Business Continuity – 10 steps to prepare your IT systems for disaster

What types of disaster do you need to prepare for?

Disasters can strike at any time. For a small business to be able to survive a disaster event it requires precaution and thought ahead of time.

As I am writing this article the world is currently figuring out how to deal with the Covid-19 pandemic. Australia has just had the worst bush-fires in history. Floods have struck Dubai and Indonesia. Volcanoes have been erupting all over the world. And that’s just a handful of the disasters that hit in the first month of 2020.

Note that disasters don’t have to be major events like these to impact the ability of your business. Localised small disasters like illness or a building fire can impact your business as much as larger incidents can.

The lesson we need to take from this is that a disaster can strike at any time.

How prepared is your business?

By their nature, disasters can’t be foreseen – the only action we can take is to prepare ourselves to minimise the impact when they occur.

The good news is that most businesses can prepare by ensuring they have these things in place.

Note: I am an IT expert and these things are designed to be able to keep your business running from a technical perspective. There are other business and financial strategies that you should consider putting in place as well. The links in item 1 below will help with this.

1. Writing a Formal Action Plan

The first thing, while not IT related is probably the most important and that is to write a formal emergency plan document. This document should contain everything that needs to be done in the case of an emergency. It needs to to be accessible to all members of your staff and covered as a core part of your new staff on-boarding. When a disaster strikes there should be no uncertainty about what needs to be done and by whom.

For help on preparing an emergency action plan you can check out these government sites for more help:

Australia here:

https://www.business.gov.au/Risk-management/Emergency-management/How-to-prepare-an-emergency-management-plan

USA here:
https://www.fema.gov/media-library/resources-documents/collections/357

UK here:
https://www.gov.uk/guidance/resilience-in-society-infrastructure-communities-and-businesses

2. System Backups

Computer systems are critical for running our business. There are not many businesses I know that would be able to survive without them. Therefore it is important that you have up to date backups of your IT systems.

Have you heard about the “Rule of 3”? It’s a general rule of thumb that says you should have at least 3 copies of your data with one of those copies being offsite.

  1. The original data
    • Lucky for us the original data counts as one! So that’s a no brainer.

  1. A backup on an another device
    • I suggest that if you don’t have a fileserver onsite then you should at least consider purchasing a Network Attached Storage (NAS) device from Synology or QNAP.
    • They are relatively inexpensive and can be setup to be accessible from anywhere on your local network allowing you to backup multiple machines or applications into one central point.

  1. Another copy of the data stored in another location (could be online)
    • One simple way to approach this is to actually buy 2 NAS devices and regularly swap them out
    • A better option is to use an online file storage and copy all backup files from the NAS to the online service.

Backups are only useful if they happen automatically. So schedule these to happen automatically.

Also keep in mind that any online software services you use should also be included in these backups. There is no guarantee that these services will be around so it’s critical that you have backups of any data you have in the cloud.

Do you use an online software service but not sure how to back it up? Let us know and we can help provide instructions.

3. Standby Systems

What is a standby system? In the world of IT these are systems that are already configured the same way as our productions systems so that we can switch over to if the main system is unavailable. Think of a standby as a clone that is ready to step in when the main system becomes unavailable.

For some reason we refer to these with different temperatures… Go figure!

Cold standby

A cold standby is a machine that has all of the software installed on it but the data is out of date. It’s called cold because the machine is usually powered down and “cold”.

To bring a cold standby online we need to first restore the data from our backups before we can use the system.

If you have a cold standby it it essential that any updates or upgrades made to your production systems are also applied to the standby. Otherwise it will take you much longer to recover from a disaster.

Warm standby

A warm standby is a machine is always powered on and regularly receiving the data from your main system.

The benefit of a warm standby is that it’s much faster to switch over to than a cold standby. But this sometimes comes with additional complexity in the configuration of the servers adding cost.

Hot

You may be wondering if we have cold and warm then what is a hot standby?

Well technically it isn’t a standby at all. A hot system is one that is in use. This can be used in some systems where you have multiple machines in multiple locations both running as your main system. If one of the machines becomes unavailable the other machine will just be running everything for you until you get the failed machine running again.

Setting up a cluster of computers like this is even more complex and costly than a warm standby setup and so less likely to be used in small business applications.

The key thing to remember is that for everything that runs in your office you need to consider where to store the standby and have clear instruction on how to activate it when it is needed.

4. Remote Access to Computer Systems

In some disaster scenarios, like a global pandemic, your systems are still running and available but you and your staff may not be able to get into the workplace.

Or even in a non-emergency situation you want to enable your staff to work from home.

Remote access to your business systems is possible no matter what systems you are running.

If you only use cloud based systems then you should already be covered and can skip ahead. However if you have systems that are only available in the workplace then you need to consider how to enable remote access.

Remote Desktop Access

One approach to this is to allow access to a desktop like environment from a remote location. This will allow a remote worker to access all of the systems as if they were on a computer running in the workplace.

This can be achieved using a low tech option such as enabling remote desktop access to computers in the office using apps like Team Viewer or RemotePC. The challenge with this approach is that each remote session will require a dedicated computer in the workplace.

More advanced solutions like Microsoft’s Remote Desktop Services could be used to enable multiple staff to connect without having to maintain a bank of computers.

With both of these options the software required is installed on the computers in the workplace and the computer the remote worker is connecting from only needs the remote desktop client to access all of the systems.

Remote Network Access

The other approach you can take to allowing remote access is to allow authorised computers to access your workplace network via the internet.

This approach requires the computer that they are connecting from to have all of the required software installed. Keep in mind that this may have significant financial implications for software license costs if 2 copies per employee are required.

When enabling remote network access you may be tempted to open firewall ports to allow your staff to connect…

Please don’t do this without advice from a security professional!

