How to prepare your organization for a data disaster

At the center of any business is its data. Data is the sun around which everything else revolves – customer interactions, new client sales, employee engagement, regulatory compliance, and patient health, depending on the organization. Without reliable access to its data, a business can suffer substantial consequences.

Disruption can happen anytime, from ransomware attacks to natural disasters or employee mistakes. If there is no successful IT backup and recovery plan in advance, recovery can be complicated, time-consuming, and expensive, ultimately impacting long-term business prosperity. According to the University of Texas, 94% of companies suffering from a catastrophic data loss do not survive – 43% never reopen, and 51% close within two years.

Still, cybersecurity measures to protect against data loss are often considered a cost center versus a cost saver. That mentality pushes cybersecurity plans and investments to the back burner, especially during economic uncertainty like what we’re experiencing right now. IT managers and cybersecurity professionals are left to work with what they’ve got to protect their organization’s most valuable assets.

Most IT teams recognize data backup as an essential part of any modern tech stack. Data backups copy data from a primary location to a secondary destination. They can help recover older files that have been deleted or tampered with in the case of an employee mistake, attack, or disaster. But if all IT teams are doing is implementing a backup solution in the background, they are at risk of being unprepared if – and when – a data disruption occurs. They may not even realize that they can do more than that, even with limited resources.

Know Your RTO and RPO

Unlike most consumers, businesses have critical infrastructure on their backups, including operating systems and client databases. To bounce back from any data disruption, IT teams should focus on resiliency – i.e., ensuring that when a disaster occurs, the system is up and running and the data is available again as fast as possible.

Cloud backup services are a popular option for many, but it is always a good practice to have a physical backup appliance somewhere off-site as an extra layer of protection. Many hardware backup appliances allow the user to set up a backup schedule so data streams automatically to the device. The frequency of this schedule will depend on the organization's size and how often files are being updated. When a restore process is initiated, anything beyond the point of the latest backup is lost indefinitely.

Having a precise and accurate Recovery Time Objective (RTO) and Recovery Point Objective (RPO) is the first step in determining the backup schedule. RPO is how often a backup is performed, and the shorter the amount of time between backups, the lower the RPO and the less data will be lost should you have to restore. RTO is how long it takes to get all systems back online from the backup after a restoration process is implemented. This will take longer depending on the data's size and the backup's location, but knowing how long this process takes and aiming to keep it as quick as possible is an excellent guiding light.

Outline a Comprehensive Plan of Action

Managers should create an independent action plan in advance that assigns clearly defined responsibilities to each key employee, both within the IT department and across the organization, depending on that organization’s structure and what caused the data failure. For example, one person could oversee contacting the appropriate stakeholders. Make a list of phone numbers or email addresses for co-workers that need to be made aware in the event of a breach or data loss. This list is often made up of the company's lawyer and any IT/cybersecurity vendors. Reaching out to customers whose data might have been impacted as part of the disruption may also be appropriate.

Having a comprehensive plan in place, especially one that accounts for the possibilities will prepare you for success. For instance, if the data disruption is a ransomware attack, task cybersecurity or IT analysts with specific actions to limit the attack's impact. IT teams may think they know what to do should a data breach occur, but steps can be missed in the chaos. It is better to have a plan developed ahead of time, with roles assigned to streamline efficiency.

If the data disruption is a natural disaster at the company’s primary location, where is the offsite backup, and how quickly can it be accessed? If an employee deleted the data, have a plan to place to collaborate with the employee involved and the teams they are on. It is a good best practice, especially for larger organizations, to have a point of contact within each sector of the organization that can help to coordinate with the IT/cybersecurity team if an isolated incident like an employee mishap does occur.

It is important to note that if your company’s network is down, you won’t have access to any documents, plans, cell phone numbers, etc., stored there. Make sure you are saving these assets in a different or personal place that can still be accessed in case of a data disruption at work.

Taking the time to think through what actionable steps to take when a data loss occurs will go a long way in getting that data restored promptly. Still, there is only so much that this can help if the data on the backup device is also destroyed or otherwise tampered with and cannot be restored. That’s why it is also essential for companies to invest in immutability for data backups – software that ensures ransomware attackers cannot modify backup files.

Data disruption is almost inevitable, and while it can’t always be prevented, it can be prepared for.