Hope for the best, prepare for the worst. It’s a cliché, but when it comes to disaster recovery it’s true. In this blog we’ll take you through why every organisation needs a disaster recovery plan – and provide access to a free disaster recovery checklist to get you started.
It’s hard to imagine today, but there was a time some of us may remember when an organisation’s PCs would stop working, and… everyone would just shrug their shoulders and get on with something else. That simply wouldn’t cut it today – we’ve never been more reliant on technology in our professional lives, no matter what industry we work in.
Think about how much your organisation would suffer if everyone lost access to their emails, or SharePoint, your CRM, or any number of mission-critical applications people use day in, day out. Secure, predictable access to these applications is essential to your organisation’s operational integrity. Unfortunately, complex hybrid cloud infrastructures and pernicious cyber threats challenge any organisation’s ability to stay ‘always on’ – and that’s where disaster recovery comes in.
In this blog we’ll take you through why every organisation needs a disaster recovery plan – and provide access to a free disaster recovery checklist to get you started.
What is a Disaster?
When you think of a disaster, what immediately comes to mind? A flood, an earthquake, or some kind of terrorist event are often high on peoples’ lists. These are all perfectly valid, but the truth is that the likelihood of one of them affecting your organisation is probably pretty small. Too much focus on disasters of this nature can lead to complacency when it comes to implementing your disaster recovery plan.
The truth is, what you classify as a disaster is pretty specific to you and your organisation. For an ecommerce business, website downtime as the result of server downtime could be disastrous for revenue and customer confidence. For many organisations, loss of access to critical files or applications as the result of a ransomware attack would be considered a disaster that could lead to significant financial, operational, and reputational damage.
Putting a disaster recovery plan in place will minimise your exposure should the worst happen. Because as we’ll explain, the cost of downtime can be significant.
Calculating the Cost of Downtime
It can be tricky to get buy-in for disaster recovery investment – especially if stakeholders struggle to visualise why a disaster recovery plan is needed in the first place. This is why it can help to create realistic examples that enable you to demonstrate the true cost of downtime.
Consider an outage at a 50-person office that lasts one business day. If the average annual salary in the office is £30,000, one day of downtime will cost the business over £11,400, factoring in a drop in efficiency of 50% for two days.
In the previous section, we told you that a ransomware attack could be considered disaster at your organisation. With ransomware attacks, you should consider the impact both of downtime and of the need to roll-back for an extended period. Recovery from a ransomware infection requires either identification of the time of infection or, more commonly, the recovery and testing of multiple restore points until a clean environment is confirmed.
Let’s say that a ransomware infection impacts a finance system, affecting a team of five users. For our example, the average salary of each staff member is £35,000 per year. It would not be uncommon for the recovery window of such an infection to cause three days of downtime, during which systems are rebuilt and tested, until at last a clean recovery point is found from a week ago.
For the next two weeks, the finance department not only has to recover from three days of outage, but they have also lost the previous week’s work. The efficiency of the team is impacted: not only does the department need to continue to process the normal day-to-day transactions, but they must also spend a considerable amount of time identifying and reproducing the work lost over the next two weeks. The total cost to the business is £6,700 for three days of outage only affecting five members of staff!
Put in these terms, the relatively predictable costs of investing in a disaster recovery plan seem like a preferable option. Because if you implement disaster recovery provisions with small RPO and RTO windows, you’ll save a great deal of money and disruption if the next ransomware attack targeted at your organisation is successful.
What are RPO and RTO, you ask? Read on…
Understanding RPO and RTO
RPO and RTO are essential metrics you need to consider when implementing your disaster recovery plan. Here’s how our partner Datto explained them in a recent blog:
Recovery point objective (RPO) defines the point in time to which you will restore your data after a disaster. It limits how far to roll back your recovery and defines how much data your business can afford to lose before it affects productivity, revenue, and reputation.
Recovery time objective (RTO) is the duration of time it should take to restore all applications and systems after an outage. RTO is usually measured from the moment an outage occurs rather than when the IT team starts working – the moment of the outage is when users and clients were impacted. The RTO should be established with the goal of minimising downtime and the disruption of services.
As Datto explains in its blog, “establishing RTO and RPO will not only decrease the negative effects of downtime, but it will help you more effectively manage a disaster when it strikes.”
Build Your Disaster Recovery Plan Today
Keen to learn more about how to build your disaster recovery plan, what RPO and RTO is appropriate for each of your services, and how you can ensure your organisation safeguards its operational integrity?
Our free disaster recovery checklist eBook, created in collaboration with Datto, tells you what you need to consider to prepare yourself before disaster strikes. Download it here, and schedule a call with one of our experts if you’d like to learn more.