Every business should have a disaster recovery plan to ensure challenges are prevented or handled before they escalate, writes Stuart Bernard, vice-president: digital solutions at Iron Mountain EMEA.

When people talk about “disaster recovery”, we often imagine the impact of natural disasters – floods, extreme weather events and earthquakes; perhaps even a volcanic eruption given recent events on the Spanish island of La Palma. And while these have the potential to be very disruptive they are also rare.

But just because it’s not hurricane season and your business isn’t located in an area of high tectonic activity on a fault line doesn’t mean there’s no need to invest in disaster recovery … there’s a highly dangerous digital fault line running beneath every enterprise. No matter how large or small a business might be, the threat remains the same and so do the consequences.

The uninvited

Cyberattacks, such as malware, can be devastating and they can happen at any time, in any location. For example, ransomware is a global problem with cybercriminals taking cyber hostages on a regular basis. According to a new Google report, ‘Ransomware in a global context’, more than 80-million ransomware samples were uploaded to its VirusTotal service over the last year and a half. Keeping an eye out for the uninvited has never been more important.

Worse still, simple mistakes can result in data damage or loss. The recent outage at Facebook was reportedly triggered by a configuration change to the backbone routers that coordinate network traffic between the company’s data centres. One of the largest web service providers was knocked offline by a mistake.

Day of disaster

Downtime, data loss and data corruption, no matter how they happen, can have a serious short-term and long-term impact on a business. Customers can lose faith, as can shareholders, and there’s also the possibility of watchdog fines. So what should be done if disaster strikes? And equally important, what constitutes a good disaster recovery plan?

The best disaster recovery and business continuity plans go beyond a simple restoration of data – that’s the entry point, not the full package. A good plan should ensure the speedy restoration of everything you need to run your enterprise, including:

* Hardware infrastructure;

* Software applications; and

* Building systems, such as HVAC and access controls.

So what should be done? First, an astute business should supplement its tape backup system with cloud recovery. Doing this doubles the available copies of your critical data while potentially increasing the speed of your recovery.

However, cloud backup/recovery has its own challenges; to offer the optimum benefits it needs to be properly planned and implemented.

Three, two, one …

There are three fundamental steps to ensuring a suitable cloud implementation. Properly implemented, they will help guarantee a swift recovery.

* Always choose a security partner that offers backup as-a-service (BaaS) and disaster recovery-as-a-service (DRaaS);

* Make sure your provider offers 24/7/365 availability; and

* Create a comprehensive plan that will restore your business and your data.

Your company’s future depends on you selecting a disaster recovery plan that is fit for purpose. You don’t know how or when cybercriminals will strike so every minute counts, both before and after a disaster; it’s equally about planning as it is about implementation. And, of course, a faster recovery means less lost revenue and a reduced chance of costly reputational damage.

Bringing it all together

A good enterprise’s disaster recovery plan should be ready for any type of natural or man-made calamity – from a hurricane to a malware attack or even human error. This will help a business get up and running, quickly and effectively and with confidence. To ensure this is the case, your plan needs to be properly tested and assessed against the needs of your business, otherwise you could still be in jeopardy.

However, bringing this all together can be complex. That’s why you need to work with a disaster recovery expert – someone who can test and assess your plan and then make recommendations based on their experience and expertise.

If misfortune strike don’t believe that this time will be the last time – lightening can strike twice. But with a fully tested recovery plan you can be confident that if disaster hits you’ll be able to quickly and effectively maintain business continuity.