How to Write an IT Disaster Plan
Is your company prepared for a ransomware attack and a complete lockout of your network and access to data? With a move from office work to working from home to now hybrid has increased risks for these types of attacks grow. This logistical workplace change is also combined with many operating systems and programs coming end of life in 2020, adding to the possibility of bad actors entering your network and controlling your company. How you prepare is by writing a disaster recovery plan. Here are ten items to considering and help with creating one.
1. Create a Written Plan:
Taking some time to sit down and think through, in advance, what your organization needs is the first step to building a disaster plan. It may seem obvious but the plan should be a step by step guide. The steps should be short, concise and act as if the reader has no prior understanding of your business or IT network. This written plan should contain the essential contact info for vendors, accounts, software, etc. This plan is very confidential so it should be stored in a secure offsite location.
2. Hire a Trusted Expert:
If your business isn’t building disaster plans then you should consider hiring an expert whose core business is disaster planning. You want to make sure your plan is complete, detailed and have no gaps. When a disaster hits you want the plan to unfold smoothly.
3. Build a Communication Plan:
Imagine your whole network crashing, with no VOIP phone system, direct messaging apps, email or even web access. How would you tell your employees what to do, next? How would you contact your clients and suppliers? What if only the phone fails? What’s the next main form of communication? It’s important to understand what communication tools you will use in the event of a failure.
4. Your Backups Needs to be Automated:
Simply put the less human error the better. Ensure your backups are automated. There are many tools to do this.
5. Your Backups Needs to be Offsite:
Offsite backup can occur through many methods but the best is by the cloud. How it works is: after the local copy of your data is backed up it is sent to an offsite data centre, through your internet connection. Sometimes even replicated at another offsite location, creating a redundant copy. Redundancy is a good thing here, as it means there are three copies of your data; one local and two offsite. This means more protection.
6. Build Remote Access and Management:
COVID – 19 made the need for remote work and access clear. However, you should review what access is available remotely and who can use it. You want to make sure that everyone has access to the files, data, programs, etc. that they need so that on day one full functionality can be achieved. Also, consider what access your IT company, staff or consultant needs to do their job and build it into your remote access.
7. Image your Server:
An image backup of a virtual machine (VM) contains the entire VM. A file backup only contains certain files within the VM. Image backups are block-based, ie they don’t care what the data is, they just back up all the 1’s and 0’s. A file backup has to understand what’s inside at a deeper level to backup only a piece of it. Modern image backups allow the extraction of small pieces as they can understand what’s inside the image. Having an image saves a lot of time in rebuilding if a disaster hits. It can take rebuild time down from weeks to an afternoon.
8. Create a Network Map:
This is a drawn map of your network. A network map will show what hardware you have, what programs you use and how everything is set up. It will lead to faster rebuild time and provide documentation for insurance if needed.
9. Incorporate Maintenance to your Network:
Data, licenses, warranties, and updates all need to be managed. One of the most important things is ensuring you have the security patches installed for your various software. These security patches will help prevent malware and ransomware from attacking your network – the most common IT disaster.
10. Test, Test and Test again:
Your backups should be tested and a restore should be completed. A restore should be done once a year while a random data file back up test should be done monthly. Your communication plan should be reviewed, keeping up with how you communicate and tested once a quarter. Remote access should be tried, if not already working remotely – this should be a monthly test. Your server images should be reviewed, daily. You should also do a test run of the complete plan it’s self. How often is up to you but best practice would be once a year. This is how you will find out what works and what needs improvement. Through these tests, a comfort level for the plan will be built in for when a disaster hits.
Hopefully the above gave you a starting point for building a disaster plan for your IT.
We know disaster planning can be overwhelming for business leaders who have a lot on their plate, even more so today. Plans like these help to limit the pain of a disaster to your business, they help keep people employed; the business operating, customers served, and disaster costs low. Disaster plans are how you protect the value of your work.
If you need any help creating a disaster plan, fill out the form below and contact us today!