Sadly, if you’ve been watching the recent news from Los Angeles, or in our own backyard of Western North Carolina a few months ago (and the still ongoing heartache of the mountain residents), you know exactly what a disaster looks like, but disasters come in many forms – any of which can seriously hurt your ability to do business. The answers are reliable data backups and a disaster recovery plan.
If your tech is in the Stone Age, and you backup your data onto an external hard drive and take the drive home, you are truly flirting with disaster. What happens if your home and business burn down or get washed away? Consider real, modern solutions.
Let’s focus on a very common disaster: a Ransomware attack.
An employee innocently opens an email from what seems to be a trusted source. It could be an entity like FedEx or perhaps one of your business contacts. Cyber criminals regularly hack email accounts and then send phishing emails in the victim’s name to everyone in their address book. They also ‘spoof’ or copy the email setups and logos of big companies and even Federal Institutions like the IRS, so the phishing FedEx email looks legit. It provides a link to track a package someone sent to your company. But it is not legitimate, and as soon as your employee clicks on the link, their computer freezes and a screen appears that demands a ransom to decrypt your data:
This is how it starts, and it’s far from over. Having locked you out, the Ransomware is already inside and finding its path to the rest of your network. At the minimum, the employee should be trained to immediately turn off the computer.
By now, going to the Start Menu for a standard shutdown is unavailable. The only way is by holding in the power button until the device shuts down - or even unplugging it. The quicker the action, the easier the cleanup, and it’s the first, crucial attempt to stop the intrusion into your larger network. The tide of the virus must be stemmed immediately.
Once the computer is off, what do you do next? Call IT, whether it’s an in-house department or a 3rd party service. One of the benefits of using a top-notch Managed IT Services firm is that, with their proactive monitoring, their Help Desk technicians should already be getting alarms that your system has been breached.
Here at ITFIRM.COM, we configure our clients’ systems to easily isolate and trap the malware in the initially infected device to prevent spread. Any reputable and experienced IT firm should have these policies and procedures in place.
But this is only a small but crucial first step in a comprehensive Backup and Disaster Recovery Plan which must be implemented immediately. The IT services team, in conjunction with your company’s management, will now do the heavy lifting to restore normalcy to your network operations.
Bear in mind that a Backup and Disaster Recovery Plan is a component of a broader, more comprehensive BCP or Business Continuity Plan.
What should a backup and recovery plan include?
Ben Franklin’s old saying “If you fail to plan, you are planning to fail” is of paramount importance when it comes to a Backup and Disaster Recovery Plan. Putting an effective plan together requires a thorough process with pinpoint attention to detail.
Here are the basic steps required to implement an all-inclusive and reliable plan:
Commitment from Top Management
In drafting a plan, your IT team should not presume to act without prior management approval, and they need to commit to the Plan. The IT crew will do the behind-the-scenes work, but it is company management that must approve and coordinate the plan with the employees, so their involvement and commitment to the plan is absolute necessity.
Organize a Planning Committee
Management, IT, department heads, and all areas of the company that would be affected by the disaster must be represented. The committee will define and delegate duties and determine the scope of the plan and set the standards for the activities listed below.
Risk Analysis and Assessment
Analyze and assess any potential dangers to all areas of the organization for impacts and consequences of each disaster scenario. A fire or flood will present different consequences than a Ransomware attack – such as an orderly evacuation plan. You need to analyze the risks and costs involved in responding to and minimizing the exposure because of various possible disasters.
Establish Priorities
There needs to be a ’pecking order’ of all areas of Processing and Operations. Put ‘first-things-first.’ Typically, communications and data flow should come first because they allow other areas of the organization to continue. For example, in manufacturing, the shipping department should be near the bottom (lower than the receiving part of the S&R department) of the pecking order because they will have nothing to ship if nothing is being manufactured.
Establish Recovery Tactics and Strategies
Determine the steps to be taken and who will take command of ensuring those steps are performed for each department. The objective, much as for those in ‘Establish Priorities’ above, is to enable the continuity of business as the disaster is being addressed. Establishing what is to be done and by which key personnel will prevent any possible confusion.
Put the Plan in Writing
Begin with an outline. The final plan needs to be in a standardized format and must adhere to every minute detail in understandable, non-ambiguous wording. Nothing can be left to individual interpretation.
The idea that any part of the plan could be open to ‘interpretation’ must be avoided – these must be clear-cut directives. All functions of all departments must be clearly assigned. A haphazardly written plan is as bad as no plan at all.
Consider that old ‘Saturday Night Live’ skit about a nuclear plant meltdown: The head honcho leaves after telling the workers “Remember, you can’t put too much water in a nuclear reactor.” Leaving one to think that you can put all the water you want in, because there’s no such thing as ‘too much,’ while the other says that you have to be careful not to put in too much water. Watch how you word things.
Set the Criteria for Testing
You need to test, analyze, and ‘tweak’ the plan as you go. Develop dependable testing procedures that allow you to foresee any weak spots and make appropriate adjustments. Any surprises on the day of an actual disaster are a disaster of their own.
Perform the Testing
The first test should be based only on the plan and the established testing criteria, then update the plan if needed. A plan is rarely ‘bulletproof’ the first time out.
Approval of the Final Plan
Once you’ve gone through a series of tests and adjustments, and all contingencies are covered, set the plan in stone – for now – future adjustments may be necessary if only to account for advances in your technology. Ongoing testing should be scheduled at regular, agreed-upon intervals. The world changes, as does technology, so follow-up tests may show inadequacies that were not present when the final plan was approved.
Cloudian offers a comprehensive guide to putting together a good Backup & Disaster Recovery Plan HERE.
Frequently Asked Questions
What is in a business continuity plan?
In contrast to the smaller Backup and Disaster Recovery Plan, which typically deals only with IT factors, a Business Continuity Plan (BCP) is a document that consists of the critical information an organization needs to continue operating during an unplanned event. The BCP states the essential functions of the business, identifies which systems and processes must be sustained, and details how to maintain them.
What is the difference between backup and disaster recovery?
There is a vast difference. In short, no backups: no recovery. Without reliable and tested offsite data backups in place, there really is no recovery from a disaster, at least from an IT point of view.
Once the data is gone and exists nowhere else, a typical business will not survive – over 60% of businesses that lose their data fold within a year – usually within months. You need both the backups and the plan. If you have some sort of IT services, but do not have either backups or a disaster recovery plan in place, perhaps it’s time to re-evaluate the quality of your IT support.
Where should data backups be stored?
There are 3 locations to ensure your data survives a disaster:
Local Backup – the fastest way to restore data.
Cloud Backup – off premises. Data retrieval is slower, but your data should be made safe in the cloud.
Cloud to Cloud Backup – even the cloud can be hacked, so use this extra measure of protection.
What is the fastest way to store and retrieve data?
Depending on the nature of the disaster, the fastest way to store and retrieve data is with your local backups, which may not be available in the event of a fire, flood or earthquake – at that point, rely on cloud backups, which are slower, but offsite.
How secure is your network?
As a longstanding, reputable member of the Charlotte IT Support community, ITFIRM.COM offers a FREE, no-risk network and Cybersecurity assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation to ever use our Managed IT Services.
The two best defenses are next-generation Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT Services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
Planning an Office Move?
Contact ITFIRM.COM today! We have the experience to ensure a seamless transition. After the office move, your employees will arrive at the new location to find their IT infrastructure ready and open for business!
For more information on office moves, or to receive your FREE no-risk network and cybersecurity assessment, just fill out the form on this page or call us at:
704-565-9705
