Intro
Data is the foundation of any brokerage, just as it is for any business. What would you do if you started your workday, be it in an office or from home, and files or data that you expected to be present was gone? What if your organization was a victim of Ransomware?
You need to have a plan in place should, more accurately, when a data disaster happens to your brokerage.
Disaster Recovery vs. Business Continuity
Let’s start by discussing what disaster recovery is and isn’t. It’s often used interchangeably or in conjunction with business continuity. While the two terms are related, they both serve different functions.
Disaster recovery, at a fundamental level, is defined as:
The process of reestablishing vital infrastructure and systems
following some form of a disaster event
Disaster recovery focuses on keeping your data and systems safe when a disaster occurs. Business continuity focuses on keeping your systems and data at a minimum functioning level during a disaster.
What is a disaster?
So, let’s talk about what a disaster is. When the term disaster is used, most people think of things like hurricanes, floods, earthquakes, or wildfires. All destructive natural events fall into the category of disasters, and certain types of disasters may be more prevalent in your area. For example, in Florida, you must contend with hurricanes; in California, you must worry about wildfires.
As destructive as natural disasters are, there are two other types of disasters that people don’t always consider arguably more common and potentially more devastating to an individual business: hardware failure and human action.
A hardware failure disaster occurs when equipment that supports your information infrastructure stops functioning or malfunctions. This can be a server becoming unresponsive from a failed drive or system board, a network switch or firewall failure, or even an outage from your Internet Service Provider. Any hardware failure that prevents you from accessing data or the system to perform business operations is considered a disaster event.
Human action is the most common and potentially most damaging form of disaster. This category covers many situations, but they are all human-induced. This type of event could be Tom from accounting accidentally deleting a financials folder from the server, a ransomware attack, or deliberate sabotage from an employee.
Does this really affect me?
In short, yeah. It affects everyone. Because you don’t live in an area typically subject to natural events, be a disaster victim. Every company can have a fire break out at their office, have their server/network room flood, or be a victim to a bad actor. So let’s look at some numbers to consider the frequency and impact of disasters on businesses today.
- 75% of data loss is due to human error
- 2 out of 3 midsized businesses suffered a Ransomware attack in the past 18 months
- The average cost of downtime is $1,410 per minute
- 93% of companies that experience a major data loss do not have a plan for recovery
- 60% of companies that suffer a major data loss will be out of business within six months
Data disasters, in some form or another, will affect every company, regardless of size or type of business. You need to ensure your company is ready for the inevitable.
But…But…the cloud!
I know what many of you are thinking. “but I use the cloud!” I have some good and bad news for you.
Don’t let cloud-based solutions give you a false sense of security. Those applications are still running on the same type of systems as traditional on-premise systems and are subject to the same hardware failures and human errors as those systems. Cloud providers suffer data loss and cloud outages too. However, there’s one major difference when it happens to cloud providers….
The shared responsibility model
Amazon, Google, Microsoft, and most other cloud providers have some form of what’s called a shared responsibility model that you agree to during your service’s setup. The exact name and terms of the model vary by provider, but the general premise that we’re concerned with here is that they make you, the user, responsible for the data stored on their platform.
They agree to ensure the platform is stable and available, and you agree to take responsibility for the data you input into their platform and its integrity. That doesn’t mean they don’t have fail-safes to prevent data loss on their platform; they do. However, the agreement absolves them of responsibility should the worst happen.
What to do to protect your data
You can do a few things to ensure your data is safe should you suffer a disaster. Work with your technology staff and partners to determine how your data is protected and recovered. Review your agreements with your cloud vendors to discover exactly what your responsibilities are for the integrity of your data.
If you’d like a simple checklist to start building your disaster recovery plan, you can find one below.