WELCOME TO:BACKUP & DISASTER

RECOVERYFOR

BUSINESS OWNERS & DIRECTORS

Content

• Cyber attacks and why it’s relevant to Backup & Disaster Recovery

• What is Backup and how does it differ to Disaster Recovery?• Why should you Backup?• How to Backup• Case studies: how not to do Backup• Why is Disaster Recovery important?• What are the risks of not having Disaster Recovery?• It’s not my fault but it’s my responsibility…• How to make BUDR cost-effective

Cyber attacks

Key facts about cyber attacks against UK businesses in 2015:

• 6.2 million cyber attacks on UK businesses took place last year• 75% of attacks are down to human error and could be avoided• Lost data from cyber attacks will be dealt with far more severely under the EU

Data Protection Regulation• The fines for a breach of Data protection will be up to 4% of Global

Turnover/£17.5 million.

With cyber attacks against businesses on the rise year after year, educating your workforce on how to spot and avoid scams is increasingly important. Combine this with a resilient Backup and Disaster Recovery strategy and you are putting yourself in the best position to protect your business. This is looked upon favourably by insurance companies when choosing your policies.

Why should I Backup?

in an age when cyber attacks are rampant, Data Backup is as important as securing your house. Recovering lost data is impossible without a well-tested Backup strategy. Failing to back up your data – and not having a plan on how to recover it in a crisis is closely linked to entire businesses failing:

70% of businesses fail within one year of a major data loss (PWC IOC Report, 2015)75% of businesses fail to successfully execute an untested Disaster Recovery plan (PWC IOC Report, 2015).

The close proximity of these stats is no coincidence.

With the average cost to small businesses of a cyber attack sitting at between £75k and £311k, Backup that works is worth the small investment.

What is Backup?

A backup, or the process of backing up, refers to the copying and archiving of computer data so it may be used to restore the original after a data loss event.

Backup is different to Disaster Recovery:

• Backup is simply making one or more copies of your data in case the original is lost or damaged

• Disaster Recovery is restoring that data in the instance that the original is lost or damaged.

How should I back up?

Any backup strategy starts with the concept of a data repository, and means of organising it. In order of reliability, the types of storage media for your backups are:

• Optical Disks• Tapes• USB Disk• Disk to Disk• Offsite Backup• Cloud

How should I back up?

UnstructuredAn unstructured repository may be CDs, DVDs or USB drives. This is the most simple form but has the lowest success rate for data recovery.

IncrementalAn incremental-style repository aims to make it more feasible to store backups from more points in time by organising the data into increments of change.

DifferentialEach differential backup saves the data that has changed since the last full backup.

ContinuousInstead of scheduling periodic backups, the system continuously logs changes on the host system.

How not to back upA large company in Yorkshire trusted that their IT Support company was backing up their system. Recently they fell victim to Cryptovirus and spent two weeks trying to recover their critical data and server. The last viable backup they had was from May, meaning they lost five months’ worth of data.

The cost to this company in lost revenue was £30k-£40k.

A medium-sized company put their backup tapes in a fire safe within their building. They were never tested. In a fire scenario, the employees would be unlikely to be allowed back into the building to rescue the tapes in order to restore the data for quite some time until it had been secured. How would they operate in the interim?

Testing your Backup & DRWhen was the last time you tested your backup?

All too often, testing is the missing step.

Companies make substantial investments and spend a lot of time backing up their data only to find the backups aren’t viable when something goes wrong.

Step 1. Test your backups regularly

Step 2. Test realistically

Step 3. Test systematically

Step 4. Test everything.

Disaster Recovery

Why is it important?

DR is essential if the data held by your business is at all important to its function. This includes:

• Client details• Financial and invoicing data• Tenders and proposals• Operational documents• Confidential employee data.

How would your reputation be affected if you lost any of this? What would you do if you couldn’t recover it? How long could your business survive without access to your data?

This is why Disaster Recovery is a critical element so often overlooked – until it’s too late.

Can I manage without DR?

Yes, you can – until something goes wrong.

Disaster Recovery (DR) is only needed if you suffer a data loss due to a cyber attack, human error, a disenchanted employee, theft or natural disaster. The trouble is you can’t predict these events, so you’ll need to invest in DR as a safeguard. With 1 in 4 UK businesses having to implement a DR plan in 2015 after a data loss, our clients tell us it’s an investment worth making.

Director’s responsibility Gartner Group said that in 2015 43% of companies were immediately put out of business by a “major loss” of data.

As a Director or business owner, chances are you do not physically take care of your Backup mechanism. In many businesses this task is given to the Accounts Department or a junior member of staff, often with little knowledge of the importance of proper Backup.

As a Business Owner or Director not only do you have a moral obligation to your staff, you also have a legal obligation to look after all aspects that may affect the running and viability of your business, under your Duty of Care. Major data loss can be seen as negligent (Morrison’s data breach 2014; Seagate 2015) and lawsuits are costly and can damage reputation even if the verdict favours the employer.

Imagine if that data went missing and you could no longer access it. How would you do business? How long – hours or days – could you survive without your data?

The data that is stored in your system is often worth millions of pounds, if this was physical cash would you take more steps to protect it?

How cost-effective is BUDR?

When looking at Backup and Disaster Recover (BUDR) it is important that a cost versus value analysis is carried out.

If we break it down by turnover versus cost of BUDR, based on 254 working days per year, we can calculate the cost versus value as:

£1m annual turnover = £3,937 per day or £82,677 per month.

Average cost of BUDR = £23.80 per day or £500 per month

With an annual turnover of £1 million, this is 0.7% of the monthly turnover cost to secure your business’ data.

How expensive is BUDR?

ANNUAL TURNOVER

DAILY REVENUE(254 WORKING DAYS)

MONTHLY REVENUE(21 WORKING DAYS)

£1 million £3,937 £82,677£3 million £11,811 £248,031£5 million £19,685 £413,385£10 million £39,370 £826,770

The average cost of BUDR is just 0.13% of a 5 million turnover company.

When hit by a major catastrophe most companies experience 10-15 days of lost business. With the above figures and based on £1 million annual turnover, the loss incurred would pay for advanced cloud backup for 7.5 years.

Secure your businessPractical steps to improve your data security:

Cyber Scams:• Do your staff know how to spot potential cyber scams such as fake invoices, the ‘bogus

boss’ scam or emails containing Cryptolocker? • Would your staff know what to do if hit by a cyber scam?

Backup:• Do you know how your company backs up its data?• When was the last time you tested your backup?• Do you know how long your business could survive without its data?• Do you understand the reputational damage your business could sustain from a data

loss?

Disaster Recovery:• Identify the key systems the business cannot function without• How long can your business function with each of the key systems offline?• How much data can your business afford to lose (if any)?• Should you outsource your DR?*

*according to PWC 92% of companies save money by outsourcing their DR

Summary

• If your business is important to you, it is worth protecting it with a Backup & Disaster Recovery strategy that you can be confident works

• Educate your staff of the latest cyber scams and types of Ransomware attacks (ask AAG for posters for your office)

• Test your current backup

• Review your disaster recovery plan

• Implement a Responsibilities chart

• Book an independent consultation with AAG to assist with the above.

sales@aagsystems.co.uk www.facebook.com/aagsystems 0114 399 0995