An eerie, thick silence pervades the city, punctuated intermittently by low moans and the occasional piercing scream. Doors are double-bolted, windows boarded-up, protecting the few living from the undead horde shuffling through empty streets strewn with shattered glass, blood, overturned cars… and hundreds of thousands of smashed hard drives, smart phones and tablets. Inexplicitly, the first thing a newly born zombie does is seek out and destroy technology, which has had the most unfortunate effect of making virtually impossible any communication beyond shouting distance. Perhaps from deep in the only part of their brain that survives – the primitive basal ganglia, or “reptilian brain” – the walking dead know that our need to communicate will finally drive us out of our hiding places – into their staggering arms. It’s the Zombie Apocalypse. And unless you were prescient enough to buy zombie insurance (yes, it exists), you’ll probably be shuffling along with the undead before long. OK. It’s a long shot. But our society’s current obsession with a world gone to hell perhaps does reveal our Great Recession and Global Warming-fueled fears that it is possible for things to go very, very wrong. And, in fact, it is possible. Maybe not on a global scale overnight and most likely not something that defies the laws of biology, like zombies, but in our little corner of the world things could, indeed, go quite wrong. Just ask the thousands of people in my hometown, Nashville, Tennessee, who were washed out by a “1000-year” flood a few years ago. Or the thousands of people every year who lose everything in a natural disaster, whether flood, or tornado, or hurricane, or earthquake, or volcano explosion. It’s not every day that your office building is flooded or a tornado hits, but what if one does? How do you protect your IT resources? What do you do first? Who makes the decisions? How to prepare for and recover from an IT disaster The answers to these questions differ for every business, which is why every business needs its own disaster recovery plan. Unfortunately, because they’re often viewed as tedious and even unnecessary, many business owners never create this important plan. Don't be one of these businesses. You can think of a disaster recovery plan as your doomsday bunker, only instead of preparing for a zombie apocalypse, disaster recovery plans prepare your business for IT traumas. Every plan should highlight worst-case scenarios and provide thorough and clear instruction about “what do we do when…” happens. Page 1 :: bytes of knowledge :: Is Your IT System Ready for the Zombie Apocalypse? This white paper seeks to ease the pain of disaster planning by outlining the building blocks of a good plan. It’s intended to simplify the process and provide you with a starting point that you can adjust along the way to fit the needs of you and your business. Creating the Master Plan Disaster recovery plans aren’t a one-size-fits-all model. Every plan should be custom built for specific businesses and as detailed and thorough as possible. Your disaster recovery plan should serve as a master plan, coverings four subparts: Technology planning Communications planning Personnel planning Testing the plan Technology Planning Ultimately, what you choose to include in your plan boils down to your risk tolerance. For instance, your business’ comfort with risk may be based on the level of importance that you place on technology and how vital it is for your business to run. Regardless of the severity of the potential disasters included in your plan, a true IT disaster recovery plan should account for data disasters, software disasters and hardware disasters. What type of disasters should you plan for? When thinking of disasters that could harm a business, many people only think of major natural disasters like floods, fires, earthquakes and tornados. What they often forget to consider are the more common day-to-day disasters, such as power outages, lost Internet connectivity, and failure of vital Customer Relationship Management (CRM), inventory and e-commerce systems. Even the seemingly small issues, such as no Internet connection, can cause businesses to shut down temporarily, affecting your clients’ projects and therefore putting your business at risk. There are many potential cause of disasters, including hardware failure, software failure, human error, and power outages, as well as natural disasters like floods and tornados. These calamities can cause issues, such as: Internet failure Email failure Lost or temporarily unavailable customer databases, CRM, e-commerce and inventory systems, accounting software, employee timesheet programs, etc. Damaged hardware, resulting in loss of irretrievable data and software Fortunately, some of these problems are easily fixable as long as you have backup redundant systems in place, and one way to do this is to set up dual Internet connections. The more redundancies you build into the system, the better. For example, building in two power lines and two Internet lines provides a safeguard against minor issues from becoming disasters. Who should be involved in the planning process? Key personnel from business and IT/operational sides should drive the recovery team, such as: A technology expert. If this person doesn’t work with your company, you should also have someone internally who understands your technology—at least to a certain degree. The CEO or COO. They will help overlay important requirements of the business, such as benefits and dangers. Someone in charge of the company’s money and budget. You’ll need someone to evaluate the information and determine what must be included in your plan for it to outweigh any next-best alternatives. Any operations or key players in your organization. Someone needs to be there to make sure that what you’re trying to replicate serves the same operational purposes and needs as those currently in place. Page 2 :: bytes of knowledge :: Is Your IT System