‘Perfect security is impossible, failing to try is unacceptable.’
We heard this phrase recently and it struck a chord. It is unacceptable to not try and put the precautions in place to protect our organisations and our data. Yet we do agree that it is impossible to achieve perfect security. We will never be able to put all the precautions in place to protect our organisations against every possible attack because we don’t know every threat that is out there. New forms of malware and viruses are being developed every day and it’s like fighting in the dark. You can’t defend yourself if you can’t see where the attack is coming from. We can’t develop the defenses fast enough to protect ourselves, and therefore we need disaster recovery.
What does Disaster Recovery mean?
Disaster Recovery is what you do when everything else has failed. When that new strain of ransomware has got past your Firewall and all your other defenses and held your data to ransom. Disaster Recovery is the plan and processes you have in place to reduce downtime and get your business back up and running as soon as possible. The longer you are experiencing downtime, the more money your business is losing. In a nutshell, Disaster Recovery is exactly what it says on the tin: recovery from a disaster. That disaster doesn’t have to be cybercrime either, it could be fire, flood or hardware failure. Disaster Recovery is where you take steps to get your technology working so that you can carry on and do what you do best without disruption.
The best example we can give of Disaster Recovery is an insurance policy. Imagine your house. You install a burglar alarm, you make sure all exterior doors have a lock and key and you put a fence around your perimeter. It’s the same as putting Anti-Virus on your network, using passwords and having a Firewall. You are putting those precautions in place to reduce the level of risk to your property. You then have a house insurance policy just in case someone manages to get through those defences you put in place. Your Disaster Recovery works in the same way. It is your insurance policy if something goes wrong. A house insurance policy will give you the money to replace the items lost, a Disaster Recovery plan will give you the means to recover the data you have lost.
What is in a good Disaster Recovery plan?
The first part of any good Disaster Recovery plan is taking a backup of your data. When making backups you need to think about how much data you are willing to lose. Is it a day’s worth? Or an hour? You then have to put incremental backups in place every 24 hours or every hour dependent upon how far you wish to backup. You should set recovery time and recovery point objective so that you know how far back you wish to be able to recovery and how quickly.
You also need to make sure that the backup has worked. We always recommend that you test your backup and disaster recovery solution so that you know it will work when you finally need it. If you have never tested it until that point how can you be confident that it will restore your business when you need it to?
You also need to think about how quickly you want to recover. When taking a backup, you can either do a file level or image level backup. The best way to describe this is when you backup your iPhone. Do you make sure you have backed up all your files and music on a hard drive somewhere so you can easily pull them back on to your phone if you need to? Or do you backup your phone to iCloud and restore a copy of your entire phone? This is the difference between file and image back up. File backup is a copy of the files to be restored, image is essentially a photocopy of your device that can be downloaded to another if needed. We always recommend image backup if you want to reduce your downtime as much as possible.
It’s always good to be able to keep your backup off-site in case there is something like a fire or flood. It’s also the best way of ensuring that your backup remains uninfected if you do experience something like a ransomware attack.
Making sure that you have a good Disaster Recovery plan in place is a must for any business concerned about cyber security. While it is important to ensure that precautions are in place to mitigate the risk of an attack, it is equally as essential to ensure that you have a backup plan, quite literally, if something was to go wrong.