Do you trust your business continuity plan?
All businesses–regardless of size–have a digital presence. This mandates that both mundane and mission critical data must be regularly backed up and ready for recovery at the drop of a hat. Whether it is managed in-house or outsourced, business owners and financial managers don’t always know what data is backed up, how often it’s backed up, where it is stored or how long it will take to recover when disaster strikes.
Here are some questions around data backup and recovery that should be asked to whoever is responsible for this function:
The key take away for business managers is that backing up your data and storing it either onsite or in the Cloud is only part of the solution if your business suffers catastrophic damage.
Data backups are far from perfect. Company data can still be lost through corrupted files, power outages and accidental deletions. Sometimes data can be re-entered but information captured on the fly as transactions occur is gone unless your servers that or back up new information as it is entered. Are these used at your business?
- Is the company data safely stored and readily available?
- Is it easy to recover? If stored in the Cloud, how will you recover if the Internet is down?
- Is sensitive data encrypted? If you handle important customer data or intellectual property, it should be encrypted. Laptops and all mobile devices that store and transmit company data should also be encrypted. The bottom line? Encrypt all sensitive data when it is backed up.
- Should backups be stored both onsite and offsite? Onsite data is much easier to recover rapidly which reduces the time needed to recover from problems such as hardware failures. Offsite data, on the other hand, is essential in the event of a fire or flood.
- Can you afford lost productivity and revenue if your data is destroyed? If yours is like most businesses the answer is “no”. That’s why a workable disaster recovery plan that has been well thought out and practiced is so essential.
It is critical to understand that backing up your data, even daily, is not the same thing as a disaster recovery plan.
Corrupted files can often be recovered within the same program that the user is working in, such as Word or Excel, but other applications don’t offer this option. Do you know the capabilities of your software applications?
Should your company’s data be catastrophically breached or be irrecoverable by ordinary means, a disaster recovery plan will provide a guide to the restoration process.
Disaster Recovery Plans
When implementing a new plan or reviewing the one you have keep these points in mind:
This plan will be your “cookbook” to follow when total chaos occurs. If contact information is incorrect or steps are missing in the process the recovery time will increase. That’s why it is imperative to review, test and change the plan as the company evolves.
Business continuity goes beyond a defined process or plan, and when full continuity is achieved, a company is prepared to not only recover from a disaster but also limit the adverse effects of the event. Implementing business continuity practices ensures that the appropriate people have access to critical functions. This is why business continuity cannot be achieved simply through one solution or technology.
- Document at what point the recovery kicks in and who makes the determination
- Include alternate locations that key recovery personnel can work from in order to recover company data
- Regularly review and update contact information for key recovery personnel
- Document the order of events required to fully recover operations
Companies must plan their business continuity strategy on two fronts: planning for how to continue business processes in the event of disaster and choosing the appropriate business continuity solution to support these processes. If a company lacks the correct solution(s) in place, access to data vital to their functions could be unavailable for hours, days or even weeks depending on the level of damage and/or the amount of data that needs to be recovered. Frustrated employees, lost clients, revenue deficits or business closure are all possible in an extended recovery scenario.
Cybercriminals armed with ransomware are a formidable adversary. While small-to-mid-sized businesses aren’t specifically targeted in ransomware campaigns, they may be more likely to suffer an attack. An IT staff that is stretched thin and outdated technology is the perfect environment for a breach to occur. Security software is essential, however, a proper ransomware protection strategy also requires a strong backup and recovery process.
When assessing disaster preparedness every aspect of the planning process must be viewed from both a technological and human standpoint.
If your business suffers a ransomware attack, properly managed backup technology allows a roll-back of data to a point-in-time before the corruption occurred. When it comes to ransomware, the benefit of this is two-fold. First, there is no need to pay the ransom to get the data back. Second, restoration is to a point-in-time before the ransomware infected your systems, the system will be clean and the malware can’t be triggered again.
Regardless of the cause, once this disaster is over and recovery is complete, now is the time to determine the cause of the outage. Remedying the “root cause” will harden the business against future failures.
Not a member-scholar yet? Join our financial community here!
Identify your path to CFO success by taking our CFO Readiness Assessmentᵀᴹ.
For the most up to date and relevant accounting, finance, treasury and leadership headlines all in one place subscribe to The Balanced Digest.