We’ve written about creating a business continuity plan and why it’s so important. To recap, you need to consider how your business would function if you lost access to your data, whether that was due to a power cut, loss of internet connection or some malicious act.
It is perfectly feasible for a small business owner to create their own business continuity plan. It doesn’t have to be complicated but you do have to make sure that your team know what to do if a disaster happens.
Do You Need A Disaster Recovery Specialist?
However, when it comes to the technical set up required to avoid foreseeable disasters and recover quickly if something goes wrong, it is always safer to outsource that to a specialist.
Perhaps the easiest way to explain it is by comparing disaster recovery to insurance claims. If you needed to make an insurance claim on your own you’d have to contact the underwriters, fill in all the forms and arrange the necessary repairs – which is much harder and time-consuming than calling the insurance broker and letting their claims handler look after it all.
The situation is similar if you lose access to your data. Calling a specialist means that it is out of your hands. A specialist will have experience of handling these situations and all the necessary procedures in place to deal with them swiftly and efficiently.
The way to decide on the approach that suits your business is to think about how long it could survive without access to the technology/connectivity/data that makes the company tick. Then work out how long it would take you to get back up and running on your own, and how much effort that would require. If that is going to be damaging to the business, then using an outsourced service to speed up the recovery is a wise decision.
Test Restores
One of the big advantages of outsourcing your disaster recovery is the testing regimes that specialist service providers have in place. A small business is highly unlikely to have the capacity to carry out sufficient testing to guarantee that each backup will restore properly.
Our policy is to run a test restore every single time we take a backup using an automated test system. In addition we carry out a manual backup restore every month and once a year we undertake a full manual disaster recovery which involves spinning up a virtual server from the backup and making sure everything works as it should.
What Does A Disaster Recovery Service Include?
For small businesses we’d recommend a fully managed service. Large companies will have an IT department who can manage the regular backups of all the systems, although they may need advice or training on very specific requirements like backing up the configuration of each firewall switch.
A fully managed Business Continuity and Disaster Recovery (BCDR) service will include:
Consultation to tailor the service to their priorities
Setting up a backup solution that provides quick access to the data you need immediately, (known as high availability).
Advising on less costly storage, which takes longer to restore, for anything that is lower priority. For example, high volumes of survey data that has been analysed and used to create a report and is not likely to be needed again but needs to be kept safe.
Testing once a month or once a quarter with a full DR test annually, or even quarterly, as described above.
Ransomware detection that kicks in when a cyberattack causes all the data on your system to get encrypted, and a cybercriminal asks for a ransom before they give you the encryption key. With ransomware detection in place, the backup will detect that encryption is starting and immediately cut itself off from the live system.
Backups of your cloud-based applications. Be warned that many cloud application providers, including Microsoft and Xero, don’t back up your data. While it is unlikely that Microsoft will have a disaster that involves all your data getting lost, catastrophes can happen and you should always make separate arrangements to back up your information elsewhere.
Where Is Your Data Stored?
It’s important to know where your backups are being stored, to make sure they are completely secure. Avoid small data centres which are only based in one location in favour of larger companies that have military-grade encrypted servers in multiple locations. We use Datto who have servers in the UK, Europe, the US, Asia, Africa and Australia. Look for multi-tier backup, as that ensures that there is a second copy of your data on another server, giving you extra peace of mind.
You wouldn’t think it could happen but there was a case in 2021 where OVHcloud's SBG2 data centre in Strasbourg burnt down and companies lost their data forever. It appears that some data was backed up on machines in the same building, and both were destroyed.
How Much Does It Cost?
For a typical SME, high availability storage of up to 1TB is enough, and it’s extremely cost-effective at approximately £165 per month for a high quality service. Bear in mind that you should only ever use 50% of the space for backup as you need the other half of the space for recovery. So you need a 2TB server to provide 1TB of high availability storage .
There are often deals available if you sign up for a three year contract which can bring the annual price down.
If you need it you can have high availability of up to 100 TB, which will cost around £2400 per month plus another £12k or so for hardware, as you have to custom build the system.
There are cheaper Business Continuity options available but you do need to check what is included in the service.
Make sure that your business continuity server can be upgraded if you think your business is going to grow. Check that it will have the option to add more capacity in future.
Ask about warranties for the hardware. If the hard drive on your server were to fail, the warranty would cover replacement, and so you need to take that into account.
You also need to think about internet speed if you have cloud-based disaster recovery that is going to be accessed online.
Ask if your provider has “round trip” capability. If they do, you can ship them a physical, encrypted copy of the data on your server so that they can put the first big image of your server onto their cloud server straight away, rather than waiting for it all to upload which could take three months using a cheaper provider.
How Long Should You Keep Your Backups
The length of time you should keep your data depends on what it is and why you need it. Typical timescales are one month, twelve months, seven years or forever.
For example, the most logical time frame for compliance reasons is seven years as that is the length of time that HMRC requires you to keep records.
Most business continuity systems will keep the data for one year as standard then start to overwrite it. If you want to keep it longer, you need to specify that. The difference in price is not huge, so it is worthwhile ensuring that you keep it for as long as you could potentially need it.
Reliable Disaster Recovery
We highly recommend using one of the more expensive, multi-location BCDR providers to look after your backups, and having a specialist IT company configure it for you and test regularly. It’s the sort of thing that can be overlooked easily at busy times and it’s too important to leave to chance. To find out more about Alto’s Business Continuity and Disaster Recovery service, please get in touch.