21 Tips for Successful IT Disaster Recovery Planning Part 2

Information technology plays an integral part in every aspect of a company and is crucial in the successful running of a business. Access to data is a must and therefore it is vital to have an effective and well-planned data recovery system that will ensure continued access to data in case of disaster.

While local statistics are hard to come by, a US-based research group found that almost 60% of North American companies do not have a disaster recovery solution in place. Considering that additional research showed that 50% of companies that lose their data due to disasters go out of business within a year and that 93% of businesses closed their doors within five years, the importance of a disaster recovery plan becomes crystal clear.

Planning for disaster might seem a hefty task, so we have compiled a three-piece article on how best to plan for disaster according to your business’ unique needs. This is Part 2.

8. Regularly test the disaster recovery plan
The latest research shows that almost 90% of companies test their disaster recovery plans or systems only once a year, if at all. In the event of a disaster, these companies are left at the mercy of the theoretical success of their disaster recovery plans – which is simply not good enough. In fact, it might be better not to have a test at all. Technology is ever-developing so that alone requires regular testing. Testing should take place twice or more per year under realistic circumstances, while simulating conditions similar to that of a striking disaster. This will also prepare employees better and make sure that new faces to the company are quickly introduced to these valuable protocols.

9. Do not neglect off-site backups and storage
Most disasters will make access to on-site back-ups difficult if not impossible. This would include fires, rain and flood damage, storms, tornadoes and acts of terrorism. Having a backup storage site that is not in close vicinity to the company’s offices becomes vital, as this will be the only data left or accessible for a while. To determine how often backups need to be taken or sent to this site, you need to establish the company’s recovery point objective – the time between the last backup and when a potential disaster or disruption may occur. Typically, backups should be done once a day (usually overnight), but some companies might need continuous data protection. It is highly advisable to use the cloud as at least one of your disaster recovery plan’s backup storage sites.

10. Make sure BYODs are also backed up
Although employees are usually required to work on their home drives when connected to the company’s server, many do not and work on their desktops if they are using mobile devices such as laptops and tablets – i.e. “bring your own device” or BYOD. This implies that their work is not part of the daily backup of the server, and might be lost in case of theft or human error. Implement a system whereby employees routinely back up their laptops and tables. While these files might specifically be kept of their desktops for privacy reasons, it is better to put encryptions procedures in place and have a strict IT privacy policy in place (especially for the IT technicians) to protect data. Remember that once data is gone, it is gone forever. The best option to prevent such losses is by using an automatic desktop and laptop protection and recovery solution as part of your disaster recovery plan.

11. Redundancy is good
Have redundant servers for all critical data on your on-site and off-site locations. These provide an alternative way to access essential components of the disaster recovery plan. Redundant servers at the off-site disaster recovery plan location can decrease the time to implement the disaster recovery plan and get back up and running significantly. You will need less time to download any backed up data, software programs and applications as it already has a secure source.

Consider the following to ensure you have the protection you need:

Planning: Recovery Point Objective (RPO) and Recovery Time Objective (RTO) – RPO is the maximum period tolerable in which data could be lost. RTO is the target time for resumption of IT activities after disaster occurs. These are two of the most important considerations for your disaster recovery plans.

12. Do data restoration tests
While it was used very effectively for many years, tape as a data backup system is outdated and ineffective. Disk to disk systems are a lot more effective and reliable, to name but a few benefits. Howsoever, you need to check the quality of data backups on a daily basis to make sure your backups are effective and that this vital part of your disaster recovery plan is working. You should also implement monthly tests to ensure that your backed up data can be restored in full and in exact quality, should the need arise. Inspect the quality and improve the system where necessary to ensure that your disaster recovery plan will run smoothly and your business recover timeously in case of disaster.

13. Implement theft recovery and remote data wiping solutions for mobile devices
With the accessibility and ease of use of today’s mobile technology, a large majority of the workforce uses mobile devices such as laptops, tablets and even smartphones to work from anywhere, at any time. The fact that the location of data is not limited to the physical site of the business means that information becomes more vulnerable to theft or loss. To make sure that your company’s valuable and sensitive data is protected, should a device on which this data was being worked on is stolen or is lost, you can install software programs that will recover this information as part of your disaster recovery plan and then remotely wipe it, so that the person in possession of the device has no access to any of t data stored on it.

14. Install regular virus pattern updates
Viruses and malware are extremely prevalent in today’s digital environment. It takes one unsuspecting employee to open a malware-carrying email to create havoc in your entire company’s machines. By installing regular virus pattern updates, you can protect your company’s data and systems as part of your disaster recovery plan. As a matter of fact, this may prevent disasters in the first case!

Having a disaster recovery plan in place is one of the first and foremost actions you should take as a business owner. As much as one would prefer to avoid thinking about disasters, once you have designed and implemented your disaster recovery plan, you can tend to your day-to-day business and to growing your business with peace of mind knowing that, should the worst happen, you won’t be caught off-guard. Keep an eye out for next month’s article on disaster recovery planning, which will conclude our advice on how to plan, implement and promote a disaster recovery plan in your business.