The recent pandemic is a warning bell for every business. Those who have been living on the edge without a detailed disaster recovery plan struggled to adapt to the unexpected normality where almost all employees have to work remotely.
Sure, a global health crisis is not something the corporate world has to face every day, but cyber thieves, frauds, fires, or power outages are.
Surprisingly, 75 per cent of small businesses1 do not have a disaster recovery plan in place. 93 per cent of companies that suffer data loss and downtime for 10 or more days will eventually file for bankruptcy within just 12 months.
Is your business prepared to lose in this battle? What is your drill?
What is a disaster recovery plan? And why is it crucial in the light of the recent pandemic?
A disaster recovery plan is a strategy set out to help an organisation quickly resume its operation after an unexpected event. A disaster recovery plan is well documented, structured, and regularly reviewed to maintain its viability.
A disaster recovery plan typically applies to departments that rely on a functioning IT infrastructure and aims at recovering data loss and system dysfunctionalities.
Besides ensuring businesses can operate with minimal interruptions by preparing adequate resources to combat future catastrophes, a disaster recovery plan also helps to:
- Lessen damages and financial impacts as a result of the disruption
- Train employees about safety procedures in case of an emergency
- Describe operational alternatives well in advance
- Ensure a smooth and rapid restoration process
It is reported that the number of cyber-attacks surges during crises. And during the recent coronavirus pandemic, WHO claimed the number of attacks directed at its staff increased fivefold2, and the number of attacks against banks has surpassed the 238%3 mark.
During severe natural disasters, there is no guarantee that vendor support can get to the affected sites on time. The lack of human resources and even equipment replacements to repair and maintain the damaged infrastructure can be catastrophic.
Human errors or natural adversities can quickly shut down the entire corporation, leaving it defenceless for hours or even weeks. Thus, businesses that invest in detailed disaster recovery and a business continuity plan can survive and resume their normal operation post disasters much faster.
Disaster recovery vs backups
The term "backup" is pretty much self-explanatory; it is the process of storing copies of your data. Many of us often confused that disaster recovery means data backups. Businesses can't recover without backup files, but they can certainly backup data without having any disaster recovery plan in place.
Mistakenly deleting data happens all the time. In that instance, to restore the lost data, businesses need to have an environment – a virtual storage space where all versions of data reside.
This is where disaster recovery comes in. In short, disaster recovery is a more complex process in which the organisation replicates the entire IT environment (data, systems, networks, and applications) and establishes processes to enable them to restore functionality and data from this replicated environment to the primary one.
The ultimate goal of both processes is to ensure businesses never lose valuable information.
Disaster recovery vs business continuity plan
Disaster recovery is an integral part of a business continuity plan, which also is a documented strategy complete with critical information detailing which systems and processes must be sustained and how to maintain them in case of an unplanned disruption.
A business continuity plan is extremely critical in a time of crisis, particularly during this ongoing pandemic. It is a must-have to ensure a company can identify potential weaknesses and threats and necessary steps to mitigate those risks to avoid low customer satisfaction due to downtime. In other words, having a detailed business continuity plan enables businesses to be proactive.
Types of disaster recovery plan
Disaster recovery plans depend largely on the business' current IT infrastructure. Typical plans include:
1. Virtualised disaster recovery plan
A cost-effective option for businesses that do not have the budget to set up a physical restoring facility. Virtualisation is the process of creating virtual copies of operating systems, servers, storage depositories, or network resources. In a virtualised environment, the restoration of applications is done through virtual machine instances, which can be created within minutes.
2. Network disaster recovery
Network failures can put a toll on the business' applications and the entire IT infrastructure. To ensure businesses always have reliable connectivity, a network disaster recovery plan should include a step-by-step procedure on who to contact, how to replace equipment, what actions to take to restore the network.
3. Cloud disaster recovery plan
Cloud disaster recovery is a combination of strategies and services aimed at backing up data or applications via the public cloud or cloud providers. This is also a more cost-effective option. However, businesses need to consider factors such as bandwidth, cloud storage costs, the location of physical and virtual servers, security and compliance before implementation.
4. Data centre disaster recovery plan
This option focuses on the physical data centre. The plan should detail procedures to identify, assess, resolve and mitigate risks that may harm the building location, HVAC systems, physical security, support personnel, and much more. The preparation of the plan requires input from the IT department, facility manager as well as security experts.
Regardless of the type of disaster recovery plans your business chooses to implement, it should start at the business level and focus on mission-critical applications, data as well as systems. The plan should also contain an estimated amount of downtime the organisation is allowed to experience, calculated in hours, minutes, or even seconds.
How a disaster recovery plan can be used to safeguard financial data
Financial data is one of the most valuable assets organisations own. Highly sensitive data is the treasure troves for cybercriminals. When your business possesses a fair amount of financial data, attacks are inevitable.
Imagine if your systems are down by just a couple of hours, attackers can leverage the opportunity to sneak in and wipe down both your employee and client's data. What if your client base spans across the globe? The consequences will be disastrous, which can result in not only economic losses.
Without a proper recovery plan and in time responses, the breach in security can make clients lose trust in you and your services. They would subsequently take their business somewhere else safer, stakeholders would withdraw investments, or the disruption would spread to other businesses within the industry.
All in all, businesses cannot wait until the last minute to implement a disaster recovery and business continuity plan. Only when businesses can prepare to face the worst can they be confident in serving the present.
At TRG, we solve business problems, take a consultative approach to every client engagement, and find actionable solutions that will help your organisation achieve the best business outcomes. Talk to us and explore the various Digital Advisory services we have in store for you today!
1. Veritis, "Disaster Recovery 2019 Statistics – Insights That Shape Your Business Future", Veritis, June 23, 2019, https://www.veritis.com/blog/disaster-recovery-2019-statistics-insights-that-shape-your-business-future/
2. WHO, "WHO reports fivefold increase in cyber attacks, urges vigilance", WHO, April 23, 2020 https://www.who.int/news-room/detail/23-04-2020-who-reports-fivefold-increase-in-cyber-attacks-urges-vigilance
3. Osborne, Charlie, "COVID-19 blamed for 238% surge in cyberattacks against banks", ZDNet, May 14, 2020, https://www.zdnet.com/article/covid-19-blamed-for-238-surge-in-cyberattacks-against-banks/