The conversation around B2B data security is no longer about having a backup, but about whether your backup actually works when you need it most. Data backup and disaster recovery solutions were once seen as “set it and forget it” tools, but this is no longer the case. In reality, your data backup strategy is much more complex, and if you fail to give it the attention it deserves, it could result in an extinction-level event for your business.

Half the battle is about asking the right questions and being prepared well in advance of any potential crisis. If you ask these three questions, you can expose the cracks in your backup and disaster recovery strategy and ensure your business stays resilient to the countless threats out there.

Question 1: What Are Our True Recovery Objectives?

If you haven’t defined your Recovery Time Objective (RTO) or your Recovery Point Objective (RPO), you’re merely guessing at your level of protection.

Your business needs to implement a tiered approach based on the potential business impact of data loss. This assessment evaluates your applications and calculates the cost of downtime in terms of lost revenue, productivity, and reputation. In short:

• RTO (Time) - The maximum time your business can tolerate being down. Mission-critical and revenue-generating systems should have minimal RTOs.
• RPO (Data) - The maximum amount of data your business can afford to lose. Your most critical systems should have RPOs measured in seconds or minutes, indicating that you take frequent backups.

Don’t accept a generic “one-size-fits-all” solution; have your provider customize the solution according to your specific goals, defined by measurable financial losses and potential risk.

Question 2: How Often Do We Test the Complete End-to-End Recovery Process?

If you’re not testing your backup, then you’re relying on a hope, not a plan. The worst thing you can do is assume your backup solution works without testing it.

We recommend that any test you conduct simulate a catastrophic failure, booting your critical systems entirely from the backup environment (usually the cloud). But don’t stop there; ask key departmental heads to participate in the process as well, logging into recovered applications to perform their daily tasks to ensure they work as intended. This helps you guarantee optimal functionality and minimal data loss. Make sure you’re timing the recovery and documenting the process, too, so you can be confident the solution falls within your accepted RTO.

Your data backup and disaster recovery provider should provide a report detailing recovery test results; otherwise, how can you know you’re ready to tackle a disaster?

Question 3: Does Our Backup Strategy Protect Against Ransomware and User Error?

Today’s threat landscape is dominated by malicious encryption and accidental deletion. Ransomware can infiltrate connected backups, and user error can put your business at considerable risk.

The painful answer is that you can’t rely on a single backup. You need an air-gapped, immutable copy of your data. We recommend you follow the 3-2-1 Rule, which works as follows:

• 3 copies of your data
• 2 different media types
• 1 copy off-site

When we say “immutable,” we mean that the backup copy cannot be altered, deleted, or encrypted by any user, system, or process. You’ll find that this is the ultimate safeguard against the most common threats today.

Avoid common issues that plague traditional data backup and disaster recovery by implementing a BDR solution from First Column IT. We’ll develop a plan tailored to your business’ specific goals. Learn more by calling us at (571) 470-5594 today.

‍