Things to Consider When Being Down (Beyond Backups)
Why are things like credential theft and ransomware infections so costly? A large part of the cost is downtime. When your business is down due to the inability to access data or systems, you are losing productivity dollars, potential new leads, and may also lose existing customers because you can’t fulfill an urgent need.
The average cost of IT downtime is between $140,000 and $300,000 per hour, depending on the size of your business. Most ransomware attacks take companies down for days, which can mean a cost of over $1 million over an 8-hour period.
To help combat unnecessary downtime, it’s important to have a business continuity strategy. This consists of a plan to both mitigate damage from things that can cause business downtime (hurricanes, cyberattacks, etc.) and to bounce back as fast as possible should downtime occur.
An important part of your business continuity is a backup and recovery strategy. You need to have a backup of all your data so it can be restored in the case of an emergency. But beyond simply backing up your data, there are a few other important things you need to consider if you want to protect your business from a potentially devastating downtime incident.
RPO (Recovery Point Objective)
How much data are you willing to lose? This is the point of determining your RPO. The recovery point objective will dictate how often you have backups of your data and how much work time loss your company can handle to balance backup costs and complexity with data loss.
For example, if your system backs up all your business data once per day. That means that at the most, you could lose the data generated in about 24 hours, should a data loss incident happen right before the next backup was to be taken.
To determine your RPO, you should look at the number of files created or updated in a day on average, and the importance of that data. For example, if you are an accounting firm and are generating a lot of account entries for your clients each day, then losing a whole day’s worth of data might not be acceptable for your recovery needs. In this case, you may want to do backups more frequently so there is less risk of loss.
Once you have an RPO in place, you can then ensure all your data backups adhere to this requirement, backing up information as frequently as you need.
RTO (Recovery Time Objective)
The RTO is another vitally important factor that you need to identify before an attack leaves you with costly downtime. This is how long your company can sustain downtime before it gets into serious trouble with being able to recover from the losses.
Of course, every company would love to have something like five minutes as the objective for recovery time after a cyberattack. However, this timeframe needs to be realistic.
Even large companies get this wrong and it can cost them millions of dollars. In the case of the Colonial Pipeline attack in 2021, the company was not sure it could recover its systems from its backup data faster than paying the ransom to the attackers. So, it opted to pay over $4 million in ransom (which further incentivizes more ransomware attacks), even though the company did have a data backup.
You need to start from where you are now. Look at the recovery capabilities of your current backup and recovery system. Too many SMBs never even test recovery, and so are unsure how long it will take.
Have your recovery mechanism tested (we can help you with this) and see how long it would actually take your team to restore data after an attack or other data loss incident.
If it takes too long (several days, for example), then you may want to research other backup and recovery systems that can provide a faster recovery time.
Work with your Orlando IT provider on this, so you can come to an acceptable recovery time objective and ensure that your systems can actually accomplish this.
Other things that can help you recover faster from downtime, in addition to the right backup and recovery solution, include:
- Creating a step-by-step plan for staff to follow in case of a downtime incident
- Using a “phone tree” for contact notification in the event of a crisis
- Training employees on your disaster recovery plan
- Running drills regularly so you can ensure your team can meet your RTO
Need Help Determining Your RTO and RPO?
You don’t have to go it alone when trying to run your business and at the same time protect it with a solid business continuity strategy. C Solutions can help your Orlando area business determine your realistic RPO and RTO and put solutions in place to meet those goals.
Schedule a free consultation today! Call 407-536-8381 or reach us online.