Setting Recovery Time Objectives That Fit Your Business

Setting Recovery Time Objectives (RTO)

With ransomware and network hacks on the rise, data backup and recovery has never been more important. But how do you know what backup and recovery objectives you should set for your business? After all, the more frequently you back up, the higher your DBR and data storage costs. In this post, we’ll walk you through the basics and what things to consider when setting your recovery time objectives.

What Is a Recovery Time Objective (RTO)?

A recovery time objective (RTO) is the time it takes to recover your data in the event that access has been interrupted. Interruptions take many forms, from natural disasters to criminal attacks including ransomware. An interruption can also be the inability to access your data’s location, such as when COVID quarantine began and work locations suddenly shifted. 

Your business will have many types of data, therefore you will most likely have more than one RTO.

Start Assessing Applications

Start determining what is at risk, beginning with your applications.

  1. List every application you use to conduct business. Prioritize them.
  2. Which of those will be the most affected by a disruption to your system?
  3. Which are irreplaceable and which are replaceable from other sources?
  4. List who or what would be affected by disruptions in those applications.
  5. Estimate the cost per hour if a particular application was affected.

Whoever is providing you with IT support will need this information. They will also need to know how many different types of backups you have and how often the individual applications are backed up. 

Yes, it’s a lot to document, but it is essential to the continuity of your business and will save you time and money in the long run.

Downtime Impact

All businesses should know how much downtime they can sustain if data is compromised or inaccessible. One hour? One day? One month? What’s the longest amount of time you can be down before it is catastrophic to your business? Document this as well. How much downtime can your business sustain? What is the revenue loss during downtime?

Don’t forget downtime also affects your reputation with your customers and clients. If their data is unavailable to them when they need it,  will they drop you like a hot potato and go elsewhere for their needs? You KNOW the answer to that question so do what you can to prevent it from happening.

The Process of Data Backup and Recovery

  • Who is responsible for your data backups? An outsourced provider or someone in-house? Whoever is tasked with that responsibility needs to own it.
  • Where is that backup located? Onsite? On the cloud? At a different offsite location or locations so that if a tornado or flood hits your onsite location, your data is protected?

Recovering Your Data

Answer those questions and you will be able to start to determine your recovery time objective. Ask your in-house IT staff or your managed service provider to continue the conversation and come up with a data backup and recovery plan that works for your business.  

We’re here to help.  Contact us or book a meeting if you have questions or concerns around RTO or any IT service needs.

Dave Hatter

Dave Hatter

Dave Hatter (CISSP, CCSP, CCSLP, CISA, CISM, PMP and ITIL) is a cyber security consultant, writer, educator and on-air media contributor. See hundreds of Dave’s expert interviews on cyber security on his YouTube channel, or tune in to 55KRC every Friday morning at 6:30 for his “Tech Friday” segment.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Securing Our Cities Cybersecurity Protection for Local Governments - Intrust IT

Securing Our Cities: Cybersecurity Protection for Local Governments

As a city or municipality manager, you understand that the security of your community extends far beyond physical borders. With...
Manufacturing and IoT Securing Connected Devices

Manufacturing and IoT: Securing Connected Devices

You're the operations manager of a cutting-edge manufacturing facility, overseeing a production floor buzzing with activity. Your team relies on...
Small Business Cyber Security Toolkit

Small Business Cyber Security Toolkit: The Tools You Need to Stay Protected

With great power comes great responsibility, especially when it comes to running a business and protecting your digital assets. As...

Business Continuity Plan Template for Municipalities

Municipalities are facing increasing cyber attacks.  With cybercrime rates soaring and municipalities ranking as prime targets, the need for robust...
Cybersecurity Strategies for Municipalities 8 Expert Tips - Intrust IT

Cybersecurity Strategies for Municipalities: 8 Expert Tips

Municipalities tasked with safeguarding sensitive data and critical infrastructure are increasingly the targets of cyberattacks. Municipalities often handle a vast...
Business Continuity Guide for City Managers - Intrust IT

Business Continuity Guide for City Officials

The resilience of a city's operations hinges on its ability to effectively weather unforeseen challenges. From natural disasters to cyber...