So how much business data are you actually willing to lose?
When considering your data you should be asking two major questions when it comes to securing it against loss.
The first is how much data can you afford to lose and the second is how quickly do you need it back?
“How much can I afford to lose?! Well I don’t want to lose anything!” is a common response to the first question. When its put as simply as that suddenly the understanding of the IT term “RPO” (Recovery Point Objective) becomes far more clear. Do you actually know how much data you would lose right now if you had a disaster?
RPO (or how much data can you acceptably lose) is defined by how regularly your data is backed up. Historically traditional data backup to devices (such as tape) were backed up once per day and normally at night when everyone has gone home. This is a 24 hour RPO. In this scenario your business must accept that in the event of some data loss (this could be all your data or just a single file) that it would be acceptable to lose a whole days work.
Take the simple scenario of a common ransomware attack at 1630 on a Tuesday. The malware has infected your systems and encrypted all the files on your servers. There is no choice but to restore these files from backup. With a backup configured once per day at night you would restore your files and replace the encrypted ones with last nights backup. All the new files and changes that your staff made on the Tuesday would be lost.
You are unlikely to go out of business but lets consider a few key things.
- How long will it take for you to re-create that data and what is the cost to you for this time and the loss of revenue whilst you are doing this?
- Is it even possible to re-create it? Are there paper copies?
- Are you creating this data or storing it for your customers, how will you explain this loss to them, what will it do to your reputation with your customer?
- Consider the fact that your last backup may not have worked, it happens, can you really afford to lose all your files from both Monday and Tuesday?
What can be done about it?
Traditional backups could not be run more regularly than once per night mainly due to the time it takes to do the backup and the impact it had on your IT systems in terms of performance. Today, fortunately the opposite is true. Backups can be run near real time without impacting your staff and your IT systems AND your backup cost.
Running backups every hour is completely achievable and will not impact your users or break the bank.
Shortening your RPO to 1 hour means the amount of data you lose in the event of an incident is dramatically reduced.
- The excel file that your FD has spent all day creating and accidentally deleted at the end of the day can be brought back quickly and with minimum data loss.
- The orders generated from your CRM are still available to you to ship at the end of the day.
- The letters that you spent all morning dictating and charging to your customer are available for transcription by your secretary
Ask your existing supplier what your RPO is. If its more than 1 hour you are likely on older technology that may not be suitable for your business.