Is your disaster recovery plan really a security hazard?

Image of padlock against circuit board/cybersecurity background
(Image credit: Future)

When people talk about “disaster recovery”, we often imagine the impact of natural disasters – floods, extreme weather events and earthquakes; perhaps even a volcanic eruption given recent events on the Spanish island of La Palma. And while these have the potential to be very disruptive they are also rare.

About the author

Stuart Bernard is VP of Digital Solutions for EMEA at Iron Mountain.

But just because it’s not hurricane season and your business isn’t located in an area of high tectonic activity on a fault line doesn’t mean there’s no need to invest in disaster recovery... there’s a highly dangerous digital fault line running beneath every enterprise. No matter how large or small a business might be, the threat remains the same and so do the consequences.

The uninvited

Cyberattacks, such as malware, can be devastating and they can happen at any time, in any location. For example, ransomware is a global problem with cybercriminals taking cyber hostages on a regular basis. According to a new Google report, ‘Ransomware in a global context’, more than 80 million ransomware samples were uploaded to its VirusTotal service over the last year and a half. Keeping an eye out for the uninvited has never been more important.

Worse still, simple mistakes can result in data damage or loss. The recent outage at Facebook was reportedly triggered by a configuration change to the backbone routers that coordinate network traffic between the company’s data centers. One of the largest web service providers was knocked offline by a mistake.

Day of disaster

Downtime, data loss and data corruption, no matter how they happen, can have a serious short-term and long-term impact on a business. Customers can lose faith, as can shareholders, and there’s also the possibility of watchdog fines. So what should be done if disaster strikes? And equally important, what constitutes a good disaster recovery plan?

The best disaster recovery and business continuity plans go beyond a simple restoration of data – that’s the entry point, not the full package. A good plan should ensure the speedy restoration of everything you need to run your enterprise, including:

  • Hardware infrastructure
  • Software applications
  • Building systems, such as HVAC and access controls

So what should be done? First, an astute business should supplement its tape backup system with cloud recovery. Doing this doubles the available copies of your critical data while potentially increasing the speed of your recovery. However, cloud backup/recovery has its own challenges; to offer the optimum benefits it needs to be properly planned and implemented.

Three, two, one...

There are three fundamental steps to ensuring a suitable cloud implementation. Properly implemented, they will help guarantee a swift recovery.

1. Always choose a security partner that offers backup as-a-service (BaaS) and disaster recovery-as-a-service (DRaaS)

2. Make sure your provider offers 24/7/365 availability

3. Create a comprehensive plan that will restore your business and your data

Your company's future depends on you selecting a disaster recovery plan that is fit for purpose. You don't know how or when cybercriminals will strike so every minute counts, both before and after a disaster; it’s equally about planning as it is about implementation. And, of course, a faster recovery means less lost revenue and a reduced chance of costly reputational damage.

Bringing it all together

A good enterprise’s disaster recovery plan should be ready for any type of natural or man-made calamity – from a hurricane to a malware attack or even human error. This will help a business get up and running, quickly and effectively and with confidence. To ensure this is the case, your plan needs to be properly tested and assessed against the needs of your business, otherwise you could still be in jeopardy.

However, bringing this all together can be complex. That’s why you need to work with a disaster recovery expert – someone who can test and assess your plan and then make recommendations based on their experience and expertise. If misfortune strike don’t believe that this time will be the last time – lightening can strike twice. But with a fully tested recovery plan you can be confident that if disaster hits you’ll be able to quickly and effectively maintain business continuity.

At TechRadar Pro, we've featured the best online cybersecurity courses.

Stuart Bernard

Stuart Bernard was appointed as Iron Mountain’s Regional Vice President of Global Digital Solutions in EMEA in October 2019. He currently oversees a wide range of strategic and operational elements relating to Iron Mountain’s digital capabilities – including sales and operational performance, technology development, and future innovation. Stuart has 10+ years of experience leading teams in the IT and services industry.