Fast Facts and Stats

Data is the backbone of any enterprise, and if lost, it can be detrimental to company operations. Despite this, many businesses don’t even have a Disaster Recovery (DR) plan in place. If you have yet to put together your plan, these recent statistics might make you hurry the process along.

  • 40% to 60% of small and medium-sized businesses (SMBs) never recover after a disaster (Source: US Federal Emergency Management Agency or FEMA).
  • Nine in ten data breach incidents are caused by employees’ mistakes or human error (Source: Stanford University-Tessian study).
  • 90% of businesses without a disaster recovery plan will fail after a disaster (Source: Touche Ross).
  • Downtime costs 80% of SMBs at least $20,000 per hour. For 20% of those SMBs, one hour of downtime can cost at least $100,000 (Source: Information Technology Intelligence Consulting or ITIC).
  • 70% of all successful attacks on computer networks are done by employees and insiders (Source: International Data Corporation or IDC).
  • On a more positive note, 96% of businesses WITH a disaster recovery solution in place fully recover operations (Source: PhoenixNap).

 

Don’t Be Another Disaster Recovery Statistic

Adaptability is critical to the success of every enterprise. As the chaotic turn of events over the past years has taught us, businesses that are prepared for every eventuality emerge stronger on the other side. Backing up and securing your data and systems and having the capability to remain operational in the face of a disaster are not optional—they are today’s standards.

Why is it essential to have a DR Plan? What goes into creating one? This blog post explains all you need to know by covering the different types of disasters and their impact on your organization. We’ll discuss pointers and best practices to help you map out an effective plan.

Why You Need a DR Plan

Natural, technological, and everyday disasters happen.

Fire, earthquake, hurricane, flood, pandemic, etc. These good old-fashioned acts of God (except for maybe the latter) can happen fast and without warning, leaving you no time to prepare. You might think that the probability of your office getting caught in a fire is almost nonexistent and that your financial resources are better off allocated elsewhere than investing in a DR solution. But think again… When a natural disaster occurs, organizations often scramble to recover systems and applications to maintain day-to-day operations. This frequently results in losses—partial or complete data loss, lost productivity and revenue, tarnished reputation, lost clients and other opportunities, and hefty fines and recovery expenses (if you recover at all).

Backing up your servers to tape can fail eight out of ten times due to technological disasters. Simply put, systems fail—no matter how well-engineered, software and hardware can crash and burn. If a server hosts that tape drive, you won’t even know it will fail until AFTER you get it up and running (however long that takes!). This also demonstrates that on-site backup may not always be the final protective cover for your business. You may want to consider multiple off-site or cloud data storage to ensure your data is protected even if your equipment is destroyed.

Fortunately, the instances of your systems crashing or, more so, your office getting caught in a fire or tornado do not happen that often. Unfortunately, your organization’s source of everyday disasters is the least manageable—your employees. One of your team members could click on a phishing email and give away their credentials as you read this blog. Another one could have accidentally spilled their coffee on their laptop this morning and didn’t act quickly to save their data from corruption. Yet another could have forgotten to shred a sensitive paper document or lost their mobile device months ago, and your important data is now in the hands of a criminal. These everyday disasters can be innumerable, and it would be ridiculous to have a simple mishap put your company out of business. Something that could have been prevented or fixed could potentially wreck your business without a sound DR plan.

 

Non-compliance is expensive.

Regulations are in place to help companies improve their information security strategy by providing guidelines based on their industry and the type of data they maintain. Take HIPAA, for example. HIPAA ensures the confidentiality of anything involving a client’s health records. Keep in mind that you don’t need to be a medical office to fall under the purview of HIPAA. All business personnel who have access to unencrypted electronic protected health information (ePHI) for technical support or administrative reasons are required to comply with HIPAA regulations.

Any breach that occurs during a time of vulnerability due to a natural disaster, cyber event, or human error could be penalized (substantially) if preparation could have prevented it. Therefore, it is in your company’s best interest to have a DR solution that delivers encryption, image-based backups, and offsite replication to the cloud.

Work with your Managed Service Provider (MSP) to put a plan in place or contact us, and we will help you get started. The most important thing an SMB can do is make multiple onsite and offsite backups. The key to preventing data loss i­­s stopping it before it happens. The following guidelines can be a good starting resource.

