Our IT systems are vulnerable. If you’ve been reading the news, you’ll have noticed the term cyber-crime being used a lot recently.
But cyber-crime and e-fraud aren’t the only threats to your IT. There’s the threat of a natural disaster like fire or flood or something as basic as simply breaking down. For this reason all businesses no matter how small should have an IT disaster recovery plan.
So what are the steps to building a robust plan? Essentially, a plan should be made up of three parts. Prevention, detection and correction. All of these bases should be covered in your plan if you are to be adequately protected.
Assuming you are doing everything yourself and haven’t already retained the services of IT provider to proactively take care of this kind of thing for you here are some fundamentals which should be covered in every plan:
Know what your essential IT systems are and what would be affected were they to go down
Before you can create a plan for recovery, you have to know your IT infrastructure inside out and have a clear picture of what processes will be effected if certain parts of the infrastructure were to go down.
Create a separate section for each part of your IT system in the plan. For example, if your emails go down – what will be immediately affected and what are the steps to counter any loss of production? Your finished plan should contain many of these separate sections.
Understand what the threats are
The threats to an IT system are wide-ranging. You could suffer from a major cyber-attack which affects your traditional security measures or you could simply lose connection to the internet bringing your web services to a halt.
Speak to an IT security company to establish what could happen and what your back-up options are should the disaster occur. How can you mitigate or prevent an incident? What should be done in event of said incident?
Identify and protect high-priority sources
Once you have a clear picture of your IT infrastructure you should be able to assign high-priority status to certain elements. These are the parts of your IT which could do the most damage if they were affected. You need to go to great lengths to make sure these elements have the best possible protection.
It seems so obvious but you wouldn’t believe how many people fail to create back-ups of their essential data. You should consider remote storage of back-ups as well as on-site back-ups. Some might consider the use of cloud storage as back-up enough but are you happy leaving your back-ups completely in the hands of a third party?
Create a list of emergency contacts
Depending on what kind of misfortune befalls you, there will be a set of contacts you need to get in touch with. This might be someone or a group who simply need to be informed, or who needs to mobilise to help you in the recovery and prevention of further damage.
Communicate and test your plan
Who needs to know the ins and outs of your disaster recovery plan? Everyone in your organisation? Line managers? Or simply your IT department?
Once you have assessed this – you need to communicate the plan effectively. Part of this communication should be the testing of the plan – it will not only show you any holes in your strategy but instil the protocol in the minds of your team.
It is important to keep in mind that a disaster recovery plan is not something you write and forget about. It needs to be revised and should be an ever-changing entity – keeping up with your needs as a company and the threats which face you.
August 12, 2013