We'll take you through a simple thought exercise that can reveal where you might be vulnerable...
First, let’s understand the the differences between backups, disaster recovery and business continuity.
In the most basic terms, a backup is a copy of your data from its original location to some other location. That location could be another device, like a USB disk or backup drive or, more often these days, to an online service.
A backup can protect your information against these risks:
- Hard-drive failure
- Accidental deletion
- Intentional deletion
- Accidental edits
- Physical Theft
- Physical destruction
A Disaster Recovery plan outlines how your organization will recover from an IT disaster. From a technology perspective, the main object of a Disaster Recovery plan is to ensure that no data will be lost and that, once the disaster abates and the organization is again functional, all the data that was available before the disaster is available after the disaster.
IMPORTANT NOTE: While backups and disaster recovery plans can protect your organization from data loss, they typically do NOT protect your organization against downtime. It is important that organizations understand which systems have backup and which systems are protected against downtime and what the difference means.
A Business Continuity plan outlines how the organization will continue to function during and after a disruption, including a disaster. Business Continuity ensures that critical data and applications will continue to be accessible in the event of a disruption. These plans are typically, but not always, more expensive and complicated to manage than simpler systems that only back up data.
Cloud-based systems such as Google's G Suite, Microsoft Office 365, Dropbox and Salesforce, provide a very high level of continuity at very low cost, which is one of the reasons these systems have become the defacto choice for many organizations.
Important questions to ask yourself about your information (data) and (potential) risks are as follows:
- What data is most important to my organization?
- Where is that data located?
- How frequently do we access and update that data?
- How many days/hours/minutes/seconds of that data could we lose without serious consequences?
- How long will it take me to recover my data if it is lost?
- How much downtime can my organization tolerate if that data is unavailable?
Because there are many possible scenarios that can put your organization’s information at risk, we recommend going through two basic thought exercises to assess your organization’s risk tolerance. These two scenarios, while seemingly simple, will actually help you answer most of the important questions about your organization’s current risk and risk tolerance.
1) Imagine every piece of technology in your office is taken (instantly, without your knowledge) and replaced with brand new equipment.
What information will have been lost forever? How long would it take your organization to access the data that is backed up? Consider not just files, but databases and applications such as accounting software, fundraising, membership, email and all the things your organization needs to function.
2) Imagine the power to your office is shut off completely for two full weeks.
What information is accessible to your staff during those two weeks? Again, consider not just files, but databases and applications such as accounting software, fundraising, membership, email and all the things your organization needs to function.
After you’ve gone through these scenarios and identified your areas of concern, the next steps are to review the existing backup and continuity systems you have in place and note any gaps between what you identified as at risk and the projection you have in place. If you find one or more gaps, begin evaluating potential solutions that can help close them.
Want to dig deeper?
Review the complete version of RoundTable’s Primer on Backups, Disaster Recovery & Business Continuity here.
If you want additional help with any of the topics covered in the article, you can contact RoundTable Technology here and we’d be happy to assist you.