IT and Business Insights for SMB Solution Providers

The Recency Bias: Over-rotating on Cybersecurity Leaves Gaps in DR

Ransomware is only part of the disaster recovery picture; user training, automation, and natural disaster preparedness are also critical. By Rick Vanover and David Russell

Since the beginning of the pandemic, IT service providers and IT departments have sharpened their collective focus on cybersecurity, doubling down on protective measures to stop hackers from stealing data and launching record numbers of ransomware attacks. In the process, many may have taken their eyes off other threats that can cause just as much damage as a cyberattack.

While increased attention to cyberattacks is warranted, organizations need to reprioritize their disaster recovery (DR) strategies to meet the real threat landscape we see today. They need to invest in employee training, automate functions in the DR process, and make sure DR plans and processes are ready to handle sudden, unforeseen incidents that threaten their business continuity.

If they don’t, their operations will suffer. According to one study conducted by the University of Texas, 94% of companies that experience a catastrophic data loss don’t survive, 43% never reopen, and 51% shut down within two years. Those that do stay in business lose $84,650 per hour in lost revenue and productivity, according to Veeam’s 2021 Data Protection Report. And they lose more than that: They experience external impacts, including loss of customer confidence and damage to the brand; internal impacts, such as employee morale and diversion of resources; and a third set of factors, litigation and regulation, which can have a significant effect on company valuation.

Investing in employee training is a good place to start. Any organization that didn’t implement a new round of cybersecurity training for workers during the pandemic should make this a top priority. This should include the usual best practices ranging from following incident notification procedures to selecting strong passwords to avoiding phishing scams.

Cybersecurity gets the headlines, but human error remains the most common cause of data loss. Studies show that corporations lose nearly five times the amount of data through accidental deletions and overwrites as they do from malicious incidents. Accidental configuration, application and user administration errors also can crash systems, delete data, and cause costly outages.

Therefore, training should include IT operations too. Configuration errors can be reduced by following a series of best practices. These include creating a single configuration source, providing an easy way to track configuration changes, and using DNS names for all services. Because there’s no way to test every conceivable condition, application errors will occur. But reviewing and upgrading testing procedures regularly can lead to improved performance and reduce the number of careless errors in everyday practice.

Automation should be a top priority coming out of the pandemic as well. Not only does it reduce human errors in everyday processes, but it also gives staff time to perform more strategic, higher-level tasks. This is just as true for IT as it is for those in the office. Organizations increased their investments in automation technologies the past two years, and they should continue to do so – to enhance productivity and provide higher levels of security.

Natural disasters are a growing problem too. A record number of tropical storms have hit the U.S. the past two years, and experts expect climate change to cause more and more damage. The financial impact of the recent Hurricane Ida on businesses, consumers and communities, for instance, is approaching $100 million.

Automating the disaster recovery process, in particular, can save time and improve overall response. Today’s applications and data sets are larger and more complex, distributed, and interdependent than ever. This renders the successful recovery of even a single application — not to mention entire sites — incredibly difficult, making orchestration of recovery processes an indispensable tool.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.