Backups are the cornerstone of any good disaster recovery plan so if you have a decent backup workflow in place, congratulations – you are one step nearer to protecting the data your business relies on. But don’t get too complacent, because as a recent example shows, simply having a plan isn’t enough – you have to know that it works. And that means putting it to the test.
An infographic from BUMI based on data from 104 CEOs found that 30 percent of CEOs consider business continuity the crucial reason to back up data, and 98 percent of them expected business to be up and running within a day in case of any failure. But the problem is that 23.8 percent of them said they had never tested their restore process. And that’s a problem – backups can fail for a number of reasons, both internal and external, and you can’t always rely on the log file reports.
Gary Williams of Spiceworks highlights the term Schrodinger’s Backup which states “The condition of any backup is unknown until a restore is attempted.” He shows how an attempt to test the backing up and restoration process in one company revealed major concerns. For example, the person who had to do the restore didn’t have all the information he needed, and the process itself just didn’t work.
The important lessons to emerge from that process were that:
- Having a restore file alone is not enough. You also need serial numbers and other registration information for software being restored.
- It is important to have a manual that explains the restore process (and any acronyms used) simply enough that anyone can do backups if needed.
- Test, test, test to make sure your backup system works.
This last piece is the most important aspect of a disaster recovery plan. Brent Ozar suggests 10 questions to ask to help you identify if your backup process works. He identifies the importance of testing not just full restores, but incremental ones so you can be confident that the process works.
Dealing with backups is just one aspect of a disaster recovery plan, but what if something even worse happens? Malware has become big business, say Computer School and Lookout. Not only can it take your systems down, but it can share sensitive data, compromise the reputation of your business and cost you money.
Spiceworks’ GUInoob outlines a scenario where the presence of a self-replicating piece of malware meant the company had to take everything offline for a couple of days. In this connected world, that’s a disaster in itself. As he points out, most disaster recovery plans focus on planning for a single disaster, like the network going down, having to evacuate the building or dealing with malware on a single computer. But there are some situations you just can’t plan for. He suggests that IT professionals can up their game by having more restrictive firewall rules and educating users to help them spot potential malware easier.
In the end, having good backups and protecting against malware comes down to testing your processes and plugging any gaps you find.
Not convinced that downtime kills? Check out this article on the cost of point-of-sales downtime.