It’s inevitable that the computer hardware and software you rely on to run your business will fail you at some point. Whether you are protecting against a hard drive that randomly stops booting one day, a cyber-attacker hijacking your systems with malware, or a flood in your office renders your technology useless, it’s vital to be prepared.
You can’t prevent all these computer disasters. But what you can do is take steps to reduce the impact of such a disaster, and have a plan in place so you can recover quickly. This ensures that your business downtime is reduced, and the impact on your finances and reputation is minimal.
What’s the difference between backup and disaster recovery?
So what exactly are we talking about when we say backup and disaster recovery, or BDR? These terms are often bundled together, but they describe two different, but equally important aspects of planning for disaster.
Backups are a copy of your data, which you might store on physical media in your office or business location, or online in the cloud.
Most businesses will need to perform frequent backups – at least daily – to ensure that only a minimal amount of data is lost in the event of a technology failure or cyber attack.
There are many different types of backups you and should perform to protect yourself from different kinds of data losses and to make it as easy to recover your data as possible. For example, there should be a quick and easy way to recover an accidentally deleted file, without needing to restore your entire system.
Disaster recovery is an important planning process that covers all the steps your business will take to recover from a disaster such as hardware failure or data loss, and return to normal operations as quickly as possible.
Backing up your data is a part of disaster recovery, but you shouldn’t think you’re safe from disaster just because you’ve made backups. Have a think about what you’d do if a hacker took down your entire computer network tomorrow. How would you recover everything quickly so that you could get back up and running with minimal impact to your business?
Why you need a backup and disaster recovery plan
Data loss, even when it’s relatively small, can be devastating to businesses of all sizes.
IBM’s Cost of a Data Breach report estimates the average total cost of a data breach at $3.92 million, or $150 per record lost.
The report notes, “The type of breach, your industry, region, and organizational structure all factor into how long it takes to identify and ultimately contain a data breach,” and points out that these costs can be ongoing, lasting for years after the initial breach.
The costs associated with a data loss or breach are multi-fold. At the very least you’ll have to account for lost productivity and downtime while you’re restoring data and getting back up and running. In more severe scenarios, you may permanently lose valuable data and cripple your business, be forced to pay an extortionate “ransom” to get your data back or face catastrophic damage to your reputation. You may even face all of the above, plus the extra costs associated with fines and compensation payouts to your customers.
Technology is advancing all the time, but this doesn’t mean your data is any safer than it was 10 years ago. In fact, cybercrime is on the rise. Robert McCullen, writing for Forbes, makes the point that cyber attacks are becoming increasingly sophisticated, and more and more of these attacks involve targeted moves made by large criminal organizations, rather than random attacks carried out by an individual.
“Cybercrime is not going away any time soon. It is just too lucrative and, in many cases, easy to pull off.”
Increased use of computer applications and hardware has led to more vulnerabilities for these criminals to exploit, and low cost access to machines with high processing power has made it easier for them to breach any protections that are already in place. For most companies, it’s not a case of if your business will be targeted, but when.
The US government recommends that all businesses should implement an IT disaster recovery plan together with a business continuity plan, emphasizing that “The impact of data loss or corruption from hardware failure, human error, hacking or malware could be significant. A plan for data backup and restoration of electronic information is essential.”
What to include in your BDR plan
So, now that you understand the importance of developing a backup and disaster recovery plan, how do you get started with creating one?
First, you must consider the type of backup that’s most suitable for your business, data, and the way you work.
You have several choices here, including:
- A full backup (an entire backup of all the files and folders on a machine)
- Differential backup (backup of all changes since the last full backup)
- Incremental backup (backup of all changes since the last full or differential backup)
- Mirror backup (real-time backup of any changes to individual files)
- Local backup (backing up data to physical media on-site)
- Cloud backup (data is backed up and saved off-site in multiple locations, with high redundancy)
- Hybrid backup (a combination of local and cloud backup)
Each of these different types of backup has its own set of advantages and disadvantages. For example, mirror backup is convenient as it runs in the background in real-time, so you’ll know your backup is up-to-date. However, if you accidentally delete a file or it’s infected with a virus, the mirror backup will also be affected.
Most organizations find that a combination of different backup types in a hybrid model delivers the best combination of security, convenience, and cost-effectiveness.
As we’ve already mentioned, backup is only a small part of your BDR plan, so what else should it include?
- The critical components you need to run your business. This might include hardware, software, employees, and infrastructure. Once you’ve identified these components, you should plan how you can protect them and recover them as quickly as possible if disaster occurs.
- Resources you’ll need in the event of a disaster – a sort of “Plan B.” This might include computer systems at a second location that you can use if your main premises is affected, or the use of a managed IT service provider that can come in and get you back up and running again as soon as possible if you have any problems.
- A clear procedure to follow and named people with key responsibilities if a disaster occurs. These should cover all possible scenarios, so that, if anything happens, every employee in your company knows what to do and who to inform.
- Timescales for testing and review. Your business won’t stay the same forever, and neither should your BDR plan. You need to make sure you’re reviewing it on a regular basis to ensure it’s still fit for purpose. Testing is also essential to make sure your plan will actually work when you need it. A simple test or walkthrough of your plan with key employees can help to identify weak points and make improvements.
As you can see, there’s a lot that goes into developing a robust BDR plan. As it’s so critical to get right, many businesses choose to seek the advice of a third-party IT services provider. Managed service providers can act as your BDR partner, providing expert support at the time you need it most.