Carte Blanche, this past Sunday, covered the NHLS cyber-attack. This attack highlights the continued threat to South Africa, it’s businesses and institutions – with our country being one of the most targeted for cyber-attacks in the world.
Graeme Millar, MD of SevenC, a home-grown South African Managed IT Services company highlights the best practices for developing an effective IT Disaster Recovery (DR) plan to protect your business.
“Downtime and data loss can severely impact a business’s profitability. A recent report by Comparitech outlined how downtime costs an average of about $1,467 (R26,400) per minute, adding up to nearly $88,000 (R1,584,000) per hour. For larger companies, these costs can soar even higher, with 91% of mid-sized and large enterprises reporting outage costs of over $300,000 (R5,400,000) per hour,” says Millar.
“In South Africa, where power outages and cyber threats are frequent, these figures underscore the value of a comprehensive IT DR plan. Without such a plan, businesses risk financial losses and face damage to their reputation, regulatory penalties, and the loss of customer trust.”
Understanding IT Disaster Recovery
IT disaster recovery refers to procedures, tools, and policies designed to restore IT systems, data, and infrastructure during a disaster. Disasters can be natural (floods or fires), human-induced (cyber-attacks or accidental data deletion), or technical (hardware malfunctions, software bugs, and network outages).
So, what are the best practices for disaster recovery planning?
- Risk Assessment and Business Impact Analysis
Conducting a thorough risk assessment and business impact analysis (BIA) can help identify potential threats to your IT infrastructure. Once risks have been identified, the next step is establishing clear recovery objectives and goals based on Recovery Time Objective (the maximum time to restore critical functions after a disaster) and Recovery Point Objective (the maximum acceptable data loss in time, guiding backup frequency).
- Develop a Comprehensive DR Plan
Your DR plan should cover all aspects of recovery. First, regularly back up your data and store copies in multiple locations, such as offsite and in the cloud, to protect against data loss. Backing up to a cloud service like Google Drive ensures access even if physical backups are compromised. As a preventive measure, it is important to have backups protected by strong passwords and encryption to avoid data being easily accessible.
Next, document procedures for restoring IT systems, applications, and data, and keep these procedures up to date and tested regularly to ensure they work when needed. A solid communication plan is crucial for informing stakeholders, employees, and customers during a disaster. Identify key contacts and establish clear communication channels, such as a dedicated crisis hotline or an internal messaging system like Slack.
Finally, assign specific roles and responsibilities to team members to ensure a coordinated response.
- Implement Redundancy and Failover Solutions
To reduce downtime, businesses should implement redundancy and failover solutions.
Hardware redundancy involves using extra hardware components so that if one fails, another can take over seamlessly. Network redundancy means having multiple internet connections to avoid a single point of failure; if one connection drops, the others can keep the network running. Lastly, failover systems ensure automatic switchover to a backup system if the primary one fails.
- Employee Training and Collaboration with Third-Party Providers
Provide regular training to ensure all employees understand their roles and responsibilities during a disaster. For added peace of mind, collaborate with third-party providers such as SevenC for IT services and IT consulting.
- Regular Testing and Updating of the Plan
An IT DR plan is only effective if regularly tested and updated. Conduct drills and simulations to ensure all team members know their roles and responsibilities. Update the plan to reflect changes in your IT environment, business operations, and emerging threats.
Millar closes, “By following these best practices, you can develop an effective DR plan that minimises downtime, reduces data loss, and ensures your business can quickly recover from any IT disaster. Preparation, regular testing, and continuous improvement are essential to successful DR.
“Investing in a robust IT DR plan may seem daunting, but it doesn’t have to be.”