Todays businesses depend heavily on Information Technology (IT) because of the overwhelming business advantages it can provide. This dependence has a flip side in that an IT disaster can cripple the business. For example, the business can go bankrupt if it loses all the electronically stored business data and there are no backups to restore them.
1. The starting point of disaster recovery is a careful examination of all the different kinds of disasters that can happen, and the impact each can have on the business.
2. Disasters can generally be classified into:
- Power-supply related such as power failures, surges and other kinds of disturbances
- System related such as hardware or software problems
- Externally originating dangers such as virus and hacker attacks
- Employee-caused such as accidental or malicious actions that result in data loss
- Natural disasters such as fire, floods, hurricanes and earthquakes
- Others such as theft of equipment and storage media
3. Once you have a picture of the kinds of disasters that can happen, you will be in a position to think more clearly about the likelihood of each, and the impact each can have. The risks can then be prioritized depending on how serious the impact of each is.
4. Once the risks are prioritized, you can start planning preventive, detective and remedial measures. Each of these measures is important. Prevention can reduce the incidence of disasters. Detection can alert to impending serious disasters. And remediation is the ultimate objective. Thinking about each in detail will lead to a complete planning exercise.
5. Preventive measures typically involve taking safeguards like:
- Using backup power supply systems and surge protectors,
- Regular hardware maintenance, and procedure manuals for handling software problems,
- Installing antivirus and firewall software,
- Maintaining audit trails of employee actions and restricting their access to data,
- Backing up data and
- Storing them remotely and implementing physical safety measures.
6. Disaster detection requires both software and human actions. Software tools can detect viruses and impending disk failures, for example, and help take timely remedial action before the problem becomes serious. Human actions such as monitoring audit trails for unusual activities can alert the organization about unauthorized employee activities.
7. Disaster remedies depend on the nature and extent of the event. A natural disaster can involve replacing the whole infrastructure and restoring the systems, applications and data from the backups. Smaller disasters can involve nothing more than just restoring the data, or can involve disciplining employees guilty of malicious actions. Where the costs are heavy, claiming insurance can become a critical task for survival of the business.
8. Data backups need to be organized in a systematic manner. All data must be backed up while minimizing redundancy. In addition to transaction data, system data and applications must also be backed up to restore the original environment. Data compression to reduce storage requirements and encryption to maintain confidentiality are other practices.
9. A major portion of data losses has been attributed to employees. It is critically important to train employees in safe practices, and to restrict access to data by using access rights and passwords. Audit trails must be generated by all systems to keep track of who did what with the data.
10. It can be worthwhile to entrust installation and monitoring of IT disaster measures to expert third party service providers who will be aware of all that can happen and how these can be prevented, detected in time and remedied.
IT disasters are very real possibilities that need to be taken extremely seriously if the business is to survive. In particular, restoring the unique business data that each business generates is of critical importance. So are preventive measures like data backup, antivirus software, employee training and formulation of proper policies.