What many businesses don’t realize is that data backup and recovery is an important part of their cyber security and overall business resilience. Knowing these basics can help you talk to your managed IT provider or internal tech team about your disaster recovery plan.

The ABCs of recovering your data after a natural disaster or cyber attack start with A, B, C: Assessing your system, then Backing up all your systems, including your infrastructure and data, and Creating Controls to counter cyber attacks. Sounds difficult but it can be easy with the right IT partner.

A: Assess Your Data Backup and Recovery Needs

Take a good look at your system and assess what you cannot afford to lose. Begin with applications.

• Applications. List every one and prioritize them.
  • Which would be most affected by a disruption to your system?
  • Which are irreplaceable?
  • Which are replaceable from other sources?
  • Who or what would be affected by disruptions in those applications? 
  • What would the cost per hour be if a particular application was affected? 
• Data and Infrastructure What kind of data do you have? Photos, databases, letters, financial files? Each business is different in the types of data and infrastructure used. In the end, it really doesn’t matter. All that matters is, can you afford to lose it permanently? If not, it’s time to back it up and develop a data backup and recovery plan.

B: Backup Your Business Infrastructure and Data

Once you’ve done the assessment, it’s time to figure out what kind of backup you need, who is going to do it and where it should be located. That last one is where many businesses stumble. Should the backups be in house? In the cloud? At another branch or location?

Consider this: If you choose “in house” and the disaster turns out to be a flood or a fire and all your files are backed up in the location of that disaster, you are out of luck and probably out of business. Choosing “another location” can be similarly risky. The best answer is to create redundant backups in multiple locations or in a cloud service (or both).

Assign a single contact person to handle your company’s data backup and recovery plan. That person does not have to do the actual backups, just make sure they are getting done. If you do not have an in-house IT person (or that person is already overloaded), consider working with a managed service provider (MSP). The provider can help you set up a layered backup and disaster recovery plan that makes sure recovery is possible in minutes, not hours or days.

C: Create Controls Using Cloud Backups For Business Resilience

• Create controls and a disaster recovery plan for your data. Your IT team or MSP will help you decide which type of backup solutions are best for your business and your budget. They will also plan how often to implement them.
• Conduct training sessions for your team (everyone including management) to spot attacks and avoid falling victim.
  • Do they know how to spot emails, texts, social posts that might not be legit? The best MSPs include training your team as part of their package. MSPs also have the manpower and technology to stay on top of the latest trends in malicious attacks. 
• Control cyber security at the endpoint device level to make sure every device on your network is protected, including personal phones and computers that might access business files. Those things are what’s known as endpoints and endpoints must be protected.
• Simulate cyber attacks. Simulations identify weak areas where re-education or additional training might be needed so that staff doesn’t expose the company to a data breach. This is not that easy to do on your own, which is another reason to work with an MSP. 
• Consider using a centralized collaboration platform, like Microsoft Teams. This shared system stores files centrally and work is accessible to all (with a permission structure as needed). It is especially useful when a key person is out sick but another member of the team needs to access that person’s work in progress making adjustments to it by deadline. This also reduces the number of emails and attachments that your team needs to manage, decreasing the risk of falling for a phishing attack. Teams can also boost productivity. People can collaborate more easily, working within the same document. And there is less need to be constantly emailing each other files and trying to figure out which one is the most recent.

Cloud vs. Local Backups for DBR

Endpoint and shared system backups can be maintained using the cloud, local servers or a combination of both.

• Local backup(s)—When you are backing up to a device that is physically plugged into your computer, it is a local backup. In an office setting, local backups are more common than a shared onsite server. But either way, the backup files physically exist in the same location as the primary files.
• Cloud backup(s)—When you are backing up to servers sitting in a different location than the primary files, it is a cloud backup. This can range from a single location a few miles away to many locations worldwide.

Local backups are lightning fast (10X+ the speed of a cloud backup). But if you have a fire or flood, there is a high likelihood that you will lose the backups as well as your primary files.  Because cloud backups are not in the same location as your office and can even easily be set up to many redundant locations, you are far, far less likely to lose data.

The best solution, and one advised in many disaster recovery plans, contains a hybrid of cloud and local backups. Cloud backups can slow down the speed of business as they download and upload. Virtually unnoticeable in a  Microsoft Word document, but glaring in files, like Adobe Illustrator or AutoCAD, which will take seemingly forever. That’s why we advise a hybrid of cloud and local.

That’s the crux of the ABCs for protecting your data in the event (not far fetched these days) of a natural or cyber attack disaster.

Need more information? Contact us or book a meeting, virtual or in person.