Major pitfalls in Disaster Recovery and how they can be avoided
For many IT experts, names such as Ryuk, WannaCry, Sodinokibi, Travelex and Royal Mail among others ring a bell. For those who may be hearing about them for the first time, these are some of the worst ransomware attacks ever recorded.
For instance, WannaCry hit most businesses. The ransomware attack focused on computers running on Windows and in just one day, close to a quarter-million machines across the world were infected. The healthcare system in the UK was one of the most affected, with almost a third of all NHS hospital trusted networks attacked with the virus. The attack cost the NHS more than £90m. Many other attacks have occurred since, and businesses continue to incur huge costs through paying ransom with some losing their valuable data.
This can be your business, and given that these attacks are getting complicated every day, it pays to plan. A disaster recovery plan is one of the measures that each business should institute.
Going back to 2019, an avoidable attack happened in the rural community of Jackson County, Georgia in the USA. The attack locked all the staff out of the government system and almost everything came to a standstill. The county had no choice but to play the attackers’ game paying a huge amount of money using cryptocurrency. One pitfall that led to a long time of downtime and the huge costs incurred in terms of paying the ransom was an incomplete data recovery plan. Although we are sympathetic to the Jackson County incident, this is what is likely to happen to your business if proper planning against disasters such as ransomware attacks is not put in place. Here, we list some of the pitfalls that lead to heavy losses and how we can avoid them.
Failing to plan for disasters
A disaster recovery plan ought not to be a complicated thing, for small entities regular backup or cloud computing capabilities as well as a strategy on how the data can be accessed and restored if the unexpected happens is just enough. For larger businesses, a detailed plan may be required but it is within the capabilities of IT staff to complete it successfully. Experts recommend that the plan should cover all aspects of recovery if it is to be useful after a disaster happens.
Failing to test or update the system
Many businesses fall into this pitfall, they assume that once the plan is in place, everything is sorted. A plan that is not tested is just one step from no plan. Until you test a disaster recovery plan you cannot ascertain whether it will work or whether the system offers the desired protection. Related to testing is updating the system. The plan is a living document and needs to be updated once in a while to incorporate changes.
Failing to protect the backups
Attacks such as malware are the reasons why disaster recovery has been on top of the agenda recently. Protecting your systems requires having in place an immutable backup.
Neglecting the human factor
Most disaster recovery plans to focus on systems and data while overlooking the role of humans. The plan needs to cover the aspect of where and how the human factor will work. Keeping the morale up during and after an attack is as important as the technical aspect.
Overlooking cloud
Cloud computing is vital in making the disaster recovery process easier. Studies have shown that only a third of businesses have included hosted services or cloud in their disaster recovery plans. Also, over-reliance on the cloud can spell doom, the plan needs to include what a business can do if the storage service is down.
A disaster recovery plan ought to be complete, covering all the important aspects. An incomplete plan can lead to great losses and sometimes halt the operation of the business. All should be done to avoid the common pitfalls that have been identified over the years; this is the only way to ensure the business runs smoothly after an incident.
