Problem solve Get help with specific problems with your technologies, process and projects.

Worst practices for backup and disaster recovery

Too many companies observe worst practices for backup and solid disaster recovery thereby dooming the plan. In part one of a two-part article, contributor Tony Bradley provides a list of five things that they may be doing wrong.

Natural disasters such as Hurricane Katrina keep network administrators acutely aware of the need for a solid data backup and disaster recovery plan to ensure business continuity. But too many companies observe worst practices, thereby dooming the plan. This two-part article lists a series of worst practices, in the hopes that showing what happens if you do it wrong will illustrate how to do it right.


  1. Fail to win management support. One of the worst things you can do for just about any IT project is fail to win management support. Without the executives on your side to back you up with the authority and the budget to do the job, the backup and recovery plan is virtually doomed.
  2. Provide no risk assessment. Without some form of risk or impact assessment, it is impossible to know which assets are critical and which ones are expendable. By wasting resources protecting expendable assets while leaving critical assets out of the plan, you will make the plan a failure.
  3. No written plan. People come and go. Maybe the parties that were present when the backup and disaster recovery plan was devised were so brilliant they didn't need to write it down. But, if you do not write down your well-defined and clearly documented plan so that anyone can follow it, there will be no recovery when the next disaster strikes.
  4. Lack of backup integrity. Many network administrators have a regularly scheduled backup to safeguard critical corporate data. But an oft-repeated worst practice is failing to ever validate the data or verify that you can restore it successfully and in a timely manner in the event of a disaster.
  5. Self-defeating data storage practices. When it comes to backup and disaster recovery, offloading critical data from the network onto tapes or other removable media is a best practice. But it can become a worst practice in two ways: One is by keeping the data on-site where it is sure to be destroyed along with the servers it backs up. The second is by storing the removable media at another site that is either insecure itself or is where you cannot easily and quickly retrieve it when you need it.

Part two of this article covers additional worst practices, including the more technical aspects of how not to create a backup and disaster recovery plan.

Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the Guide for Internet/Network Security and provides security tips, advice, reviews and other information. Bradley contributes frequently to industry publications. For a complete list of his freelance contributions, visit Essential Computer Security.

Dig Deeper on IT disaster recovery planning and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.