Disaster Recovery Strategy in 5 Steps

Disaster Recovery Strategy in 5 Steps

Disaster Recovery is important, especially to SMBs. The big guys can take an occasional hit—but smaller guys can’t afford the loss

The tangible costs of a downtime-inducing disaster are real, and for some, they’re devastating. A recent survey of IT professionals
produced some sobering expectations:

Two-thirds (67 percent) say their business losses would exceed $20,000. On the higher end of the scale, 27 percent say that downtime would cost more than $100,000 per event. Those figures consider only the measurable losses, though employee productivity would take a huge hit, along with the delivery of products and services, and damage to the reputation of the company.

A customer lost, whatever the reason, is a customer that’s likely lost forever. When disaster strikes, it’s always unexpected. The businesses that survive are the ones that are best able to weather the storms. And that’s why disaster recovery should be top of mind for any business. It’s simply not a case where “better late than never” applies.

Step 1: Identify

Inventory all of your company’s IT assets and map the location for each one. Remember to check for and list dependencies as you go. Identify which IT-related business processes are critical to staying operational, as you’ll need to consider those first when forming your strategy.

Be sure not to rush this step—the rest of the planning process depends on it. Each of the crucial business processes you identify in step one will be assigned recovery time objectives (RTOs) and recovery point objectives (RPOs) in step two.

Step 2: Assess

After identifying the IT business processes in step one (e.g., email or billing systems), assign each one to a tier. Tier 1 includes mission-critical applications and systems that provide the most value. The processes in Tier 2 would be of mid-level importance, and Tier 3 would follow, with the lowest priorities.

Next, label the items in each tier with the appropriate recovery point objective (RPO) and recovery time objective (RTO). Estimate the real cost of downtime for each of your processes and systems. This will help you prioritize and should help you get buy-in on a disaster recovery solution from company management. Identify internal SLAs as well as customer/supplier SLAs, and document the costs of not meeting those agreements. Or, if your ERP system were down, how much would that cost in 15-minute intervals?

Step 3: Customize

Decide the order in which certain business operations will be restored in the event of an interruption—based on dependencies,
tiers, and the RPOs/RTOs we’ve already discussed. Step three is one of the more difficult and time-consuming parts of the process. But you need a defined plan that can be followed (to the letter) to ensure the continuity of your critical systems after disaster strikes. This means everything should be inventoried and mapped—gather floor plans, utility diagrams, system configurations, and every other relevant bit of information.

Your customized disaster recovery plan should consider the likelihood of various threats and how the response might be
different for each. Human error, for example, will require a far different recovery plan than would a flood or a fire. Procedures
should be laid out, as well as responsibilities for each stakeholder. Consider developing response teams, and then determining the
level of training required for each team member, so that everyone is prepared for whatever may come.

However your plan is customized, make sure you test it thoroughly. You don’t want to wait until after a disaster to discover your plan is missing a critical piece.

Step 4: Blend

Supplement secure, cloud-based backup with on-premises backup for the most critical workloads. There’s no such thing
as a one-size-fits-all approach to disaster recovery—don’t trust anyone who suggests otherwise. Your organization’s needs are
unique, so it’s more than likely you’d be best served by a blended plan.

Cybriant offers Carbonite’s E2 hybrid backup solution—from the EVault line of products—which offers just this kind of approach. Secure cloud backup is a must because your data is kept safe offsite, far from whatever physical disaster may occur on site. But onsite hardware like E2 can offer faster recovery capability in cases where the damage is more virtual than physical. Plus, E2 and services using similar equipment give you the extra benefit of redundant backup. You can’t be too careful when it comes to your DR plan.

Step 5: Repeat

Testing is a critical part of your disaster recovery strategy, but so is tweaking. Not just in the initial planning stages, either. As
your business and systems evolve over time, so will your disaster recovery needs. For companies of any significant size, conditions
and priorities are in a constant state of flux, and your DR strategy is only useful if it’s updated regularly to keep up with changes.
A recent survey of IT pros found that only 40 percent of companies test their DR plans annually. Shockingly, another 28 percent test their plans only rarely, if ever.

Find out more about Cybriant’s Recover solutions. 

How to Create an Incident Response Procedure

 READ NEXT – Why You Must Have a SIEM

It’s War!

It’s War!


After monitoring the Petya ransomware outbreak, Stu Sjouwerman, Founder and CEO of KnowBe4, declared in a recent blog post that we are in the midst of cyber warfare.

This has been brewing under the surface for a few years, but now we are dealing with open cyber warfare here. Like it or not, as an IT Pro, you have just found yourself on the frontline of 21-st century war.

Read more here: https://blog.knowbe4.com/we-are-dealing-with-cyber-warfare-here

How are you defending your enterprise? Cybriant can help prepare you for the front lines of battle. We strongly suggest these three defenses:


Protect your critical data with cloud backup. With automated backups and quick recovery, you can protect virtually any type of file on both physical and virtual servers, NAS, SAN, and external hard drives.

Cybriant’s recovery solution offers advanced technology to reduce the size of backups, shorten backup windows, minimize bandwidth interference and reduce the storage footprint.

Find out more


Your users are your last line of defense. They need to be trained and remain on their toes with security top of mind. Cybriant offers an integrated platform for awareness training combined with simulated phishing attacks.

Take a look at the free IT security tools we offer through our partner, KnowBe4.

Find out more

Managed Security

Are you aware of what is happening in your security infrastructure around the clock? Cybriant’s dedicated security experts review security logs and alerts in real time to identify and thwart malicious activity.

Cybriant provides the most vigilant oversight of your security infrastructure and your critical assets through our 24/7 security information and event management (SIEM) service.

Schedule a Demo