We have all seen it, heard about it or have had it happen ourselves. When the unexpected happens, it’s important to have a plan in place. As an IT service provider, we have seen multiple incidents when companies should have planned better for various disasters. If you don’t have a disaster recovery plan in place, here are some things you should consider. Even if you do, you may want to make sure your plan is up-to-date and is well communicated.
When it comes to your personal belongings, you probably are already taking certain security measures. Your may keep important paper documents locked in a safe and have your photos backed up on an external hard drive. Your business should have similar security precautions and redundancies in place.
Step One: Where is your information stored?
Companies have data saved in a variety of places. Think about how much information your company maintains and where it lives – paper files, server and network folders, individual employee PC, external or USB hard drives, cloud services and more. Each repository likely has different data saved, and each of those has its own relative set of value or importance to your company. Unless you know what you have, it’s impossible to have a disaster recovery strategy! Thinking through what information you have and where it lives shouldn’t take too much time, and it’s a critical first step.
Step Two: Consolidate where possible
Many businesses have redundant information, and it’s sometimes difficult to know where the most current or accurate data really lives. For example, maybe you have a particular document saved on the server but a few people also maintain a copy on their individual PCs. If a person makes changes to one of these documents, then the other is out of date. If possible, you should consolidate as many data sets as possible, so that you have clarity on the few places where your data lives. Most companies have done a nice job of requiring company files to be saved on the server or to the cloud, and away from individual workstations. It would be relatively easy to send a reminder to staff, asking them to remove any information saved locally and to upload to the server. The fewer places to save data, the better!
Step Three: Limit access to those who really need it
As a general rule, most companies have restricted access to sensitive data such as HR or payroll or other critical records. That’s a great starting point, and we invite you to go further. For example, does everyone need access to your client list? Is it necessary to share marketing collateral with everyone, or do all staff need your price list? For every data set, you can choose a unique set of access permissions so to better protect your company information. Business owners are aware of external security threats, but risks posed by internal resources are often overlooked or ignored. By considering a security protocol for all of your critical information, you can dramatically reduce business risk.
Step Four: How is each repository backed up?
In today’s interconnected world, it’s unlikely all of your data will live in a single repository. Maybe certain things are saved on your file server, while other items are still in paper files. You likely have financial records with your accountant, and other information saved to a cloud service provider. Do you have clarity on how each data set is backed up? Have you considered that worst case scenario for each? Many companies associate ‘cloud’ with ‘backed up’ or safe, and that might be a dangerous assumption. If you are using a 3rd party to deliver a service, by all means ask this company about its backup procedures. For all data saved internally, make sure you are clear on how it’s being saved and backed up as well.
Step Five: Develop a regular disaster recovery test schedule
Plan for disruptions. If you assume that your company will be be compromised or that your cloud solution will be breached or your server will crash, then you are really managing technology well. There are so many things that are unpredictable and out of your control – in spite of all your efforts, any one of your employee could click a malicious link and infect your network with malware today! This happens to many firms EVERY DAY, and none of us can control if/when it happens to us. It’s relatively easy to identify which information is most critical to you, and ask your IT staff to walk you through what happens if that data suddenly disappeared. How would we recover? How long would it take to get back to normal operations? Are there risks or extra costs to consider?
Of course you can reach out to us if you would like to discuss any of these scenarios. We are constantly researching and testing new tools to help our friends from dealing with a disaster AND data loss.
HOWARD TECH ADVISORS: YOUR PARTNER IN TECH
At Howard Tech Advisors, we manage your IT infrastructure so that you don’t have to. Whether you need assistance creating a disaster recovery plan or you’d like to outsource your IT needs, we can help! Keep up with our weekly blog to stay up-to-date on the latest tech trends, security information you need to know to stay safe online, and tips and tricks to effectively navigating an increasingly mobile world.