Ready for the Zombie Apocalypse? There are three options when backing up your information and programs: 1) back up locally within your office using a hard drive or external source that gets taken offsite daily, 2) back up to an offsite location, or 3) back up to the cloud. Which you decide to use may depend on how vital the data and files are to running a successful and smooth operation. To protect your IT resources from “total disasters” like fires and floods, consider backing up your data, software and hardware offsite. For example, you can upload your files to an Internet server that keeps them offsite but available for use. Or, you can set up a duplicate server in the cloud, which allows you to access the files from or anywhere. Every business should also have email continuity services, which hold the last 30 days of your email so you can access them at any time, even if you don’t have replication services yet. During disasters, you’ll want to keep your core business functions up and working. Depending on your business, you may be okay working offline for a little while, but in the case of physical disasters, it’s best to have a technology communications plan in place to keep the business operational. Communications Planning After you’ve listed out all worst-case scenarios in detail, you need to consider a communications system to put in place for when disaster strikes. You’ll need a designated person in place for employees to call and report any disaster to. This person should be prepped to know how to respond to any emergency outlined in the plan, what actions to take and who to reach next. Questions to consider: Who has the resources to be this contact? How will employees reach him? What if the cell networks are down? Who will employees reach if the designated contact has left the company since you’ve updated the plan? What if the main contact is unavailable? o You should have a cushion—three to four total contacts—so that there’s no problem getting in touch with someone who is well versed on the next steps to take. Technology Planning: Covering the Basics To determine the bare minimum that must be covered in your plan, ask yourself a few of these questions: What’s at stake? What is the next best alternative and do the outcomes outweigh those of creating a plan? How long can we have the business or our clients without service? How important are our business applications? Which ones are the most critical to our business? What is really required for us to do business? o Is email critical for us? Are we able to serve clients or customers without it? o Is our database of customers critical to keeping business running? What about our accounting/payroll systems? o Do we have systems that communicate logistics, sales, and inventory or that send information between applications that rely on the Internet? What’s our budget? The more complex and holistic the solution, the more expensive it will be. The solution needs to be the right size for your company. However, it’s important to note that investing a little money now may save a lot of money—or even your business— down the road. Personnel Planning If your building catches on fire, how are you going to reach your employees and clients? You should have everyone’s home and cell numbers in addition to their email addresses so that you can increase your chances of reaching them. Let them know what happened and where they are expected to report for work. Depending on your company, you may need to consider an offsite office location where employees can work remotely during business down time. What computers are they expected to work with? What should they tell their clients? These are all questions that you can answer ahead of time in the plan so that there is no confusion when an actual emergency takes place. Page 3 :: bytes of knowledge :: Is Your IT System Ready for the Zombie Apocalypse? Testing the Plan For the plan to be successful, it’s essential to test it on a regular basis. If you don’t, or if you wait too long between tests, no one will remember what you need them to do. How often you run the tests depends on your risk comfort, but it should be somewhere between once a quarter and once a year. It’s all driven by what’s at stake. To test the disaster recovery plan, first determine the type of testing necessary. There are a few levels of testing, including walkthrough, checklist, simulation and full interruption tests. When you’re ready to run a full interruption test, turn off all of the systems and then turn them back on. The recovery team should log events throughout each test drill to help evaluate the results. The process should provide feedback to ensure that the plan is adequate and effective. If the results suggest otherwise, the disaster recovery team should assess the results and take recommendations from team leaders to improve and modify the plan. Once modified, test the changes to make sure they are successful. Summary—how to prepare for and recover from an IT disaster: 1) Determine who should be part of the planning and recovery stages 2) Sit down with the recovery team and devise a list of worst-case “what if” scenarios 3) Devise a master plan, which should include each of the following: a. Technology planning b. Communications planning c. Personnel planning 4) Test, test, test It’s bound to happen—your business will face some sort of disaster situation. It’s just a matter of what type, when and how severe. No disaster is predictable, so to ensure you’re prepared to handle any emergency, it’s essential to have some sort of well thought out plan in place. Julie May – CEO, bytes of knowledge bytes of knowledge is a Nashville company specializing in web, mobile & software dev, brand support, social marketing, digital elearning, business strategy, network design & maintenance, and entrepreneur consulting www.bytesofknowledge.com | 615.383.9005 Page 4 :: bytes of knowledge :: Is Your IT System Ready for the Zombie Apocalypse?
© Copyright 2020