The dangers of an incomplete disaster recovery plan

How deep does your disaster recovery plan go?

If there was a disaster, exactly how much could you really recover?  Disaster recovery is a concept that every business is familiar with, but most don’t fully understand how it works or even how much of your business is able to recover from a data disaster. There are many different ways to protect your business from data loss and almost every implementation is unique depending on the choices made by the disaster recovery team. The fact of the matter is that having a disaster recovery plan in no way protects you from all data-related disasters. In fact, depending on how your current plan is built, you might be surprised just how little is covered.

data_demoliton_for_recovery

Image from Live 5 News, Charleston, SC

Not All Disaster Recovery is Equal

Having a disaster recovery plan is like having building insurance: It is very unlikely that every possible disaster is truly prepared for. Just as your insurance only covers specific kinds of disasters like flood or theft, your disaster recovery plan is also designed only to protect you from disasters that have been anticipated and prepared for. And like insurance, this means that there is a practical amount of disaster recovery to prepare for and there will always be edge-cases in which a rare disaster could, theoretically, take you completely off-guard.

The question is just how effective your current disaster recovery plan is. How many types of disaster can it handle, and to what extent?

The Website-Only Backup

One of the most common types of disaster recovery plan only covers your business website. These plans are often offered by website development or hosting companies as a courtesy and because it’s easy for them to make backups if your site is already hosted on their servers.

A backup of your entire website is incredibly useful, especially if you have an archive of backups stored on the cloud. This ensures that no matter what happens to your website, from hackers to programming errors, you can always bring back the last working version. For a modern business with a powerful online presence, this kind of backup is vital. Combined with backups of the associated databases, common with the most modern CMSs like WordPress, can even allow you to re-establish your website from backup on a new host server should something happen to the original server itself. But by no means should a website and database backup be your only solution.

Active File Backups

Another partial backup solution is only to worry about your active or sensitive files. Many businesses that are not technically oriented consider only consider certain files to be worthy of a recovery plan. Your managers may think “What files can’t my team live without?”. While the files that fit this description are very important to back up, often what is considered is an incomplete picture of all the assets your teams really need to do their jobs.

The purpose of disaster recovery is to get your business back on its feet quickly, thumbing your nose at the hacker or electrical storm that might have taken you out of commission for weeks of infrastructure rebuilding. But only including key files and active projects in your disaster recovery plan is like saying that a single filing cabinet contains everything you need to run a business. Ask yourself this instead:

“How long did it take to set up the business network and workstations?”

“How long would it take to set them up again with only my key files backed up?”

In many cases, a disaster plan that only covers key files and active projects will still overlook irreplaceable assets like everyone’s company emails and historical documents that are not currently active. Restoring from an entire system loss using this kind of limited backup is very costly and time-consuming. The financial toll this takes on your business has been known to sink smaller companies, if the delays requires to implement recovery from a selective backup don’t tank the business on logistics alone.

Local Backups and Archives

It is increasingly unwise to handle your own disaster recovery plan locally. In days before the cloud, this was the most practical and, in fact, the only way to create much-needed backups. However, it is no longer the best solution because this puts your backups at the same amount of risk as your local system, effectively defeating the point of having backups in the first place.

When you store a backup for disaster recovery purposes, it must be stored on at least one physical server. Local backups are stored locally, meaning on servers your company owns that, likely, share an internal network with the rest of your business computers. Unfortunately, this means that any digital or physical threat that puts your network at risk can also wipe out your backups. A malware program that infects your network and corrupts files may also be able to corrupt your backups and a flood that destroys your computers will likely also take out your storage servers.

When it comes right down to it, the majority of home-made disaster recovery plans are going to be incomplete simply because a comprehensive plan requires, not just intuition, but advanced backup software and incredible thoroughness. Not to mention a lot of cloud storage. There is a way to make your entire business data infrastructure completely disaster proof, but it will take time, dedication, and the help of experienced disaster recovery experts. If you’d like more information on improving your business’s disaster recovery plan, contact us today!

Connect, Transform, GrowYour biweekly cybersecurity briefing

Tackling cybersecurity can be overwhelming. But don't worry — we'll let you in on all the industry secrets to help you protect and secure your company like a pro.