Backup and disaster recovery starts with a plan. Different processes can be put in place, depending on each company's specific needs and constraints. But here are four essential initial steps.
According to a report by Hiscox Assurances on cyber risk management, losses linked to a cyber attack have multiplied by 6 in one year. In Europe, the average cost of all cyber incidents and breaches is around 60,000 euros. In France, this figure is 35,000 euros, compared with 9,000 euros last year.
This is why, since last year, French companies have been devoting the largest budgets to their cybersecurity, ahead of Spain and Germany.
France also recorded the biggest increase in spending on cybersecurity (+48%). This spending capped at an average of €1.9 million in 2019. All these investments are necessary to reinforce an organization's long-term viability.
But it's also important not to forget the most important thing of all: how to get your business back up and running as quickly as possible after a computer incident or hacking attack. Hence the need for a precise backup and, above all, restoration plan.
A number of steps are required to optimize this recovery program.
Step 1 - Create a list of "emergency contacts
Create an index card (ideally no more than one page) with the contact details of all the suppliers you might need to contact in the event of a disaster, in the broadest sense of the term (from water damage to a cyber attack or burglary).
This list should include contact details for any hardware or software warranties you may have. As well as contact details for your Internet service provider or other assistance.
Having all this information in one place simplifies the first step when a problem arises.
Step 2 - Draw up a prioritized list of critical systems
Yet this essential step is not always taken. Perhaps because it's not as simple as it seems. Drawing up an exhaustive inventory of data and IT assets is no mean feat.
Don't put this off forever! Identify your most critical IT assets: email, phone lines, SQL server, strategic and personal data (with reference to the RGPD), etc.
Examine the dependencies between systems. What is the greatest impact of a single point of failure? It's useful to give a percentage value to each element of your environment, giving more weight to your essential business tools.
Once you've prioritized your systems, define the maximum acceptable downtime for each of these elements. Use a tool such as a downtime cost calculator to establish a quantifiable assessment of how much downtime your company can tolerate without major impact on the business. It's important to set expectations with managers so that, when disaster strikes, everyone is on the same page.
Step 3 - Create a list of disaster scenarios
Determine which threats have the greatest impact on your IT environment: natural disaster, human error, power failure, system failure, cyber attacks.... Whatever you can determine for your environment, you should also take note of these findings:
As you can imagine, technical or accidental problems are more frequent than natural disasters, and these "disasters" are very often avoidable.
Evaluate the downtime you've experienced in the past, how it was managed and what you can learn from these experiences. Identify the biggest vulnerabilities in your environment: lack of backup power, vulnerable or obsolete software, old hardware, infrequent or unreliable backups...
Step 4 - Choosing a solution
The best backup and disaster recovery solution... depends on your environment and what you're backing up! Many factors will determine the backup and disaster recovery solution you ultimately implement, but these four questions are a good starting point:
1. Capacity: how much data do you regularly back up?
2. Scalability: Does the solution need to adapt to your company's growth?
3. Speed: how quickly do you need to launch or recover backups?
4. Cost: Does the solution you need fit your budget?
There are essentially three backup and restore options: tape, disk-to-disk and cloud. Which one you choose depends on what you're backing up and what you want from a backup solution.
These general steps should be seen as a basis for reflection. It's up to each company to adapt it to enhance its security.
