Did you know that there is a difference between Backup and Disaster Recovery? Both are critical and as far as we are concerned absolute must-haves for all veterinary practices, but the distinction is actually pretty important, and it’s vital that you know the difference. In this article we will examine the difference in a simple to understand way with no technical jargon so that you can make a fully informed decision for your practice.
You may need to fall back onto to your Backup or Disaster Recovery Plan for a multitude of reasons, and in our 16+ years working with Vets we’ve seen it all. From accidental deletion of files and intentional data corruption by disgruntled employees to falling victim to Phishing scams and even full blow outages caused by massive cyber-attacks. It happens more often than you think, and without backup or a disaster recovery plan your practice could be left incapacitated for anywhere between a few hours or a few weeks…
So, what exactly IS backup?
This is where your data (and your servers if you have any) are duplicated and stored separate from the version you use on a daily basis. This could be in the cloud, on a server in a data canter or even on server in your veterinary practice.
This means that if you data becomes corrupted – whether this is through human error (such as accidental deletion) or due to a cyber-attack (such as Ransomware or Phishing) – You can be reassured that you will be able to restore that data using the backup copies.
This can be done in a very short amount of time as typically you are looking to recover small amounts of data, maybe 1-20 files (generally due to accidental deletion). However, it does take longer when recovering from the cloud, as the data needs to be pulled down from the cloud environment, or a very long time if you need to restore large amounts of data in one go (usually due to system outage after a cyber-attack).
We recommend a backup method using a grandfather, father, son scheme. This would mean that your practice would have the following:
- Daily Incremental backups
- Weekly Full Backups
- Monthly Full Backups
This may seem a bit excessive, but it’s important to ensure that you are always able to access backups for a year. This is because when it comes to malicious activity, it can take some time before it is detected, we’ve seen cases where a hacker has been in the system for over 3 months. It’s bad enough to discover that your files have been encrypted, but then to find out that your backup doesn’t go as far back as you need to recover them? That could be the end of your business.
So, what exactly IS disaster recovery?
Whereas backup refers to copies of data, disaster recovery is the plan and processes for quickly re-establishing access to applications, data, and IT resources after an outage.
Part of your Disaster Recover plan will include identifying which of your IT systems and networks are critical to your practice running. From this you’ll be able to outline which you need up and running first, which ones you can live without for a little while and prioritize on this basis. The aim of this is to try to minimise any negative effect on your practice operations.
A disaster recovery solution we often recommend is a Datto system, this does backups from every few minutes to every few hours and it allows you to bring your server backup on the Datto hardware if the worst happens. It also allows you to recover in multiple ways:
- Recover your entire server to a virtual machine
- Recover your entire server to a physical server
- Recover Files to a server and share them within your network
- Recover your entire server to a cloud environment
The ability to recover your backups onto a system like this means that any downtime is drastically shortened, although one thing to note with this, is that the Datto system will not be as powerful as your server, which means the recovery environment may be slightly slower than your physical server.
What you need at your practice
It’s simple really, as far as we are concerned our clients just having Backup isn’t enough to help us sleep soundly at night. Backup is a basic fundamental of any IT service these days, but there is simply just no guarantee how quickly you will be able to restore your data and get up and running again and if you can it’s possible that this can take days. Additionally, if you are experiencing a whole system outage simply being able to restore your data wont help if your other tech has also been wiped out. This would cause a severe disruption in your ability to offer patient care.
In addition to this you will struggle to be GDPR compliant if your practice does not have a disaster recovery plan. As stated in article 4 of the regulation all businesses require “the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident”
Essentially, as part of the GDPR you should be able to demonstrate processes around the security, availability, recovery of your IT systems this is not something that backup along will do, but a disaster recovery plan does.