Like many small or medium businesses you’ve probably paid some thought to that rare data-loss catastrophe but chances are that when it came to budgeting for that unforeseen scenario the “what are the odds?” attitude ultimately prevailed inevitably resulting in a largely inadequate disaster recovery solution or in some cases, nothing at all.
Whilst these disaster scenarios are indeed relatively infrequent it is extremely important to understand the reality of the threat and the unpredictable nature of their occurrence. One could successfully argue that within Australia the risk to business is noticeably higher than the global average due to our country being particularly prone to weather extremes and associated natural disasters whether they be fires, floods or tropical cyclones. Now planning for that major disaster is one thing, but it is easy to overlook and hence not consider the detrimental effect of many smaller incidents that can have just as large an impact on your business. This is where RTOs and RPOs come in.
When it comes to planning for a disaster every business needs to be able to determine both an acceptable period of production downtime and the limit of acceptable data loss. The Recovery Time Objective (RTO) specifies the maximum duration of loss of or disruption to production systems beyond which the consequences to business are unacceptable. Similarly, the Recovery Point Objective (RPO) specifies the maximum period of time that is considered acceptable for lost data as the result of a disaster.
What is considered acceptable for both data loss and production downtime will vary depending on the type of business and nature of the circumstances however the necessity for considering and planning for the consequences of both major and minor incidents remains the same. What one business considers an event of major disruption to workflow may not be as significant an impact for another but the need to ascertain exactly what is acceptable and what consequences a particular incident will have on your business applies to all.
It must be understood that planning a solution to maintain business continuity, adhere to the defined recovery time and point objectives and mitigate the impact of a disaster is not a trivial matter and more than likely is beyond the capability of a business’s existing internal resources. There are many products and strategies available when it comes to disaster planning but determining which will suit your business’s needs is another matter. Consulting with a service provider that understands your requirements and specialises in backups and disaster recovery is crucial to ensuring a robust and reliable solution.
One of the most significant factors in recent years that has dramatically increased the need and urgency of businesses to implement a disaster recovery solution has been the prevalence of ransomware. Most people would have heard of this type of malicious software by its most common variety – CryptoLocker. For those that are not aware of what makes this type of malware so damaging it is its ability to silently access and encrypt not only the most common types of documents and files on your computer, but also any network shared folders you may also have attached to your computer. The result will be all of your most important business data being in an unreadable state at which point it will prompt you to pay a hefty ransom within 24-72 hours to obtain the decryption key without which your data is useless.
Since 2013 the sophistication and variance of this type of malware has increased massively as has the range of file extensions and genuine-looking emails that are used in attempt to get you to run the malware on your computer. Chances are you know someone that has experienced this either at work or at home or you may have been unfortunate enough to already have had your data held hostage and have had to pay the ransom to regain your important files and documents.
One of the best pieces of advice against encountering this nightmare is as old as email itself. Don’t open attachments from someone you don’t know. If it looks suspicious it probably is. Even if it claims to be from a government department, courier/postal service or a reputable bank or institution, tread cautiously as this is one of the most common guises currently in use all in order to get you to open and run that attachment.
Having said that, not everyone within your company will always be as mindful of such threats whether they be from obvious but rare natural disasters, hardware failure, data theft or ransomware and there will almost certainly come a time when recovery is needed. The best defence will always be to have a comprehensive and well-planned backup and disaster recovery solution in place before the day comes when you regret not having one. The inherent human mindset typically dictates that we don’t act or plan for a scenario until the first time it happens. There can by any number of reasons for this whether it be simply from a lack of consideration or budgetary constraints but regardless the question that needs to be asked is can you afford not to?