What to Consider in Your Plan

Disaster recovery planning involves strategizing, planning, deploying appropriate technology, and continuous testing and maintenance. Your MSP will help you with all these and maintain communications throughout the process.

 

  1. Identify as many potential disasters as possible and rank them according to the severity of their impact on your bottom line.

For various scenarios, including natural disasters, equipment failure, insider threats, sabotage, and employee errors, you’ll want to evaluate your risks and consider the overall impact on your business. This will allow you to identify the areas and functions of the company that are the most critical and enable you to determine how much downtime each of these vital functions could tolerate. With this information in hand, you can begin to create a plan for how the most critical operations could be maintained in various scenarios.

 

  1. Decide how much data and time you can and cannot afford to lose.

Your DR plan should not only curtail the amount of data your business would lose but also the time it takes to return to your everyday operations. This is the prioritizing part of the planning that involves recovery strategies. RPO and RTO must be clearly defined for your organization to face any eventuality effectively. It would be nearly impossible to come out of a downtime unscathed without them.

RPO or Recovery Point Objective. This is the maximum tolerable period in which data might be lost from an IT service going down after a failure. Having an awareness of how much data you can afford to lose to get back to business is a critical component of your DR plan.

RTO or Recovery Time Objective. This is the length of time your organization can experience downtime before the consequences become truly damaging. To plan for the worst, you need to have a sense of how quickly things need to be restored.

Setting RTO and RPO goals requires input from all departments to best assess your business needs. Clearly defining your RPO and RTO will help you understand how much to invest to meet those needs. 

 

  1. Partner with a reputable Managed Service Provider for a reliable data center and quick recovery.

Fixing the cause of disruption, counterintuitive as it may sound, should not be the goal of your DR plan. The focus of your plan is to ensure that your entire organization has backup resources that can be activated at a moment’s notice while you address the problem. This is where the expertise and resources of an MSP come into play.

A reputable MSP can offer Cloud Storage for your data to keep it safe and out of the office—away from potential in-office malware attacks and security breaches. The TNS Group provides a fully automated backup process monitored around the clock, enabling quick data recovery in the case of an eventuality. We will provide image-based backups where we will replicate your data at different secure locations, aiming for data restoration within hours, minutes, or even seconds. With this, you can make sure you don’t lose key customer details in a disaster, for instance, so you can start trading again as quickly as possible.

 

  1. Get everyone within your organization on board.

Involve everyone within your organization in the creation of your disaster recovery plan. You need everyone to collaborate cross-functionally to prepare your business fully. Take the time to talk through your DR plan with all your staff, and assign specific roles to specific people BEFORE you find yourself in an emergency. Test your plan as a team. This will give you the opportunity to find out and patch up any holes while also building your employees’ muscle memory to carry out the plan and power through when a real disaster hits.

When you know how to empower and involve your people, they become more invested in the success of your DR plan, are likely to continue on when things fall by the wayside, and are willing to take ownership of the results.

 

  1. Build systems and procedures around minimizing serious impacts where possible.

Once you have everyone on board and an understanding of your equipment and assets (as well as their vulnerabilities), it’s time to actually formulate your disaster recovery plan. To do this, you should take a look at your budget, resources, tools, and, most importantly, your trusted partners in this endeavor. When you understand how long it takes your business to get back online and the cost of doing so, you’ll have a good idea of how to move forward.

The two key considerations you need in your plan are:

  • To distribute pertinent data and applications across multiple cloud storage volumes and not rely on your own data center or hardware.
  • To partner with a trusted vendor or MSP that can do the heavy lifting while you focus on urgent priorities during an emergency. Rather than worrying about backup or access to applications, your energy should be spent sustaining your day-to-day operations.

 

Wrapping Up

Small and midsize businesses often take disaster recovery planning for granted. But without a reliable plan, you have little to no chance of bouncing back from the force of such disruptive events. You need to put strategies in place that will enable you to maintain business operations in the event your workplace, technology, employees, or other resources become unavailable.

You’ve worked so hard to get your business where it is. Protect your hard work! Contact The TNS Group today for more information and assistance. Visit this page to download a copy of our Disaster Recovery Plan infographic for your office.

Categories: Managed Service Provider, MSP Blogs, Solution Blogs