Data loss from poor disaster recovery planning is all too common. Companies think that if they have installed a backup app on their PCs then they’re good to go should they suffer a hard drive crash or ransomware attack.
But recovering quickly from a data loss incident takes more than just backing up data. You need to know your restoration timing capabilities, know how much data you can afford to lose, and ensure ALL data (cloud, mobile, etc.) is being backed up regularly.
74% of mid-sized businesses have suffered data loss within the last five years, and 52% said they were not able to recover all their data.
Further, 69% of those companies hit with data loss, got a wake-up call from the incident and said they needed to update their data backup and recovery strategies.
Two vital components are often left out of a disaster recovery strategy, and without these, you can be at the mercy of an attacker demanding a ransom to decrypt your data.
A case in point is the recent ransomware attack against Colonial Pipeline that caused gas prices to spike across the country in mid-2021. The large company had a backup of its data, but it opted to pay about $4.4 million to the attackers instead because it did not think it could restore operations quickly enough with its own data recovery system.
Leadership did not have a vital piece needed… the knowledge of exactly how long it would take for full data restoration, which is one of the two components we’ll go over.
So, what are those two vital pieces of your backup and recovery plan?
Recovery Point Objective (RPO) and Recovery Time Objective (RTO).
Why Knowing Your RPO & RTO Completes Your Business Continuity Strategy
Ransomware is a growing problem and an expensive one. In 2021, the average ransomware payment demand skyrocketed by 518%. The average payout by unprepared companies to attackers was $570,000.
Why do attacks and ransom demands keep surging? Because from the criminals’ point of view, ransomware is a big money-maker, with about 60% of the victims paying the ransom to regain their data.
The only thing that is going to curb the appeal of ransomware and break the cycle is if it stops being so lucrative. This happens when companies are properly prepared and can restore their data and operations quickly without resorting to giving money to the attackers.
To build a robust backup and recovery plan that is going to keep you protected and allow you to maintain data integrity means ensuring that you have RPO and RTO determined and tested.
Recovery Point Objective (RPO)
The recovery point objective is your goal for the point at which you can restore your data. In other words, how much data can you afford to lose?
If you can afford to lose four hours’ worth of data either generated or collected by your company, then your RPO would be four hours. If you were okay with only backing up daily and possibly losing a whole day’s worth of data should an attack occur right before your next backup, then you would have a 24-hour RPO.
Knowing your RPO is important because it dictates how often you back up all data in your business. When backing up, you need to ensure you’re capturing data, no matter where it resides, such as:
- Mobile devices
- Cloud storage
- Cloud SaaS tools (Microsoft 365, QuickBooks Online, Salesforce, etc.)
- Any IoT devices that store data (e.g., a security camera system)
If your company suffers a data loss incident, then your risk is minimized if you’ve already determined your RPO and are backing up data according to that objective.
Recovery Time Objective (RTO)
Another vital piece of the recovery strategy is your RTO. This is how fast you need your business to recover operations if hit with ransomware or another data loss event. AND… (this is important) the realistic timing based on data recovery drills.
While all businesses would like to have 30 minutes as the time it takes to remove the ransomware and recover all data and operations, that’s not realistic. You need to have a realistic recovery time objective and know what this is from regularly doing disaster recovery drills where you go through the data restoration process.
Identifying your RTO can guide your choices for backup and recovery solutions. Not all have fast recovery of data, some are quicker than others. Second, when you practice data recovery a few times a year, this gives you the confidence and peace of mind of having a good idea of how quickly you can restore operations.
Once you have that, you no longer need to consider paying a ransomware attacker and are in a much better place to bounce back quickly after an attack.
Need Help Optimizing Your Backup & Recovery Strategy?
Don’t mistake a backup app for a backup and recovery strategy. GEEK911 can help your Silicon Valley area business craft a reliable and realistic plan that has you protected in the case of an attack or other crisis event.
Schedule a consultation by calling 1-866-433-5411 or reach us online.