When we talk about business continuity and disaster recovery, data backup is always an important part of any suggested plan. And it’s true: if your SMB clients aren’t backing up their data, they’ll have big problems if they have a run in with malware or get hit by a natural disaster. A good disaster recovery plan is about more than just backing up files, though.
I was reading a post on the InfoSec Handlers Diaries blog the other day, and it got me thinking about why it’s so important for MSPs to define “everything” when you tell customers they need to back up everything.
In the post, the writer talks about helping a small business that had three machines get hit by the CryptoWall ransomware. It seemed like a simple fix at first. The business owner had backups of the files that had been encrypted, knew how to restore from those backups, and even had safe machines to restore that data to. It seemed pretty cut and dry.
But then the writer asked the business owner one more question: do you have copies of the software that’s on those affected machines? The answer, surprisingly, was no. The SMB had to buy three new computers that came preloaded with the programs they needed, and their accountant had to learn a new program because the accounting software they were using was ancient and no longer available. (The data did transfer easily to the more current program, though.) The company only lost about a day of work, but it was still a close call and cost much more than either expected.
Developing a better disaster recovery plan
This story shows why it’s so important to educate your SMB customers about what business continuity and disaster recovery really means. Don’t just wait for them to tell you what they want to backup. Walk them through all of the types of things they should be backing up—including software—and why it matters. If they overlook the software, it can be an expensive mistake that results in more downtime.
Next, help your customer develop a complete IT disaster recovery plan. You can find some great tools to help them get started at Ready.gov, TechNet, and Spiceworks. Here are a few tips on what you should make sure you cover with them.
- Identify risks the customer needs to be prepared for. Make sure the plan covers both big problems like natural disasters and smaller ones like a server or hard drive that fails, so they know what steps to take, depending on the severity of the issue.
- Analyze business impact. What data and processes are most critical to the customer’s business and need to be restored first? Help them prioritize and plan out all the pieces that need to be in place to get that piece back up and running.
- Set goals for recovery time. No one wants to have down time, but what’s realistic will vary from business to business, depending on what type of work they do. Figure out what’s right for the customer.
- Test the plan. A plan is only good if it actually works, so make sure you test it out and see if it all goes smoothly. If it doesn’t, figure out why.
If something goes wrong and a customer loses data, you’re going to be the one they look to for help. Making sure they’re properly prepared and have a solid plan in place will help make it possible for you to save the day and get their systems back up and running easily.