No one likes to think about disasters, but there are many unpredictable events that can affect the integrity of your data and IT infrastructure, which in turn can have a devastating knock-on effect for your business. Whether it's damage to your servers caused by a fire, flooding, storms or a catastrophic hard drive failure it's hard to imagine many modern businesses not being significantly affected by losing access to their data and IT systems.
Sensitive business data will also be vulnerable to cyberattacks from criminals looking to make financial gain from it, whether through selling it on the black market or blackmailing you to unencrypt essential business data through the use of ransomware.
Taking the time to put together a disaster recovery plan is an essential safety measure for any company reliant on IT systems (and let's face it, what business isn't these days). In this article I want to look at how to put together a solid disaster recovery plan.
Planning for the Worst
The first stage of any disaster recovery plan is to work out which systems are essential to keep your business in operation. Every business will have some systems that are less important than others, so work out which ones you really need and prioritise these.
Remember that the plan isn't just about the technology, but about the people who will have to implement recovery procedures too. They need to know where to go, who to contact and what to do in the event of a problem. It's useful to involve departments and personnel outside of the IT team too. Who is going to liaise with your customers, for example, and reassure them that you're working to get things back on track?
Big corporations often have shadow data centres in other locations, allowing them to switch their system seamlessly in the event of a problem at their primary site. For smaller firms, this isn't practical, but you shouldn't neglect the importance of off-site storage.
We all know that it's crucial to backup data regularly, but a backup is of little use if it's on an external hard drive that's kept alongside the computer and therefore vulnerable to whatever mishap befalls the source system.
Backing up to the Cloud
In an era where systems are increasingly accessed from the cloud, you also need to think carefully about connectivity and perhaps having fall back methods of getting online to access crucial data. Backing your data up to the cloud isn't in itself a complete solution. What if you're unable to access your cloud provider or the stored data is corrupted by ransomware along with the original? It's important to realise that the cloud is essentially just another remote computer, which itself might be vulnerable to disasters and cyberattacks.
It's worthwhile taking a belt and braces approach to backup, so by all means use the cloud, but make sure you have your own local backup process in place and ideally stored safely off site. This doesn't necessarily have to be 100 percent up to date, but taking an extra backup once a week or so offers additional peace of mind.
Planning and Testing
Once you've drawn up a plan, it's important to not just forget about it until something goes wrong. A disaster recovery plan should be a dynamic document, constantly reviewed and updated to make sure that it's still relevant to your business and your systems. Each time there's a change or a new system is implemented, your DR plan needs to reflect this.
The way to ensure that your plan is still relevant and effective is to test it. This may sound pretty drastic, but having a plan that hasn't been tested is not much better than not having a plan at all.
The best way to test is to simulate disaster conditions that force you to rely on your emergency preparations. At the very least, you should do a ‘dry run' to ensure that all of the people involved know what to do and where to find relevant documents, passwords, backup disks and so on. Would your plan still be operable if, for example, one or more of the IT staff was out of the office?
Protect and Survive
It's easy to fall into the trap of thinking that disasters are all about natural events, but these days, they're equally likely to involve a computer virus or ransomware attack. These events can be equally devastating to your business, so you can't afford to ignore them. Ransomware attacks in particular are on the increase and can cause huge losses.
Prevention is always better than cure, so you must make sure you have a solid IT security policy in place and operating systems and antivirus solutions are kept up to date.
Don't rely entirely on technology though, as the person in front of the screen is often the weakest link in the chain. Make sure your staff know how to recognise phishing and other suspicious emails and are trained not to click links or download attachments they're not sure of. It's always better to double check than to risk infection.
About the Author
Dave Blackhurst is a Director at Bristol based IT Support Company Evolvit. He has many years' experience helping the region's most well known businesses setup and develop their IT infrastructure. You can connect with Evolvit on Google +, LinkedIn or call 0845 880 4554.