Cyber attacks can originate anywhere, which means there are no physical barriers to defend against an attack. These attacks are well thought out and customized to exploit vulnerabilities in hardware, software, configurations, and people. The volume of cyberattacks is growing and many insurance companies now require extensive cyber security hardening before covering any loss.
Even if you have the best defensive measures, your careless vendors, employees, and software suppliers make you vulnerable in newly discovered ways ever day. That’s why investing in a proper data backup, business continuity, and disaster recovery solution is a necessity.
All of that being said, cyber criminals usually target BCDR solutions first so the quality of your solution and design matters. There are 9 common mistakes that you should avoid when creating a data backup and disaster recovery plan and choosing a BCDR solution. We will discuss how you can prevent these mistakes so that you can implement a best-practice disaster recovery plan.
The 9 Mistakes
1. The scope of the backup is incomplete
It’s very common that data backups have very little to no strategic thought behind them. Evidence of these mistakes presents itself in the form of:
- Important data, applications, or systems that are not included in the backup jobs.
- All applications, data, and systems are backed up in the same way (There are no priorities).
- The time it takes to restore backed up systems and data is longer than expected.
- Your point in time recovery is older than you knew. (You need to recover today’s data but you’re only able to recover last week’s information).
Avoid these mistakes by classifying and prioritizing data, applications, and systems that need to be backed up. A Business Impact Analysis will identify critical sets of data while defining Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). This allows you to implement a backup job that supports lightning-fast restore times for critical information.
2. Data backup is not completed automatically
Making a data backup is an easy task to complete. Just click the button, and the data backup is performed immediately. However, there is a big problem presented when you do your data backups manually due to the fact that people forget to do them! Automation eliminates human error and allows you to have a successful data backup when you need it.
3. There is only one copy of the backup
What happens if your only data backup copy is lost, deleted, or becomes corrupted? Having on site and cloud based backups that can be spun up instantly is ideal for redundancy, testing, and recovery time.
4. Backups are not monitored and recovery isn’t tested
Do you check if your backups were successful? Data backups can fail, and most people forget to check if their data backups were successfully created. That’s why it’s important to monitor your data backups very closely if you are notified of a failure. In addition, business continuity systems and plans should be tested regularly to ensure you and your vendors know how to and how long it will take to bring your vital systems on line again.
5. Backups are not kept offsite
It’s not uncommon for businesses to store data backups in the same physical location as the systems that are being backed up. While this practice is acceptable for some types of systems, for others it is not ideal. Imagine there is a natural disaster, your servers and data backups can be severely damaged. That’s why it’s important to keep one or more data backups offsite.
6. Insufficient backup capacity
Capacity issues create sloppy and incomplete data backup jobs. Not only should your backup capacity be able to deal with your current needs, it should allow for some element of growth over time. A Capacity Planning exercise executed by a qualified technician can help you with this.
7. Lack of a documented Disaster Recovery Plan
Data backup is only valuable if you can resume operations and recover your data in enough time to maintain your customers, employees, and vendors. Having a business continuity and data recovery procedure will help you speed up this process. A disaster recovery plan also known as “DR” should present steps to recover systems and / or lost data, as well as designate who is responsible for performing these steps once a disaster presents itself.
8. There is no process to add or remove items from the backup scope
As new servers, applications, and data are added to your technological environment on site and in the cloud, it is important to make sure data backup and business continuity solutions can cover the systems and data you need in the future. Having a Data Backup Policy will provide users with the steps they need to add or delete components of the data backup. Not implementing a Data Backup Policy may lead to disaster itself.
9. Absence of BCDR and continuity plan testing
A test is the only way to verify that important systems can be brought on line and that sensitive data can be restored, if needed.
At BTI we have more than 40 years of experience in the fields of IT, communications, and security, and we are happy to help you improve your business’s overall security. If you are looking for guidance, management, or the best custom BCDR, IT, cyber security, or converged physical and cyber security solutions for your business, we have the expertise you need! Can we help you with anything? Contact us now or schedule a free assessment!
