Testing Your Team, Equally Important As Testing Your Disaster Recovery (DR) Plan
Disaster Recovery (DR) plans have evolved into a central mechanism for safeguarding today’s enterprises against the rising threat of cybercrime and natural disasters. According to the Veeam Data Protection Trends Report 2022, 84% of Indian organizations have been a victim of a cyber-attack within the past 12 months, hence putting their DR plan to the test before a disaster strike has become even more critical. Sadly, however, DR testing seems to be a dying art. This is because data center professionals are stretched very thin, and don’t have the time or tools to test more frequently.
DR testing matters because the recovery process is based not only on your recovery procedures but on the coordination, collaboration, and sequencing of your internal team members. The structures put in place must be maintained across storage, network, applications, databases, and other remote working platforms.
While cyber-threats can put a huge strain on a business’s productivity and ability to quickly restore data, there is a much more common, yet overlooked, security threat – unintentional human error. In fact, during the pandemic, 51% of Indian organizations reported accidental deletion, overwrite of data or data corruption as a primary cause of IT outages. Automated DR detection software can be useful in identifying odd behaviors and signs of a breach in a disaster environment, however, the first line of defense is always a business’s employees.
What is a Disaster Recovery (DR) plan?
Veeam defines DR plans as a set of procedures that must be taken due to an unplanned event that disrupts the company’s resources and puts day-to-day processes and operations at risk. Disasters come in all forms and sizes and may happen due to a multitude of reasons. The Asia-Pacific region is certainly no stranger to these kinds of impediments, albeit in the form of natural disasters, hardware failures, cybercrimes, and/or human error.
Planning ahead helps businesses determine the best strategy to combat the threat of disasters and reduce any downtime as a result. With the number of attack vectors continually expanding, DR plans are essential for business continuity.
The human side of technology
It is an inescapable truth that data loss will occur as a result of human error, so all organizations must remain vigilant and educate their employees on how to best mitigate these events.
Furthermore, the United Nations revealed that countries in Asia and the Pacific are four times more likely to be affected by natural catastrophes than those in Africa and are 25 times more vulnerable than Europeans or North Americans. The scale and complexity of these disasters inevitably produce human errors when responding.
The most common reasons cyber-breaches occur include email misdelivery, accidental deletion, poor IT hygiene, data corruption, and outdated security training for employees. What’s the connection? They can all be minimized through employee training, strict internal policies, and a more comprehensive understanding of today’s cyber-security landscape.
Preventing data loss through human error
Reducing human error should not be reactive, rather proactive measures should be put in place to ensure an immediate response and decrease total data loss when faced with disasters. Employee training, internal regulations, and job design are some effective controls businesses can use.
A report by Forrester Consulting found that in APAC 53% of businesses agree that their managers do not stress the importance of good security practices and training. Whether it’s part of a holistic IT strategy or separate, organizations should be educating all staff on safe practices when online – particularly those working remotely. This can greatly reduce the risks of data loss caused by ransomware or other forms of malware.
As important as getting non-IT staff well-trained in cybersecurity, every member of a business IT team should regularly undertake training and regular upskilling drills. IT teams play critical roles in a DR plan and keeping the system available and accessible in emergencies. A comprehensive understanding and analysis of the cyber-landscape are essential to implementing the most efficient and effective recovery plan.
Employees need to understand the organization’s best practice policies – limiting file access, using strong passwords and authentication, promoting good backup habits, using a secure network, and routine cyber hygiene checks. This in combination with the right IT strategy greatly minimizes the risk of human error-caused incidents.
Never underestimate the importance of the human touch
While automated DR tests serve an important purpose, they only test the technical component of a DR plan. In the event of a real disaster, staff will also need to work quickly and expertly to rapidly restore uptime. Conducting both physical tests and simulated tests in advance will help ensure your team is prepared to execute your policies and procedures. This is an area where silos or “teams vs. individuals” mentalities have no place.
Always remember, that employees can be your biggest asset in a disaster. Putting the time and effort into upskilling staff ahead of time can be the difference between surviving and thriving.
Author: Anthony Spiteri,
Designation: Senior Global Technologist, Product Strategy at Veeam Software & Sandeep Bhambure, Vice President, Veeam Software – India & SAARC