Commonly Made Disaster Recovery Planning Mistakes

A research by the University of Texas shows that only 6% of businesses that suffer catastrophic data loss survive. 43% of them never open again and 51% don’t survive longer than 2 years.

This data alone shows the importance of disaster recovery planning. But having a plan in place isn’t sufficient. Having a plan that enables quick and effective recovery especially of business-critical data is the key. And the key to having the right plan in place is ensuring that you avoid making these 7 most common errors made during disaster recovery planning!

High Availability is not Disaster Recovery

High availability is one of the alternatives in the spectrum that enable recovery from a disaster.
Disaster recovery (DR) in simple terms is the process an organisation has in place to ensure that all business-critical functions dependent on IT are back online at the earliest, in a situation where the main functions are down. A disaster recovery plan is put in place to mitigate the impact loss of data, software or hardware capabilities within an organisation. Disaster recovery takes into account multiple failures at a data center. DR also takes into consideration multiple locations (alternate geographic locations and not just system and data center redundancy) and people & processes needed to enable recovery as opposed to the technology.

High availability is the ability of an application to draw on additional resources and support when a component within a single application fails. While this is a great capability for an application to have in a situation where DR procedures need to be initiated, it alone cannot enable disaster recovery.

Not all your data needs a backup every time

About 40% to 70% of data generated by an organization does not change with time. Every organisation has a set of non-changing important data that needs to be moved out of production storage and on to an archive platform. On an average only 30% of an organisations business-critical data changes on a day to day basis and needs regular replication and backup. The most common of errors made with backing up of data is not taking into account this factor. Organisations schedule periodic data backup procedures but they replicate their entire data make up. This eats up resources during the replication, storage and transfer.

What about your data that isn’t centrally stored?

Are you taking into account business-critical data that is being generated at other branch offices?
Every branch generates data relevant to customers in the area that is relevant to the business and can be considered critical if it is evolving/changing and impacts the businesses ability to deliver. The most common errors made when conducting data backups is the making the assumption that business critical data is invariably found only the headquarters; leaving out the data generated at the different branches. Your data backup schedules need to also include the data marked as critical at various branches. For this to happen however, it is essential that certain data is market as critical in line with business needs and outcomes irrespective of their location. Put together the criteria that makes information critical. Educate people on its criticality and the role they play in ensuring the back up of this data. DR is centered around technology but cannot be executed with the involvement of people.

How do you plan to overcome a ransomware attack?

Data security company SonicWall in a research found that $209 million (over £161 million) in ransoms was paid in the first quarter of 2016 only.
The same research indicated that there were 638 million ransomware attacks in the year 2016. Statistics indicate that a ransomware attack is no longer a matter of if but when. The question every organisation needs to ask themselves is, “Will paying the ransom be my only way to ensure that the business continues to function?” If the answer is yes, then DR needs to take high very high priority on your immediate action items list.

While jacking up your cybersecurity measures is a must, simultaneous action needs to be taken on building your DR process. What is the business-critical data and functions that the business cannot afford to have offline for long? Identify these sections. Bring your DR plans up to date. Make sure the it accommodates for;

  • Hardware
  • Software
  • Voice and data backup
  • Server space
  • People

Once the plan is in place, test frequently to ensure that the plan is still viable for the more recent and sophisticated ransomware attacks. Take into account the latest WannaCry attacks. It hit about 2,00,000 computers in 150 countries and the cost to business was estimated at a whopping $8 million.

Pull out your plans and analyze them again. Have you made any of these errors? Now is the time to make amends. Better now than when it is too late!