Disaster Recovery is important, especially to SMBs. The big guys can take an occasional hit—but smaller guys can’t afford the loss

The tangible costs of a downtime-inducing disaster are real, and for some, they’re devastating. A recent survey of IT professionals
produced some sobering expectations:

Two-thirds (67 percent) say their business losses would exceed $20,000. On the higher end of the scale, 27 percent say that downtime would cost more than $100,000 per event. Those figures consider only the measurable losses, though employee productivity would take a huge hit, along with the delivery of products and services, and damage to the reputation of the company.

A customer lost, whatever the reason, is a customer that’s likely lost forever. When disaster strikes, it’s always unexpected. The businesses that survive are the ones that are best able to weather the storms. And that’s why disaster recovery should be top of mind for any business. It’s simply not a case where “better late than never” applies.

Step 1: Identify

Inventory all of your company’s IT assets and map the location for each one. Remember to check for and list dependencies as you go. Identify which IT-related business processes are critical to staying operational, as you’ll need to consider those first when forming your strategy.

Be sure not to rush this step—the rest of the planning process depends on it. Each of the crucial business processes you identify in step one will be assigned recovery time objectives (RTOs) and recovery point objectives (RPOs) in step two.

Step 2: Assess

After identifying the IT business processes in step one (e.g., email or billing systems), assign each one to a tier. Tier 1 includes mission-critical applications and systems that provide the most value. The processes in Tier 2 would be of mid-level importance, and Tier 3 would follow, with the lowest priorities.

Next, label the items in each tier with the appropriate recovery point objective (RPO) and recovery time objective (RTO). Estimate the real cost of downtime for each of your processes and systems. This will help you prioritize, and should help you get buy-in on a disaster recovery solution from company management. Identify internal SLAs as well as customer/supplier SLAs, and document the costs of not meeting those agreements. Or, if your ERP system were down, how much would that cost in 15-minute intervals?

Step 3: Customize

Decide the order in which certain business operations will be restored in the event of an interruption—based on dependencies,
tiers, and the RPOs/RTOs we’ve already discussed. Step three is one of the more difficult and time-consuming parts of the process. But you need a defined plan that can be followed (to the letter) to ensure the continuity of your critical systems after disaster strikes. This means everything should be inventoried and mapped—gather floor plans, utility diagrams, system configurations, and every other relevant bit of information.

Your customized disaster recovery plan should consider the likelihood of various threats and how the response might be
different for each. Human error, for example, will require a far different recovery plan than would a flood or a fire. Procedures
should be laid out, as well as responsibilities for each stakeholder. Consider developing response teams, and then determining the
level of training required for each team member, so that everyone is prepared for whatever may come.

However your plan is customized, make sure you test it thoroughly. You don’t want to wait until after a disaster to discover your plan is missing a critical piece.

Step 4: Blend

Supplement secure, cloud-based backup with on-premises backup for the most critical workloads. There’s no such thing
as a one-size-fits-all approach to disaster recovery—don’t trust anyone who suggests otherwise. Your organization’s needs are
unique, so it’s more than likely you’d be best served by a blended plan.

Cybriant offers Carbonite’s E2 hybrid backup solution—from the EVault line of products—which offers just this kind of approach. Secure cloud backup is a must because your data is kept safe offsite, far from whatever physical disaster may occur on site. But onsite hardware like E2 can offer faster recovery capability in cases where the damage is more virtual than physical. Plus, E2 and services using similar equipment give you the extra benefit of redundant backup. You can’t be too careful when it comes to your DR plan.

Step 5: Repeat

Testing is a critical part of your disaster recovery strategy, but so is tweaking. Not just in the initial planning stages, either. As
your business and systems evolve over time, so will your disaster recovery needs. For companies of any significant size, conditions
and priorities are in a constant state of flux, and your DR strategy is only useful if it’s updated regularly to keep up with changes.
A recent survey of IT pros found that only 40 percent of companies test their DR plans annually. Shockingly, another 28 percent test their plans only rarely, if ever.

Find out more about Cybriant’s Recover solutions. 

 READ NEXT – Why You Must Have a SIEM

Cybriant is Atlanta's Fastest Growing Cybersecurity Company

Sign up to receive the latest cybersecurity updates, news, events