A 2014 survey from Dell EMC revealed that data loss and downtime costs Australian businesses a combined US$55 billion every year, with at least 64% of organizations across the country falling victim to such incidents. Yet, despite the prevalence of these costly system failures, only 22% of business owners have full confidence in their data recovery abilities.
From cyberattacks to natural disasters and everyday human errors, the threat of sudden data loss is always present within the enterprise. Without a comprehensive recovery plan in place, your business could be hit with a range of damaging consequences including:
- The irretrievable loss of crucial data.
- Regulatory censure in the form of fines and penalties.
- Erosion in customer confidence.
- Loss of reputation.
- A decrease in overall productivity.
- Lost revenue.
Whether you’re regathering vital client information or standing by for servers to come online again, every minute of data inaccessibility represents thousands of dollars in losses for your organization. To minimize these impacts you need to take proactive measures to safeguard your IT infrastructure. Here are some key strategies to implement beforehand.
Business Impact Analysis
Before you can start planning for data recovery, you need to assess the long-term impact of data losses across the critical functions which make up your business. Amongst other factors, you must estimate the amount of time in which business processes have to be restored after a disruption in order to safeguard against unbearable losses. Additionally, each area of business activity should be graded in terms of importance, so that limited resources can be directed towards the most pressing areas after an unexpected data loss incident.
Consult with a variety of personnel throughout the organization when making this priority assessment, as employees could have wildly different perspectives on the importance of a certain function depending on their seniority and expertise.
Conduct a Data Inventory
To fully understand the data security risks you’re facing, you need to identify what type of data you’re handling, where it’s being stored and in what form it’s kept (encrypted, raw data, complete records). First, you need to separate the types of data within the enterprise, by discerning between:
- Personally Identifiable Information (PII) – full names, addresses, phone numbers, tax identification numbers, medical records, driver’s license number.
- Financial Records – credit cards details, payment history, shipping/billing information, email addresses
- Intellectual Property – product lists, design blueprints, vendor communications, internal memos, private emails, financial statements and budgets
Once you’ve categorized each piece of data, you need to classify information based on sensitivity. Highly restricted information would be at the top of the list. The highly restricted classification applies to any data that is essential for business operations it could also be used in cases where the loss of said data would result in significant harm to your businesses’ working relationships or revenues moving forward.
Once you’ve mapped out the most important data in your organization, you can create tailored data recovery plans for the most strategically important files.
Good data storage practices lie at the foundation of any data recovery plan. A step-by-step process for duplicating and archiving all critical data must be implemented. Ideally, data should be stored off-site to prevent unintended damages due to natural disasters or emergency response efforts.
A cloud storage provider may be the best option for smaller businesses, as these vendors can often guarantee automated online backups from a secured, remote location. However, before partnering with a vendor you should ensure that the business follows data security best practices. The company should:
- Create back-ups and secondary copies of your vital information to facilitate easy roll-backs in case of data corruption.
- All data should be kept up to date within your Recovery Point Objective (RPO) which is the amount of time allowed between backup updates.
- Data should be encrypted to prevent unauthorized data monitoring or theft.
If you’re intent on maintaining your backups within the organization, then you should pay attention to the following concerns:
- Backup and replication software should be compatible with all operating systems and applications used.
- Ensure that physical hardware is kept separate from your main workforce. Servers should be accessible only to relevant employees, and all data should be secured via access codes.
- Make sure that your storage hardware is compatible with your backup and recovery software.
- Confirm that your existing network connections have sufficient bandwidth to handle constant data transfers. If not, you may need to set up a separate infrastructure for storage transactions.
- Does data retention comply with government and industry regulations? This is especially important for businesses that process payments, or sensitive medial data.
- Do you have precautions in place to ensure an uninterrupted power supply in case of natural disasters or national blackouts?
- Make sure that offsite backup facilities are consistently maintained and available for data recovery around the clock.
Coordination and Communication
An effective data recovery plan depends upon your human resources. Each department and employee should have a clear idea of their roles and responsibilities during a data loss event. Procedures for data recovery should be clearly communicated to each team.
Each department should have a data recovery advocate in place to organize communication and activities during a period of data loss. Senior management must ensure that adequate resources are provided to key personnel to allow data recovery to go off without a hitch.
Test Your Data Recovery Plan
You don’t want to find out that your backups are corrupted, or that your recovery methods are far too slow during a data loss incident. All data must be verified on a consistent schedule to ensure the integrity and security of backups. Any failed backups should be immediately flagged and examined by relevant personnel.
If possible, recruit an external consultant to conduct regular audits of your data storage and security procedures.
Use the Right Data Recovery Software
If you don’t have the budget to employ dedicated data recovery specialists in your business, then don’t attempt any data recovery on a do-it-yourself basis. There are a host of extremely effective file recovery tools available that can make even the most complex data retrievals look easy.