Schedule a Consultation Today (614) 484-0918

Posted by A-Jay Orr

Top Disaster Recovery Mistakes IT Pros Make

We dedicate the months of August and September to disaster recovery planning, and you should too. This time of year is notorious for bringing in some of the most deadly weather events in history. We’ve watched hurricanes like Katrina and Harvey desecrate homes and businesses along the Golf Coast. In the Midwest, states like Florida, Illinois, and Colorado see as many as 20 to 30 tornadoes in a single month! Out west, California is currently battling 16 active wildfires! And this doesn’t even take a business’s top “every day” threats into account, like cyber attacks and human error. Would your business survive a catastrophe if one struck tomorrow? Avoid the following 5 Disaster Recovery mistakes and answer back with a definite — YES.

1. Not Having a Disaster Recovery Plan

71% of companies experienced downtime in the past 12 months (CloudEndure). A shocking 30% of businesses do not have a disaster recovery strategy to help them rebound from an unplanned business disruption (Invenio IT). 90% of these businesses will FAIL after a disaster.

2. Forgetting that Practice Makes Perfect

33% of businesses that DO have a disaster recovery plan still fail to respond to an event (Invenio IT). Why? Because they have no idea whether or not their plan works! Only 13% of companies do monthly disaster recovery drills, and a mere 31% of companies conduct drills annually. 10% of companies admitted that they never conduct DR drills — ever! (CloudEndure).

Too many organizations treat testing as a to-do list item instead of the critical pillar of disaster recovery that it is. These same organizations also lean on a false sense of security; believing that their DR as a Service (DRaaS) provider or Data Center is fail-safe. News flash — they aren’t! Technology is volatile. Cybercrime is the fastest growing threat to service providers. And human error is the 2nd most common reason for an unplanned outage. There’s no such thing as fail-proof; only fail-resistant, which means your organization must test backup solutions and Disaster Recovery controls on a regular basis.

3. Not Defining Your Recovery Time Objectives

Your Recovery Time Objectives (RTOs) are predicted amounts of time that it will take to get mission-critical systems and processes back up and running before a disruption has a severe impact on the business. In other words, RTOs are the “goals” you should set for your Disaster Recovery Plan and your DR plan is the step-by-step guide to reach those goals. Most organizations have more than one RTO to account for varying degrees of disruption.

4. Not Knowing The True Cost of Your Downtime

The total cost of business downtime can be anywhere from $926 to $17,244 per minute (Invenio IT). I repeat — PER MINUTE! Most leaders understand the direct costs that contribute to this astronomical tab. For example, hardware and software repairs, new equipment, or the cost of labor to recover business functions. What they fail to consider is the indirect costs of a business disruption. For example, the cost of lost employee productivity, missed lead conversions and sales, or a damaged reputation. Both expense categories must be considered when working to gauge the true impact of a catastrophe on the health of your business.

5. Not Reporting a Ransomware Attack

47% of businesses have been victims of ransomware, which currently has a 71% success rate. However, less than 1 in 3 small-to-mid-size organizations report an attack. Most likely, this is because they fear the fall-out of an attack becoming public knowledge. However, when and how to inform the public of an attack is a part of your Disaster Recovery Plan for a reason. Sweeping the issue under the office mat sets your company up for missed recovery opportunities. For example, an encryption solution is rare, but they do exist, and the authorities will be the ones to share it with you. Protection agencies also have the most up-to-date information on details about your particular strain of malware, which will help your recovery team contain and resolve the issue faster. By reporting an attack, you are helping to become a part of the universal solution to this massive global problem. The more that authorities know about the nature and impact of a ransomware attack, the better they can develop safeguards and bring down the bad guys.

Who to contact in the event of a ransomware attack: Internet Crime Complaint Center

Interested in more survival-type information for your business technology? Check out this resource page, which features a Ransomware Hostage Rescue Manual, CEO Fraud Prevention Manual, and more!