Eight questions to ask for effective backup and disaster recovery
With IT systems at risk from anything from cyber attacks to weather events and simple human error, it’s never been a better time to check that you have the right processes in place to protect them. Downtime and loss of data is damaging not only in financial terms but also to your organisation’s reputation if it ends up as front page news.
One of the most common cyber threats, ransomware, for example, is estimated to cost global enterprises $75 billion in loss of revenue and productivity. Technology failure can have a serious impact too – for instance more than 100 operations had to be cancelled by Leeds Teaching Hospital NHS Trust because of an outage last summer. An independent review partly blamed the incident on a “failure to check the completeness and integrity of backup processes”.
With no backup your organisation is left exposed to the potentially devastating effects that a cyber breach, human error or IT failure can have. And with no Disaster Recovery (DR) you can’t return your IT systems to the point in time that they failed.
Here are eight key questions that should be on your checklist to ensure your organisation is prepared:
1. Do you have documentation for your backup process in the event of a disaster?
Written instructions shared with your IT team but also other parts of the business are essential so that in the event of an emergency your recovery processes can take place quickly.
2. Are you backing up the right files?
Priority protection must be given to the business critical data that you cannot afford to lose. It is also important to monitor changes so new applications, processes and even people are included.
3. Can you login to your backups and are they encrypted?
Security of your data and IT systems must be paramount which means tight control over access.
4. Can you restore quickly?
By having a Recovery Time Objective (the duration of time your business can stand before the ‘disaster’ starts to impact on operations) and Recovery Point Objective (the point in time from which you can still restore a good useable copy of your data) you know when your business can get back to normal.
5. Do you test your backup and DR more than once a year?
Only with rigorous and consistent testing can you ensure your backup and DR strategies work and that they continue to align with your business requirements.
6. Can you connect securely and quickly to your backup in the event of an outage?
Fast and secure connectivity to your backup data means you can recover quickly.
7. Is your management team involved in your strategy?
A senior manager who sponsors what you are doing means there is more likelihood that finance to support the strategy will be forthcoming.
8. Does your backup strategy comply with industry regulations (ISO, PCI, HIPAA)?
If your strategy is not compliant you could be at risk of investigation and/or fines.