This would be the equivalent of locking up the front door to your house and going on holidays but leaving your windows all wide open!

Remote Access Security

With misconfigured remote access solutions you are at risk of exposing business information, Customer personal information, Employee personal information and more. If you leaked this information then an environment disaster would turn into a business and PR disaster.

All remote access to internal systems should by via a Virtual Private Network or VPN.

And no this isn’t the same VPN you might be using to protect yourself online, like all those pop up ads you see on the internet.

A corporate Virtual Private Network allows you to share your applications, desktops or other access only to those machines that are logged into it. This means your systems are never exposed directly to the internet.

5. Remote Access Equipment for Staff

For your staff to be able to access remote systems they need a device to connect from.

Do you know what software is installed on your employees computers? Or how about how much spyware or malware that it is infected with?

Nope neither do I…

This is one of the reasons why I recommend providing laptops for anyone in your organisation that requires remote access.

Note that when using a corporate VPN as recommended above you usually have to install certificates on each machine to ensure your VPN is kept safe. This means each machine will need to be configured to connect. If you are using machines that you own then this becomes much easier to do when you commission the machine.

The computers you provide don’t need to be the most expensive around just enough to allow the systems needed to run correctly. Check out our recommendations about buying a laptop for your business.

6. Phone Systems – Virtualise your phone systems

Is your business reliant on the phone lines to remain operational? Are you still using old fashioned POTS systems? POTS being Plain Old Telephone System.

Modern virtual PABX systems are a fantastic option to modernise your phone systems and can be up and running in a matter of hours.

Virtual PABX systems use Voice Over Internet Protocol (VOIP). This means your phone calls are transmitted via your internet connection.
Because of this you need to be aware that you will need adequate bandwidth available on your internet connection. For most small businesses with only a handful of extensions this shouldn’t be an issue.

For larger businesses then I recommend getting a consultant to analyse your bandwidth requirements.

In a disaster situation your employees can use their mobile phone to connect to the virtual phone system and handle calls as if they were in the workplace.

Here at ITgeniq we use a virtual PABX and we can route calls to anywhere with internet access allowing us to work from almost anywhere in the world!

7. Storing Business Documents

Every business generates documents.

LOTS OF DOCUMENTS!

Spreadsheets, letters, reports, meeting minutes among other things. It feels like for every additional employee the number of documents goes up by a factor of 10.

Now imagine what happens to your businesses productivity when you can’t get those documents.

For instance you store all of your business related documents in the “Documents” folder on your computer in your office. The building burns down over night and now you have no way of getting those files back. EVER!

Obviously with decent backup procedures you should have an offsite backup to recover from. However if you use an online document storage service then you can just access them directly from any other computer.

This is why one of our core recommendation is to adopt an online file storage service as the standard location for all business documents.

There are a number of options available and any of the big names are a valid choice. If you use G-suite then use google Docs. If you have Office 365 then One Drive is your friend.

The one tip that I would give is to install the desktop client and automatically synchronise a folder on your computer and store everything in that area.

If you need a recommendation that is specific to your business then we can help you make the right choice.

8. Organise alternative working location.

So you have your IT systems backed up, standby in place or other appropriate action has been taken. Now you need to think about alternate locations for you to work from when disaster strikes.

In the case of a pandemic everyone working from home is the best option. However in other disaster scenarios you probably want to be able to setup new office space.

Years ago this would have been a tricky proposition and you would have been dealing with real estate agents and managing tricky leases. But this is the 20’s man and co-working is a great option for office based businesses.

I recommend doing your research ahead of time. Find and shortlist a number of possible co-working providers and establish and maintain a relationship with them. You can find co-working spaces that are happy to setup onsite IT equipment for your own network and IT systems if necessary.

For help finding co-working spaces near you check out https://www.coworker.com

If you require factory space then you may be able to negotiate with other larger factories in your area that may have vacant space.

Keep in mind that if you need critical infrastructure like on site servers the you should factor this into your alternate working arrangements. Just as we recommend with co-working spaces you should know where you can hire any equipment you require and keep a good working relationship with them.

9. Communication tools

With people working remotely holding keeping in touch with everyone can become a challenge.

Video Conferencing

Phone calls are not as productive as real face to face meetings. Being able to see the non-verbal communication cues aids improves our communication.

This is why we recommend video conferencing software as a critical part of your remote working technology stack.

There are a number of different providers to consider and which one you use will depend on your specific business needs. Here’s a few that might be worth looking into:

  • Zoom
  • Skype
  • Google Hangouts

Keep in mind that video conference tools are only useful if people use them. Make sure everyone in your company knows how to log in and use it before a disaster situation occurs.

Email

Remember that email is still a great option for communicating with other people in your company.

I know many smaller businesses don’t setup individual accounts for each staff member, however I highly recommend doing this as you can ensure availability of the communication channel.

10. Real-time Communication

Email and other collaborative tools we covered above are great but it’s not immediate. When a disaster is declared you need to be able to notify everyone of the situation.

I believe the best tool for this is the humble SMS message. Most people I know may leave emails unread, facebook messenger chats unseen but they almost always read an SMS.

Consider setting up an SMS notification system that is easy to use. For smaller businesses this may just be a group message already setup in your phone.

If you have more than a handful of staff then you should consider using an online service to maintain a list of your employees and send notifications. Note there are too many options in this space to make any recommendations. If you need help selecting a tool then get in touch.

Also make sure the list of phone numbers are available in the emergency plan covered in step 1.

Summary

When a disaster strikes it is important to be prepared. These 10 steps will help you get your IT ready to deal with any emergency.

If you need help with any of these steps we are here to help. Submit the form below and let us know what you need help with.

Leave a Reply