• 6 min Read

5 Overlooked Causes of Data Loss that Affect Your BCDR Plan

No matter how robust your business continuity and disaster recovery planning, it will get tested by cyberattacks, hardware failures, software bugs, human error, and natural disasters. The threat of data loss likely keeps you up at night, especially when it becomes the nightmare of permanent data loss. Research confirms your worries, as data loss continues to plague IT directors and decision-makers.

Consider that:

  • This year, 30.2% of IT professionals reported data loss compared to 17.2% in 2023. (Source)
  • Only 42% of IT decision makers reported being able to restore all their data after a data loss incident. (Source)
  • Every month, 39% of IT decision makers find themselves having to do a backup restore. (Source)

As an IT director, you have an incredibly difficult job maintaining your organization’s operations. You’re trying to keep all systems running smoothly, end users supported, vendors managed, IT infrastructure upgraded, and your IT team motivated. Business continuity and disaster recovery is just one of the many hats you wear, and that job can simply become a checklist item when so many other fires need putting out.

However, significant data loss can disrupt your operations, leading to financial loss and a damaged reputation. It’s likely you’ve invested in BCDR technology and tools to ensure that you regularly back up and securely stored data, reducing the risk of loss. But even the best tools do not eliminate every blind spot.

These are five common blind spots that we see with BCDR plans that may lead to unexpected data loss.

1. Not backing up all critical data. 

It’s easy to assume that you’ve included all your critical data in your backups. However, we’ve seen the following commonly happen at organizations:

  • Misconfigured backup systems
  • Trusting vendors too much (“Oh yeah, it’s backed up!”)
  • Not keeping up with rapid data growth
  • Assuming data redundancy within your storage solutions (such as RAID arrays)
  • Too much reliance on manual processes, leading to human error
  • Too much reliance on automation, leading to lack of oversight

Take the time to ensure you have an up-to-date inventory of all your critical data and any other mission critical systems. Confirm where that data lives and who has access to it. Base the criticality of your data on the impact of not having a server or cloud solution functional.

From here, you can take steps to better protect and confirm the recoverability of that data. To ensure that you back up critical data going forward, make sure you regularly review and update your inventory.

2. Overlooking Recovery Time Objective (RTO) and Recovery Point Objective (RPO) requirements.

In many cases, RTOs and RPOs are not aligned with organizational needs, leading to lost data by not following timeliness or completeness requirements. For example, some organizations can accept losing 24 hours of data, but others would see that situation as devastating.

For each requirement, ask yourself:

  • Recovery Time Objective: What is the maximum amount of time I can afford to have a system unavailable?
  • Recovery Point Objective: How much data can I lose before it negatively affects my organization?  

As part of determining your RTO and RPO, you also need to determine if your current backup technology can even meet these requirements. A good way to find out is by testing.

3. Not testing your BCDR plan.

Testing is quite possibly the most important piece of your BCDR plan—and the most often ignored. No other surefire way exists to know that you can recover your data after an incident. Flushing out weaknesses in your plan during a test is better than the alternative of discovering weaknesses during a data loss incident.

When testing, be periodic and thorough. It’s tempting to just test a sample of your data now and then and assume you’re good to go. Test your databases, software applications, email systems, and everything containing critical data on a recurring schedule.

Beyond just backup testing, you can also test the human component of your BCDR plan through tabletop exercises and drills to ensure that people with responsibility for enacting the plan carry out each step properly.

4. Overlooking critical cybersecurity best practices that ensure the success of your BCDR plan.

A BCDR plan can get tripped up by cybersecurity vulnerabilities, even if it’s a robust plan supported by great technology. Many cases exist of ransomware compromising backup data due to poor data backup setup and configuration, rendering any data recovery efforts ineffective.

Some essential cybersecurity best practices that support a BCDR plan include:

  • Endpoint Detection and Response (EDR): EDR gives you insight into threats inside your system and allows you to isolate infected devices.
  • Multi-factor authentication (MFA): Should be mandatory for access to your backups and any other critical data.
  • Next-generation firewall (NGFW): NGFWs give you real-time threat detection, traffic filtering based on deep packet inspection (DPI), and granular control over application traffic.
  • Vulnerability management: Allows you to spot and remediate vulnerabilities before they are exploited, which may require you to restore from your backups. Includes patch management, penetration testing, continuous monitoring, and regular vulnerability assessments.  
  • End-to-end encryption. Data is encrypted both in transit and at rest, providing robust security that protects sensitive information from unauthorized access.
  • Zero trust access control: Continuously verify users and devices as part of a rigorous access control policy.

Also, in case the worst happens, you need to apply a variety of data backup best practices to successfully fend off a ransomware attack, insider threat, or other cyberattack. These best practices help mitigate the threat of data loss.

  • Image-based backups: Captures entire system snapshots including your operating system, applications, and settings, ensuring a comprehensive backup.
  • Immutable backups: Ensures that backups cannot be altered or deleted by ransomware or other malicious attacks.
  • Frequent backups: Minimizes potential data loss in the event of a disaster, especially for organizations with aggressive RPOs.
  • Geo-redundant offsite backups: Data is replicated across multiple geographic locations in the cloud, providing additional resilience in the event of a regional disaster.

5. Trusting native cloud backup features too much.

Drawing from the same surveys we quoted in the introduction, consider that:

  • 13.1% of IT professionals believe Microsoft 365 and Google Workspace provide sufficient native data backup features to prevent data loss. (Source)
  • 84% of IT decision makers sync data to cloud services (such as OneDrive or Google Drive) as a form of offsite data backup. (Source)

Yes, these cloud providers do offer some data backup redundancy. However, the native tools often only offer limited retention periods and may not cover all data loss scenarios such as accidental deletion, insider threats, or sophisticated cyberattacks.

For example, employees or contractors with malicious intent can delete or tamper with data. Native recovery options may not always capture or prevent such actions, leading to permanent data loss. And once the cloud provider deletes your data from their platform, you cannot get it back.

Your data backup and disaster recovery solution must include immutable backups, extended retention policies, and granular recovery options—allowing you to recover data even after it’s been deleted from the platform by the cloud provider. And keep in mind—even if you’re within the data retention window with a cloud provider when you attempt a restoration, you risk not protecting all your critical data due to the cloud provider’s inflexibility with their native options.

---

Need help with your BCDR plan? Worried about the threat of data loss? Reach out to us today.

Related Resources

Enhancing Vulnerability Management: A Strategy for IT Directors to Dam the Flood of Vulnerabilities

With the high volume of vulnerabilities facing IT directors, it’s impossible to patch or remediate...

Read More
How Much Priority Can an MSP Give Your Backups?

We love managed service providers (MSPs). They fill a huge void for companies with limited IT...

Read More
Data Recovery Isn’t Always Enough

Just because you can recover your data after ransomware doesn’t mean you won’t suffer losses.

Read More