Is your company in hurricane territory? Do these things to protect your data

For much of the country, there are six months of the year where businesses are at risk of the damaging effects of a hurricane.

The Atlantic hurricane season for 2022 runs from June 1 until November 30th and while so far it’s been a relatively quiet season, earlier this year NOAA predicted above-normal activity. Pair that with a recent climate change studies forecast that indicated a slight overall drop in the number of hurricanes in the Gulf but with an increase in the number of Cat 3, 4, and 5 storms – no one along the east or gulf coasts should rest on their laurels yet. If your company sits anywhere coastal, you likely have an evacuation plan for the humans, but how solid is your disaster recovery plan if the next named storm devastates your beach town and the neighboring areas? 

No DR plan? You’re not alone.

Even with so much historical data about hurricane paths and their ensuing damage, many businesses in the usual storm paths still lack actionable disaster recovery plans and business continuity strategies. Specific reasons for this may include: 

• Optimism bias – “it won’t happen to me.” Using the map above, it’s clear that organizations in Montana are not threatened by hurricanes, but ransomware, cyberattacks, and other disasters are similarly real risks to their businesses, regardless of location or method of threat. A DR plan is necessary for every company.
• Misinformation or lack of awareness – “our existing solution is fine.” What may have been considered “fine” when you implemented it, might be yesterday’s technology. Keeping up with recovery strategies for all types of data loss can be overwhelming. The temptation to simply back up the data and forget it is attractive but may not play out well when you need to re-establish your operations. Backups are a critical part of a business continuity or operation plan, but they are not a complete solution. Organizations need modern data protection methods that align with business continuity goals, i.e., how long can you survive without your data and applications? If your DR strategy consists of restoring full backups locally, what happens when “locally” no longer exists or isn’t accessible? If you are sending backups offsite, how do you recover those during a disaster? Is infrastructure available to run your applications and continue services for your customers? Disaster recovery as a service (DRaaS) is your most effective and complete solution.
• Lack of internal skillsets – It isn’t easy to find experts in backups and DR that can fit within a budget. Finding the talent that can also be all-knowing of all other internal IT needs, including cybersecurity, is a unicorn.
• DR is expensive – Disaster recovery can be very pricey from a capital expenditures (CapEx) standpoint if your strategy is to maintain additional facilities, software, and hardware dedicated to DR functionality. With DRaaS, you shift that expense to an operational expenses (OpEx) model, you are nearly always more budget-friendly. With DRaaS, you pay a monthly fee for a set service and never worry about hardware maintenance, physical location costs, or staffing. You also have an entire team of experts ready to spin up your evacuated employees and to guide you through the hurricane and recovery of all of your systems that washed out with the storm.

The truth is, that whether it’s a hurricane threatening a coastal area or a ransomware attack, many of the steps to protecting your business are similar. It starts with planning, but it’s made easier with a DRaaS provider. If you’re worried about the risks of any natural disaster (or cyber-attack), these are the steps you need to do to prepare for it.

7 steps to prepare for a natural disaster:

1. Prepare your plan, including the recovery process – Identify your critical infrastructure, applications, and data. Determining the length of time that your business can operate without any of those key components is an in-depth and necessary task that happens in tandem with that business impact analysis.

   Once the scope of your environment has been mapped out, a recovery plan needs to be established. Even when utilizing a DRaaS provider, a thorough BCDR plan should be shared with your DRaaS team so they are able to take ownership of the data recovery process in a rapid manner.

2. Backup your data – Planning isn’t enough, the business data must be backed up utilizing the best practice of the 3-2-1-1 rule. By keeping 3 copies of your data, 2 copies in different locations, at least one copy off-site in the cloud, and one immutable copy, you can prevent any gaps in your data integrity.
3. Test your backups  – It’s not enough to create backups if you aren’t testing them to make sure they are complete and able to be restored. The data may be worthless if it’s incomplete or not working properly.
4. When a hurricane hits, ensure people are safe – It goes without saying that in the event of a hurricane or other natural disaster, your first priority is the safety of human life. Getting your employees to a remote location is the number one priority. Knowing who the leaders are and what communication responsibilities they have is extremely important. 
5. Initiate the recovery process in a virtual environment – Once your IT team is safely relocated or back in your business environment, your DRaaS provider can initiate the recovery process and spin up your network virtually so you may resume operations. It’s important to have a designated point of contact to lead this initiative on both your company side and with your DRaaS provider.
6.  Recover your data – Once the emergency has subsided, you’ll need to recover your data back into your native environment. Your DRaaS provider has a plan for this, and if you’ve successfully tested your backups previously, this process should be painless.
7. Resume operations – Now that your data is restored, you can resume operations for your business knowing with confidence that if another hurricane (or other natural disaster) should threaten your business, the impact to your data will be minimal.