In today’s world, data is currency. It is one of the most valuable resources and therefore one of the most precious targets in the eyes of cyber criminals. Cybercrime is a billion dollar industry where hackers will go to great lengths to acquire your data to use it, sell it, ransom it or simply to cause serious damage to your company.
Implementing a backup and disaster recovery plan is, without question, one of the most important tasks a business should undertake. But, where to begin?
In this article, we provide a small business guide to backup and recovery that will help in the process of developing a strategy to protect your data, and your business.
What is data backup and recovery?
Data backup and recovery refers to the process of creating and storing copies of data as “backups” in the event of a data loss, system crash or breach and the subsequent retrieval and restoring of these data files, after the event.
Though these are two separate concepts, they both work hand in hand and should be a part of any disaster recovery plan. Data backup provides the ability to recover valuable data, while the recovery provides the ability to restore it.
Why is having a backup and recovery strategy so important?
Regardless of the size of a business, having a backup and recovery strategy is vital. Many businesses wrongly think that just because they are small, they are safe. It is often the case, however, that smaller businesses become even more of a target as hackers will assume they do not have adequate protections in place.
Also, it is important to realise that not all data threats come from hackers directly. Last year it was reported that a shocking 95% of all cybersecurity breaches were caused by human error. And data loss can also happen as a result of a natural disaster or catastrophic event which could damage company property and servers.
In 2020, it was reported that a shocking 95% of all cybersecurity breaches were caused by human error.
However it occurs, any data loss has the potential to severely damage and in some cases destroy a business. First off, you have the inevitable down-time that will occur as a result of inaccessible data. And anything that interrupts operations and prevents business continuity, affects that businesses ability to make money.
Secondly, there is the perhaps even greater risk of reputation. If customers realise that not only is the business unable to fulfil their needs for the duration of the downtime, but that they have also failed to adequately protect and manage their data, then there may be a sharp downturn of sales in the future.
For all of these reasons, having an effective backup plan and an effective recovery strategy is crucial to a business.
Steps to creating a good backup and recovery plan
Step 1 – Assess your needs
It’s impossible to plan without first assessing what is actually needed. In this step, a series of questions must be asked. For example, what are the data risks? (ie. has the company experienced a data breach or loss previously? Who exactly has access to the data currently? Are employees trained on data protection and security? Is there any risk of physical damage due to weather related events or similar?).
But the biggest question, perhaps, is what data needs to be protected? A quick clue is, everything! If data is being stored at all then a safe bet is that it is valuable, at least to some degree. Getting specific, however, it is important to ensure that the most important data is backed-up first as this will be what will be recovered first, after a breach or loss, to allow business operations to continue.
Step 2 – Evaluate your options
Once needs have been assessed, the next step would be to look at what options are out there that may be suitable to meet these needs. An important thing to note here, is that there is no “one size fits all” model. With a variety of options such as hardware solutions, software solutions, cloud services or hybrid options, what works for one company could be entirely different from what works for another.
To help decide which option is most suitable, most businesses look at two metrics – RTO and RPO:
Recovery Time Objective (RTO) refers to the maximum amount of time after an event that’s acceptable to recover the lost data.
Recovery Point Objective (RPO) is the maximum file age of the data that would be needed to be recovered in order to resume business operations.
These will help evaluate which option provides the closest solution for these needs.
Step 3 – Set a budget
Again, the assessment and evaluation of needs and options will help to determine what budget is necessary. As with anything, some solutions are more expensive than others. It may be found that a simple less expensive solution fits the needs of the business perfectly or it could be the case that a more complex solution is required which will inevitably cost more.
When making a decision on budget, it is not just a question of “what do we have to spend now?” Consideration must also be given to “what might we have to spend later?”. This is to imply that, should a company opt for a cheaper, less suitable option simply to save a few quid now, could mean that down the line they may be spending a lot more should that less expensive model fail to do its job.
Step 4 – Select platform and provider
Based on the above, now it is time to choose the platform and provider. Though some businesses opt for just one backup option, others choose to have multiple backup and recovery solutions in place to ensure they are covered.
While again, this is going to be dependent on the individual business, a good general rule of thumb is to obey the “3,2,1 Rule”. This rule states that a company should at all times keep at least three copies of their data, and store two backup copies on different storage media, with one of them located offsite – 3,2,1.
The “3,2,1 Rule” states that a company should keep at least three copies of their data, and store two backup copies on different storage media, with one of them located offsite – 3,2,1.
This rule is a best practice recommended by information security specialists and gives added protection and peace of mind for businesses. Most good providers discuss this during the consultation stage and can advise on how best to proceed with such a model.
Step 5 – Create a timetable
Though the service provider will develop and supply a plan and timeframe for implementation, it is always a good idea to create one specifically for the internal team so that they are aware of their role, the expectations and any changes as a result of the new backup and recovery plan.
Questions such as, what needs to be done before work begins? What are the best times for installation to occur to avoid any disruption to operations? Making everyone aware of the plan will aid a smooth implementation phase.
Step 6 – Create the recovery plan
Once the data backup and recovery solution has been installed, the next step is to create a recovery plan should the worst happen. Again, everyone should know what is expected of them and how to react in such an instance. Team training and the circulation of policies and procedures is crucial to this. The service provider can assist you at this stage also to ensure the correct information is being relayed.
The recovery stage will be the most crucial as this is what will help or hinder the business in getting back up and running. As mentioned earlier, the longer the downtime, the longer the business is not making money.
Step 7 – Test the plan
This is the final step and an extremely important one. There is no point in implementing a data backup and recovery strategy without testing regularly to ensure it works. Scheduling regular disaster recovery tests should become a standard operation procedure and part of the business continuity plan.
Items to test would be to check if the backup has been successful and is following the backup frequency set. Determine whether or not the data is in its latest format. Time the recovery process and note down issues that arose, if any. And be sure to test that all employees have carried out any responsibilities according to the policies and procedures outlined.
Conclusion
As stated at the beginning of this article, size simply does not come into it. Data is a part of every business and it is the responsibility of each business to protect it. Having a backup and recovery plan is not a luxury or an optional extra, it is simply an absolute necessity in today’s data driven world.
If the idea of implementing a backup and recovery plan seems daunting, save yourself the worry and get in touch. Here at Calnet IT Solutions, we provide top quality backup solutions that are fully managed and monitored, ensuring that your data can be rapidly recovered should any issue arise.
Call our team today on +353 (0)1 8183272 or email us at info@calnet.ie for a quote.