Since the beginning of the pandemic, IT service providers and IT departments have sharpened their collective focus on cybersecurity, doubling down on protective measures to stop hackers from stealing data and launching record numbers of ransomware attacks. In the process, many may have taken their eyes off other threats that can cause just as much damage as a cyberattack.
While increased attention to cyberattacks is warranted, organizations need to reprioritize their disaster recovery (DR) strategies to meet the real threat landscape we see today. They need to invest in employee training, automate functions in the DR process, and make sure DR plans and processes are ready to handle sudden, unforeseen incidents that threaten their business continuity.
If they don’t, their operations will suffer. According to one study conducted by the University of Texas, 94% of companies that experience a catastrophic data loss don’t survive, 43% never reopen, and 51% shut down within two years. Those that do stay in business lose $84,650 per hour in lost revenue and productivity, according to Veeam’s 2021 Data Protection Report. And they lose more than that: They experience external impacts, including loss of customer confidence and damage to the brand; internal impacts, such as employee morale and diversion of resources; and a third set of factors, litigation and regulation, which can have a significant effect on company valuation.
Investing in employee training is a good place to start. Any organization that didn’t implement a new round of cybersecurity training for workers during the pandemic should make this a top priority. This should include the usual best practices ranging from following incident notification procedures to selecting strong passwords to avoiding phishing scams.
Cybersecurity gets the headlines, but human error remains the most common cause of data loss. Studies show that corporations lose nearly five times the amount of data through accidental deletions and overwrites as they do from malicious incidents. Accidental configuration, application and user administration errors also can crash systems, delete data, and cause costly outages.
Therefore, training should include IT operations too. Configuration errors can be reduced by following a series of best practices. These include creating a single configuration source, providing an easy way to track configuration changes, and using DNS names for all services. Because there’s no way to test every conceivable condition, application errors will occur. But reviewing and upgrading testing procedures regularly can lead to improved performance and reduce the number of careless errors in everyday practice.
Automation should be a top priority coming out of the pandemic as well. Not only does it reduce human errors in everyday processes, but it also gives staff time to perform more strategic, higher-level tasks. This is just as true for IT as it is for those in the office. Organizations increased their investments in automation technologies the past two years, and they should continue to do so – to enhance productivity and provide higher levels of security.
Natural disasters are a growing problem too. A record number of tropical storms have hit the U.S. the past two years, and experts expect climate change to cause more and more damage. The financial impact of the recent Hurricane Ida on businesses, consumers and communities, for instance, is approaching $100 million.
Automating the disaster recovery process, in particular, can save time and improve overall response. Today’s applications and data sets are larger and more complex, distributed, and interdependent than ever. This renders the successful recovery of even a single application — not to mention entire sites — incredibly difficult, making orchestration of recovery processes an indispensable tool.
Time for a DR Checkup
Given the high stakes, now is a good time for organizations to look more closely at their DR plans and procedures to make sure they’re ready to implement in quick fashion. Here are some tips to follow:
- Check the specifics: Having a plan that’s up to date and validated for a corporation’s specific business needs is critical. Needs have probably shifted since the pandemic started. If you haven’t revisited your plan and your customers’ plans in more than a year, it should be a top priority.
- Review documentation: Having easy-to-follow, comprehensive documents available during system restores can save time and avoid stress. These are time-intensive to create, and they should be continually reviewed – preferably by the people who’ll have to use the documents when it’s time to dust them off.
- Update identity accesses: With changes in service consumption, gaps have likely developed from an identity confirmation standpoint. Make sure the right people are authorized to perform critical system functions during that time-sensitive period when systems are down.
- Rethink DR/resilience plans: With increased usage of external devices, organizations should rationalize their plans to incorporate end-to-end protection, from the workforce to the endpoint.
- Ramp up testing: Test each application individually to make sure you’re meeting your key metrics – mainly the recovery time objective (RTO) and recovery point objective (RPO).
It’s no secret cyberattacks are on the rise, and organizations need to devote significant amounts of attention to protect against them. But disasters come in different forms. To ensure customers are protected once one hits, IT service providers should make sure their recovery plans and procedures are in place. Their businesses depend on it.
Rick Vanover is senior director of product strategy and Dave Russell is vice president of enterprise strategy at Veeam.