.
Our Cloud Backup product takes these needs into account, giving you full control over your backup schedule and contents. Stored off-site, you can keep your backups separate from your other infrastructure. Whether you want to back up a server machine, or just laptops for your employees, you can store your data safely in the cloud with Cloud Backup.