In late November 2014 Brisbane experienced its worst storm since 1985 with over $1bn worth of damage to property and businesses.
Fortunately no one was killed or badly injured but more than 88,000 homes were without power and some areas of the city looked like more
like a war zone than a residential area.
Since then, we’ve seen earthquakes, volcanoes, typhoons, hurricanes, fires and floods around the globe impacting people and businesses. We
never know when a disaster whether it be natural or man-made may strike and it’s vitally important to be prepared.
I’ve put together some key tips around what businesses should be doing in planning for a disaster to help protect themselves and if the worst was to happen how the business could get their IT systems up and running again.
1. Put together an IT disaster recovery plan
An IT disaster recovery plan should be essential part of any business plan. It is usually a compromise between best practice and cost, with the overall cost usually dependent on how quickly the business needs to be up and running again. It needs to address all functional areas within IT prior to, during and after a disaster.
When putting together a disaster recovery plan, risks need to be evaluated and decisions need to be made as to what will constitute a disaster as well as how long the business can afford to be off-line for.
2. Put a Communication plan in place
If disaster strikes, it is very easy for things to get out of control quickly and be missed. That is why it is essential as part of the overall disaster recovery plan that a communication plan be developed.
It is critically important to define who has responsibility communicating with staff, emergency services, media and customers, and that this is documented and staff members are aware of their communication responsibilities.
You also need to think about who in the business has the responsibility for declaring a disaster and if they are unavailable, who that responsibility is delegated to.
3. Test your plan
It’s all very well to create a plan, but it’s just as important to practice it and ensure that it works in case there is a real disaster. Practicing the plan can identify areas of weakness and improvements.
Your disaster plan should be tested and modified on at least an annual basis. Every time there is a major change within the business, whether that be IT systems related or process related, your disaster recovery plan needs to be updated.
4. Get insured
If the worst was to happen and your business IT systems are damaged or destroyed in a disaster, not having the right insurance, being uninsured or being underinsured could have a catastrophic impact on your business. This could lead to it being forced to close for an extended period of time or even worse not being able to re-open again.
A professional insurance broker can help you make the correct insurance choices.
5. Create an asset register
As part of the process of getting insured, every business should create a list of what assets they hold. In terms of IT equipment this would include all pc, laptops, tablets, mobile devices, servers, network switches etc.
Your IT provider should be able to provide you with a list of your IT assets that you can store securely and provide to your insurance company if the need arises.
6. Back your systems up off-site
You need to ensure that you are backing up your critical IT systems at least every night and that a copy of this is held securely off-site.
If your office is hit and your IT systems are destroyed or unreachable, then you will need to be able to access your critical data from somewhere else.
7. Save your critical recovery documents securely offsite
Some documents are absolutely critical for businesses in the event of a disaster, like contact lists and emergency procedures. These need to be stored securely on the company network but also a copy needs to be available easily if the computer network is not reachable.
Some businesses keep these documents in a bank vault or with senior management. Other business have set up a cloud based file sharing account that senior management have permission for and can be accessed easily in the event of a disaster.
8. Flexible working
Many businesses have suffered due to IT systems or offices not being available after a disaster, which has led to severe and sometimes a catastrophic impact.
Businesses with flexible working capabilities and cloud based IT now have the ability to function even if their office/premises are out of action.
9. Cross-train staff and spread the skills
Only having one person with a certain skill and over relying on that person as well as not training other staff to cover the area is a mistake many businesses make.
In the event of a disaster if that person is unavailable for whatever reason the business can really suffer.
10. Check with your network to ensure your suppliers and customers are protected as well.
Even if your business is covered, how are your suppliers or customers protected if a disaster hits them? Will your business be impacted if a supplier can’t supply a specific part or service because they have suffered a disaster? And if a large customer suffers a major disaster and cannot take your product or service how will that impact your business?
If you need any assistance with your IT security strategy or any advice around your technology requirements please call us on 1300 478 738 or email us at info@suretyit.com.au.
