When a disaster hits, are you ready?

Posted by .

DRP start button. Disaster Recovery Plan concept or crisis solutions.Ever wonder what will happen to your data when you are not watching? Do you have a plan set when an event of a catastrophic data loss occurs? Most small to medium size businesses don’t. According to the IBM 2015 Data Breach report, most companies face an alarming rate of data loss challenging their business operations and placing them on the thin ice with bankruptcy.

Queue Rod Serling and consider the following: You get a phone call at 1:00 in the morning from your landlord telling you there has been a fire and you better get down here right away as the damage is significant. You arrive on site to find out your servers, desktop PCs, files, paperwork and intellectual data are in ruins. Your digs have been flattened – it could be days / weeks / who knows how long before you even have a real office again. OK – you are certain that you back up your data nightly (show of hands?) and check the backup logs religiously (uncomfortable clearing of throats), test your backups regularly (hmmm…) and export that data offsite via tape or offsite backup (Bueller? Bueller?). You should be OK because at least you have insurance, except that not only do you not have servers to restore that data to, you have nowhere to put the servers once the claim goes through. So now what? What was the point of all those backups if you haven’t even got anything or anywhere to restore them?
Truth is, no one really expects a catastrophe but bad things happen to good people every day all over the world and simply stated, the difference between those that go under and those that live to fight another day is their level of preparedness. So how ready are you?

The TRUE cost of downtime

First off, it helps to know the true cost of downtime and unless you have done this exercise before, I will bet my lunch you will be astonished. You can use this business downtime calculator to find out what is your cost of downtime but this should put things into perspective: One of our clients is a busy downtown law firm of some 100 seats and they estimate every hour of downtime costs them over $17,000.

At Gartner Research, a study indicated that a $5M business loses $2k per hour unless you have very deep pockets you won’t be able to sustain that burn rate for long.

Data recovery objectives

Now that you have swallowed that jagged little pill, you need to determine two major factors as cornerstones of your soon to be conceived Disaster Recovery Plan – you are starting one now, right? Those are Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

Memorize those because every move you make from here on out, should be based on and judged against those two critical factors when crafting your disaster recovery and / or business continuity plans. So what exactly are RTO and RPO? Well, Recovery Time Objective is defined as “the duration of time within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity.” Recovery Point Objective is “the point in time to which you must recover data as defined in terms of what is an “acceptable loss” in a disaster situation.” Thank you Wikipedia, I’m more confused now than when I started.

In common language: How long can you be down (RTO) and how much data can you stand to lose (RPO)? Whenever I ask those two critical questions I get answers that are all over the map but most of them eventually settle back to approximately one day of each – i.e. “We can lose up to one day’s worth of data and we can be down for up to one day but after that – bad things.” And that is pretty much the average across the board with small businesses in general. However, the reality is generally much different because most businesses are about as prepared for a disaster as most individuals are. For example, how many of us have an earthquake plan at home? Hands up all of you who have a week’s worth of food, water, batteries, portable radio, extra cellphone batteries, etc. in anticipation of “the big one” that we are so overdue for here on the Left Coast? And how many of us actually rotate those supplies out once they hit the “best before” date. Thought so. In the words of Shakespeare – The readiness is all.

Most businesses simply don’t have a plan

For most small and medium businesses the plan for recovering from a disaster is simply “don’t have one”. Businesses usually don’t think past the primary goal of data protection (proper backups) and some aren’t even very good at that. So if your recovery plan is to do nightly backups and port that data offsite via tapes or online backups and your RTO and RPO are in the neighborhood of one day – thanks for playing, please pick up your lovely parting gifts on your way to obscurity because you won’t even come close to that goal.

Make things better - performance and improvement chalkboard

Taking the first step

Fortunately, Al Gore invented the Internet (if you don’t believe that, just ask him). And that was long before he invented Global Warming (actually, it was scientist Wally Broecker – but nice try, Al). And with all the glorious technology that goes along with it, true business continuity is available and affordable even for very small businesses. But the very first step you need to take is to determine your true cost of downtime and then calculate your tolerance to downtime and data loss – RTO and RPO. Once you have done this, you are ready to take the next step: define the solutions required to mitigate your risks and achieve your goals. If nothing else, you will find it an interesting and revealing exercise and you will have done more than most to safeguard your business against disaster.

Learn more about Disaster Recovery and Business Continuity