Get free advice on all things IT


The Importance of a Disaster Recovery Plan in the 21st Century


When it comes to Disaster Recovery, it definitely pays to be proactive. Disasters can strike in many different forms so it's crucial for your business to already have a plan in place when they do. Whether it be a burst pipe wiping out the machines in your office or a Ransomware attack, it's paramount that you have a clear strategy to minimise the impact on your business if disaster does rear one of its many ugly heads. A Disaster Recovery Plan is imperative in all businesses of different sizes and here's why.

The importance of a disaster recovery plan in the 21st century

You can jump directly to five basic steps to a Disaster Recovery Plan by clicking here.

You Need to Know the Threats: Ransomware Attacks, System Failures & Physical Disaster

Ransomware attacks are one of the main reasons why your business should have a Disaster Recovery Plan in place. This kind of disaster can bring your company to its knees if you don't know how to deal with it correctly or don't have the right plan in place to combat it. They work and spread by exploiting vulnerabilities in certain machines and in particular, target older versions of software that are no longer supported by their system provider (e.g. when the NHS was using Microsoft XP).

The attacks corrupt your files and only offer to release them in return for a cash ransom. Even if the victim coughs up the cash, they still aren't guaranteed to have the affected data returned. Providers release security updates in order to solve the issues but these are usually for the more recent versions of the software, hence why attackers target older, outdated systems.

Updates will eventually be released for the older versions but not for a stretch of time after the original attack, potentially leaving your business out of action if your systems aren't up to date. Below is an example of how a major Ransomware attack could affect your business.

How did WannaCry Infect the NHS?

The WannaCry outbreak of May 2017 saw 16 NHS organisations across Britain have their files corrupted. As they had no effective Disaster Recovery Plan in place, it cost them a whopping £180,000 in emergency fees. WannaCry specifically targeted Windows machines, including versions that are no longer supported by Microsoft (updates and system fixes aren't released anymore.)

The NHS rely on the outdated legacy system Windows XP, which is no longer supported by Microsoft, so solutions to the problems meant that there was up to four days of downtime. In this time, doctors were reduced to pens and paper whilst almost 7,000 appointments were cancelled. A&E departments were forced to close to non-critical patients and a huge number of operations were cancelled too.

ransomware attack results in using pen and paper

Even Windows XP is better than reverting back to pen and paper.

The sheer level of disruption caused by this attack could've been reduced dramatically had they had a Recovery Plan. An up to date system would've reduced the impact as the problem would've been patched up sooner by Microsoft.

Older systems decrease the security of your data and are often targeted more. Persisting with an outdated system has cost the NHS more (especially with the emergency fees) than it would to replace everything. 

And if that's not enough to worry about, a Recovery Plan doesn't just cover cyber attacks. Your business should also be prepared for technical and physical disasters too. Be prepared for everything.

Say there's been a system failure in your office block or a city wide blackout - have you backed up your data at regular intervals to reduce your loss? Do you know where all of your data is stored? Does your system have the capacity to get you back up and running in the same day? These are all questions that should feature in a successful plan.

Disaster Recovery Plans

As mentioned previously, every business should have a Recovery Plan in place. Large or small. In times of crisis, this document can be a matter of life and death for your business, especially the organisations that don't have the capital to bail themselves out of a massive disaster.

Plans can differ depending on a plethora of factors, which could be something as simple as a burst pipe in your office that has destroyed your backup storage devices to a security breach that leaves your office premises inaccessible. As there are many factors which you can base your plan around, there are many solutions too.

For example, if you turn up to work on a Monday morning to find your office has been flooded,  if even short spells of downtime are so costly to business, recovery plans commonly feature having backup temporary offices and hardware available so the wheels can keep turning.

Cloud-Based Recovery

Cloud-based recovery plans are becoming increasingly popular as technology evolves. There are various benefits to operating on a cloud-based system. This type of plan provides a secure and simple automated process for replicating and recovering applications should anything unfortunately go wrong. The main benefits of cloud-based recovery are:

  • It's easy to integrate into your business.
  • It provides a faster response time to any mishaps that may occur.
  • Fantastically flexible should you need to re-scale your infrastructure.
  • A lower cost alternative to physical storage recovery.

Your disaster plan can determine whether your company sinks or swims in times of disaster. It is crucial that you have the correct plan in place for your business. Here's how you can ensure that in 5 simple steps:

5 Basic Steps of an Effective Recovery Plan

1. Create & Stick to Your Plan

Create formal written plans outlining what information is of vital importance, how and where it should be stored and how often it should be backed up. This plan will also give a clear view of who's accountable for which part of the recovery process. These plans will also help with the introduction of new employees.

2. Centralise Your Data

Ensure that all your data is safely stored in one place. This makes it easier to manage and makes sure that nothing slips through the net and if you do need to refer to backups, it's easily retrieved. Some businesses are leaning more towards storing their data on a cloud-based location. This rules out the need for a physical backup server and is a good way to chop unnecessary costs.

3. Backup Regularly

It is best practice to always backup your data. Disaster won't give you any notice of when or what is about to strike, so it's easier to be prepared by backing up at regular intervals. Don't leave yourself in the lurch and risk losing vital business data by not backing up, as it could cost you dearly.

Every 24 hours, two weeks, six months and yearly is pretty typical.

4. Maintain & Go Beyond Compliance

It's paramount that businesses follow the correct protocols when it comes to data protection as they don't always have the capital to bail them out if a disaster strikes, as larger companies like Uber and Playstation have done in the past. Ensuring that systems are always updated to their latest versions is a great start. This minimises the risk of potential cyber attacks. Going beyond compliance is also good practice for potential future growth within your business. 

5. Manage Access & Control

Only authorised team members should be granted access to your sensitive data. Keep a note of who is authorised, so if something unfortunately does go wrong, you know who to look to. Having too many touch points could be particularly detrimental to your business. Crucial points could potentially slip through the net and communication may lax with a larger number. As the saying goes, "too many chefs spoil the broth." 

Learn More About Disaster Recovery as Part of the Wider Ransomware Threat

There's no way of predicting when disaster may strike your business, but it's a great start having a plan for if/when it does. As mentioned before they can come in all different forms, ranging from citywide blackout to an office flood.

It's important you're ready to act fast if unfortunately something does wrong, especially Ransomware cases. If you'd like to learn more on what to do if disaster strikes, check out this guide:

Disaster Recovery CTA 3

FREE Case Consultation

Recent Posts