Businesses in Arizona have at least one major advantage over peers in other states: we don’t have to deal with extreme weather events, like hurricanes or tornadoes. But this benefit is a double-edged sword because it cultivates a false sense of invincibility. Business owners perceive disaster recovery plans as unnecessary because we don’t have weather-caused disasters.
Okay, so a hurricane won’t flood your office, but that doesn’t mean you’re in the clear. We’ve mentioned before how a valve burst and soaked a client’s server room. Their office is on the 7th floor.
1. It’s Time to Broaden Your Definition of ‘Disaster’
Instead of thinking of disaster as biblical-scale floods or cataclysmic cyclones, view a “disaster” as any event that would significantly disrupt your day or shut down a critical system.
$8-dollar power strip causes system to go offline
One of our clients is an assisted living facility and one weekend, the life call system residents use in emergency situations went down in 3 buildings. We checked the systems and examined the physical buildings and hardware. Eventually, we discovered a power strip tucked away in a closet. It had given out. All we needed to do was plug the device into the wall to restore power and the life call system.
2. What Will a Disaster with Significant Downtime Cost you?
Downtime freezes your workforce and can cost thousands or tens of thousands of dollars per hour. Hoping a major outage doesn’t happen is a costly gamble. Mitigate the threat by investing in a backup solution, spread out over several years. An IT risk assessment is a good starting point because it helps you understand the likelihood of outages and the potential impact to your organization. You’ll evaluate each system, see how downtime would affect your organization and determine which risks you accept.
3. Ensure Business Continuity – Calculate RPO and RTO for Each System
Once you know the risks you will and won’t accept, you can set your Recovery Point Objective (RPO) and Recovery Time Objective (RTO).
You determine RPO (Recovery Point Objective) by looking at the time between backups and the potential amount of data that could be lost during that period.
Another important IT goal involves setting an RTO. Your Recovery Time Objective is the amount of time you need to recover your IT and business activities after a disaster like a data breach or hack.
Don’t set one RPO and RTO for your organization. Every piece of equipment and its dependencies need to be taken into consideration. Which are critical? Are there functions you can live without for a day? Talk through the risk assessment results with your provider to set individual RPOs and RTOs.
4. Backup Security is Paramount
Your backup is probably your go-to plan in case you’re hacked. Cybercriminals know this and target your backup before encrypting your data. This leaves you with no options, other than paying the ransom. Which really isn’t ideal, especially since the cybercriminal isn’t obligated to actually release your data. Put protections in place to wall-off your backups from the rest of the world so cybercriminals can’t access your data.
5. Perform Surprise and Scheduled Tests on Your MSP
Our clients want to know their backups work, and we tell them to give us surprise tests. Here’s how to do it. Call your MSP and give them the name of 10 random files on your system and ask the MSP to prove each can be restored. Or say you’re going to shut off your server today, and you want the provider to prove it can be virtualized like they promise.
The other step we take with clients is to periodically test their backup solutions. Normally this happens over the weekend. We go in on a Saturday, shut down the servers and virtualize them in the cloud. A few members of our client’s team then check if they can still access everything they need to work.
Let us help you
We help Arizona businesses right-size their backup and disaster recovery plans, tailoring solutions based on their budget, how much risk they’re willing to accept and which systems are critical. We’ll work with you to document the plan that’s right for your business. Call us today or send a message online.