Test Your Equipment, Not Only your Disaster Recovery Plan

By Rick Vanover, Senior Director Product Strategy at Veeam Software

Disaster recovery (DR) plans have evolved into a central mechanism for safeguarding today’s enterprises against the rising threat of cybercrime and natural disasters.

Since 76% of organizations were victims of a cyber-attack in the last 12 months, it is critical to test disaster recovery plans before they occur. Unfortunately, DR testing seems to be a dying art. This is because data center professionals are stretched thin and do not have the time or tools to test with greater frequency.

DR testing matters because the recovery process is based not only on your recovery procedures but on the coordination, collaboration, and sequencing of your internal team members. The structures put in place must be maintained across storage, network, applications, databases, and other remote working platforms. While cyber-threats can put a huge strain on a business’s productivity and ability to quickly restore data, there is a much more common, yet overlooked, security threat: unintentional human error.

Automated DR detection software can be useful in identifying odd behaviors and signs of a breach in a disaster environment, however, the first line of defense is always a business’s employees.

What is a Disaster Recovery (DR) plan?

Veeam defines DR plans as a set of procedures that must be taken due to an unplanned event that disrupts the company’s resources and puts day-to-day processes and operations at risk.
Disasters come in all forms and sizes and may happen due to a multitude of reasons.
The Latin American region is certainly no stranger to these kinds of impediments, albeit in the form of natural disasters, hardware failures, cybercrimes, and/or human error.

Planning ahead helps businesses determine the best strategy to combat the threat of disasters and reduce any downtime as a result. With the number of attack vectors continually expanding, DR plans are essential for business continuity.

The human side of technology

It is an inescapable truth that data loss will occur as a result of human error, so all organizations must remain vigilant and educate their employees on how to best mitigate these events.

In fact, a recent PC World report revealed that 75% of data losses are due to human error.

The most common reasons cyber-breaches occur include email misdelivery, accidental deletion, poor IT hygiene, data corruption, and outdated security training for employees. What’s the connection? They can all be minimized through employee training, strict internal policies, and a more comprehensive understanding of today’s cyber-security landscape.

Preventing data loss through human error

Reducing human error should not be reactive, rather proactive measures should be put in place to ensure an immediate response and decrease total data loss when faced with disasters. Employee training, internal regulations, and job design are some effective controls businesses can use.

Whether it’s part of a holistic IT strategy or separate, organizations should be educating all staff on safe practices when online – particularly those working remotely. This can greatly reduce the risks of data loss caused by ransomware or other forms of malware. As important as getting non-IT staff well-trained in cybersecurity, every member of a business IT team should regularly undertake training and regular upskilling drills.

IT teams play critical roles in a DR plan and keeping the system available and accessible in emergencies. A comprehensive understanding and analysis of the cyber-landscape are essential to implementing the most efficient and effective recovery plan. Employees need to understand the organization’s best practice policies – limiting file access, using strong passwords and authentication, promoting good backup habits, using a secure network, and routine cyber hygiene checks. This in combination with the right IT strategy greatly minimizes the risk of human error-caused incidents.

Never underestimate the importance of the human touch

While automated DR tests serve an important purpose, they only test the technical component of a DR plan. In the event of a real disaster, staff will also need to work quickly and expertly to rapidly restore uptime. Conducting both physical tests and simulated tests in advance will help ensure your team is prepared to execute your policies and procedures.
This is an area where silos or “teams vs. individuals” mentalities have no place.

Always remember that employees can be your biggest asset in a disaster. Putting the time and effort into upskilling staff ahead of time can be the difference between surviving and thriving.