I’m sure you’ll agree with me when I say life would be a little more boring if everything could be predicted. The reality is just like in life, not all things can be predicted in business. With that being said you should really consider having a disaster recovery plan for your business and IT. This is vitally important due to the increase of cybercrime and the potential risk of your business being attacked. In this article, we will outline some of the basic things a disaster recovery plan should have included for your business technology.
The first step is to have a list of all your service providers. When it comes to technology, there are a few accounts kicking around that most people forget about. Keeping track of this can be simple; you can use a spreadsheet. This should be printed out – including the service, company name, contact number and contact person. Remember, this is to be used only for a disaster. We don’t advise doing this for typical day to day usage.
Here are the types of providers you should be listing:
- Your offsite storage & backup
- Internet provider
- Hosting provider
- Telephone provider
- Mobile provider
- Printer provider
- Domain registrar
Having all of these listed in one place is excellent practice if you should ever fall victim to a cyber attack or systems outage. While most IT providers will keep a note of these providers on your file – not all will, so it’s very worthwhile checking.
This should be kept somewhere like a safe – this list is used for the main credentials and passwords into your IT and technology systems. For example, what would happen if your current IT provider themselves fell victim to a cyber attack or fire? Details and credentials such as these should be kept by both parties in case of disaster.
- Internet service username and password
- Domain admin username and password
- Cloud services username and password
- Network switch, router and firewall login details
- Offsite backups and onsite backups credentials
The 3rd and final item you should have in the event of a disaster is a process of how IT systems should be recovered. You can take this step further by testing the process out. Whilst it takes time and usually money, it’s an excellent stress test to see what risks are within your IT system. Here’s an example of a disaster recovery process:
- Notify the senior management team of the disaster.
- Contact and initiate disaster recovery IT process. This could be as simple as stating contact details of the engineer responsible for carrying out the disaster recovery process.
- Prepare backups and potential disaster recovery services. This could be cloud-based applications and services as an example.
- Start bootup of virtual cloud-based recovery instances. In this example, we’ve gone to town, and our backup system replicates the whole physical IT infrastructure inside a cloud service. Just a case of flicking a switch to turn it all on (we make this easier than it sounds)
These are just examples and every business is different in their approach to disaster recovery. We highly recommend sitting down with your current IT provider and going through a disaster recovery plan. If your current IT provider has never done this for you, then we suggest this is done ASAP. If you would like a disaster recovery plan and process put in place for your business, please get in touch with us Aberdeen Cyber Security.