How to Disaster-Proof your IT

Introduction

Anyone who’s been involved with IT over the last decade or so will have heard the term “Disaster Recovery”. This blog seeks to explain what is meant by that, and what Disaster Recovery Planning (DRP if you’re in the know about such things) actually comprises for your business.

Enough with the preamble, then, what is it?

Disaster Recovery, as it applies to IT, is the process of coming back from a catastrophic event that disables (either permanently or temporarily) some or all of a firm’s critical business functions. Typical causes for such a Disaster include (but are by no means limited to);

DR EventExample(s)
EnvironmentalFire, Flood, Hurricane, Tornado, Flock of angry pigeons
Malicious attack – InternalDisgruntled employee, Ransomware attack
Malicious attack – ExternalCyber crime, Hacking
Supplier IssuePower spike, Internet failure, Long-term power outage
TerrorismExtraordinary, focused physical attack with external origin

Whatever the actual nature of the attack, the eventuality that your DRP (we can call it that now because after reading this, you’ll be in the know) must foresee is the total cessation of your business systems as your daily usage knows it.

To clarify, the specific issue you’re dealing with may greatly influence the corrective action you take, but in every situation the recovery principle is reliant on some sort of alternative provision of the lost function.

To further explain, we list some examples as to vulnerable functions how they may be protected through redundancy. Again, please note that the below are merely examples and a thorough assessment of your own business’ requirements (and budget) will be needed in order to determine the right balance of protection versus cost.

Lost functionPossible solution
Power OutageExternal generator. Expensive, somewhat old-fashioned solution but undeniably effective.
Internet OutageInternet Router configured with a 4G SIM card to automatically “kick in” when the main connection fails
Router FailureSecond router sat alongside the first, in an active / passive mode, coming into operation when the first router fails.
Email ServerOffice 365. Moving your email to the Microsoft Office 365 email platform means moving it to a cluster of servers, meaning a failure won’t affect you at all!
File ServerContinuous backup of live files to a Cloud-based repository, meaning that in the event of your Z:\ drive being unavailable, you could access your files directly from the web.
File Encryption Eventaka, “Ransomware”. Cloud backups would also protect against this attack, as well as potentially provide you with a simple function to roll back all files to a time and date prior to the infection
Total loss of buildingA properly protected business Network’s data and functions would be accessible by staff, from alternative internet connections (think home, internet café etc.) with the correct authorisations.

“I’ll be okay, it’s never happened before, right?”

We hear this one a lot. It is very fortunately true that cataclysmic -style disasters are a definite rarity, and we’re all very glad of it! However, it’s also true to borrow (and somewhat cannibalise) an oft-used phrase from the Financial Services industry;

“Past performance is no guarantee to future performance”

In this sense, we mean that that fact that it’s never happened before is no guarantee that it will never happen in the future. Moreover, if any probability theorists are reading this, it’s reasonable to say that no previous events actually makes it more likely that something will happen in the future.

Stupid reasons not to implement a DRP

“We can’t even think about this. We can’t afford it. We’ll have to take the risk”

Without knowing budget of this (fictitious) person’s firm, we can’t know if this is true or not. However, a really good counter to this arguably short-sighted thinking is – “How do you know you can’t afford it if you’ve not carried out even a cursory assessment of vulnerable functions and the cost of protecting them?”

After all, it’s one thing to say you can’t afford it after carrying out the due diligence, and that might be a reasonable conclusion, but to ignore the issue completely is something that only Ostriches do, and we haven’t met many Ostriches that are successful in business!

“I know what we need to do, but we haven’t got the budget for it this year”

This is less offensive to us as risk-averse strategists but no less alarming! Ultimately, of course, it boils down to the individual firm / decision maker to determine the best use of the firm’s resources but from our perspective we would simply ask;

“What would the actual, real-life cost of a Disaster be to the firm, in cash terms?”

The answer to this question is almost always a lower number than the real one, and almost always higher than the cost to implement a reasonable DRP.

“We do have the budget, but we don’t have the time to think about it right now”

This is, again, a frequent response, but consider this. If you are a business owner who feels they’re in this position, no doubt with looming deadlines, potentially with busy production lines and with large amount of work in progress, aren’t you actually MORE likely to be seriously affected than a similar firm who has time to spare? It’s an uncomfortable truth, as they say, but the busier you are, the harder it is to see the big picture.

Think of it another way. You’re driving a 4×4 through a forest, and the trees are Disasters. Are you more likely to be killed hitting a tree at 10mph or 50mph?

DRP – Simplified!

First Steps
It all starts with an assessment of your business. Think about things in terms of;

Identify Business Function (email, Accounts etc) → Importance (how long could you be without it for?) → Cost (price of protection)

You will find it easier to fill in the first two columns, and Nemark can help you with the final one. Once you have all the information for all three columns, you can decide (either alone or with our help if you wish) which functions you would like to protect.

Conclusion

There will be further wrinkles in the form of interdependencies (the Internet, Power are two big ones) but the above will form a useful framework upon which to base a reasonable DRP that takes into account those things your business really needs whilst at the same time, rightly de-prioritising those things that you can do without for a longer period of time.

On top of this, we can collaborate with you regarding costs so that you end up with a package of protection that is completely tailored to you, and within a tolerable budget.

In short, no good Disaster Recovery system is free, but it is almost always cheaper than bearing the true cost of a Disaster without any protection at all. Having no contingency plan to cope with unforeseen catastrophes isn’t just unwise – it’s actually reckless. If you’re reading this and you’re the firm’s go to “IT Guy” and not the owner, having a Disaster Recovery Plan in place might just be the difference, for you, between ‘employed’ and ‘unemployed’. Alarmist? Perhaps. Food for thought? Definitely.

If you’ve been affected by anything you’ve read here, Contact Us to find out more and maybe together we can prevent that Disaster turning into an Apocalypse!