Here at My IT, we live and die by the phrase, “If my data survives, my company can survive.” Today’s businesses aren’t offices, storefronts, furniture, and inventory. Instead, businesses are intellectual property, client lists, orders, accounting, and your production files. If a disaster like a fire did overtake your building this weekend, you can move to a new building, buy new furniture, get new computers, and start over IF you have your data. If your data is lost in the fire, you have to start your business over, and most businesses just can’t do that. The chances your business survives a disaster like a fire, hurricane, or even a server crash, is largely dependent on how you backup your company’s data. In fact, the Ponemon Institute states 95% of companies experienced a data outage in the past year.
By the way, according to Kroll Ontrack Data Recovery, 78% of data losses are from a hardware or system malfunction, such as a server crash, followed by 11% by human error, and 7% from a software or program malfunction. Natural disasters only account for 1% of data loss! The key takeaway is to stop preparing solely for a hurricane or fire and plan for the most likely culprit, a hardware failure.
Most companies store their production data on a server in their main office. (Production data is the day-to-day work like project files, accounting, and client contact info.) You have your servers in-house for the fast network speed. To protect your production data, you must backup your company's data.
Places to Backup Your Company's Data (in priority):
- Local Backup – You want to have a localized copy of your data, meaning in your office, because it allows you to back up your data more often and is the fastest way to recover your data. This location is vital because pushing everything offsite to the cloud can tie up your network, slowing down your employees’ production, and it takes days to recover data on offsite backups. Many companies can not survive being without their data for more than a day, so a local copy is essential.
- Offsite, Out-of-State Backup – Along with your localized backup, you want a backup to be offsite. Having data offsite protects your data from a fire, water damage, and theft. Best practices state having your data out-of-state to protect it from larger disasters like hurricanes, tornados, and even power outages. With your data out of harm’s way, you can evacuate your team ahead of a hurricane and set up shop in a hotel 500 miles away and stay operation. The only down time you would have is while your team is in transit. Many companies back up their data remotely at night when the network is not used to prevent crowding the network during working hours.
- Local, Read-Only Backup – Having two backups, local and offsite, used to be enough duplication, and that would protect you from hardware malfunctions and mother nature. Today, you need a third backup, a read-only local backup in case of cyber-attacks and viruses. Read-only means that the data can only be seen and not changed, so a hacker or virus can not write (or modify) the files on this server. Because both your local and offsite backups are always connected, and the files must be writable to add new data, so they are vulnerable to attacks. A read-only backup prevents someone from hacking this data; they can potentially see the data, but not change or encrypt it. A common cyber attacking tactic is ransomware that encrypts your data and your backup data until you pay a ransom in bitcoins (so it is untraceable). Having a read-only backup allows you to remove the attack and recover your data without paying a hefty ransom.
When creating your backup strategy with an IT professional, you will want to understand two key terms -- Recovery Point Objective (RPO) and Recovery Time Objective (RTO). The first term, Recovery Point Objective, is the point in time where you can recover your data. Most companies backup offsite every night, meaning if you had a server failure at noon, you could recover your data from last night, and you would lose any data from the morning hours. For some businesses, that is acceptable while others need more of a real-time RPO, so they do not lose hours of work from hundreds of workers or orders from thousands of customers.
The second term, Recovery Time Objective (RTO) is how long it takes to recover your data. If you’re only backing up offsite, it can take days to download that data or ship it to you on a hard drive. Transferring large amounts of data to a hard drive and overnighting it is expensive. Hence why we suggest having multiple backup methods.
The key is to check your backups which means doing more than just getting an email saying the backups are there. Although that is an easy and efficient method, two huge issues arise with this type of backup testing. First, if you are busy, you may not notice that an email is not delivered for a few days, especially if you get emails from multiple backups at a larger company or at an IT firm. Secondly, this type of report only says the backup is there, but it does not test if the backup is operational. You need a verification report that verifies the backup is operational. After all, backups are pointless if they don’t work.
Most IT professionals do not verify their backups work because it is time-consuming (potentially 10 hours a week of work) and other fires arise throughout the day like help desk tickets. Verifying your backups is never the “squeaky wheel” that gets attended to like a user who has email trouble or a jammed printer.
Keep this in mind - companies that can’t resume operations within 10 days of a disaster hitting, regardless of the type of disaster or business, likely do NOT survive [Strategic Research Institute].
Now you understand our expression, “If my data survives, my company can survive.”
Prepare yourself and have a conversation with your IT provider after asking yourself these vital questions about business continuity.