This story was originally published on Oct. 18, 2018, and is brought to you today as part of our Best of ECT News series.
Think about planning for a natural disaster emergency that might affect your home. You’d likely store some water, flashlights, food, blankets and other essentials. The key element of your planning would be proactivity. You’d do all of the work before an emergency occurred, not during the actual crisis. If your supplies were used up after the emergency passed, then you quickly would restock before the next flood, fire, landslide, hurricane or lightning strike.
Protecting data requires a similar approach: putting in place as many safeguards as you can before anything bad happens.
Natural or man-made disasters are a significant risk to data, especially when they strike companies that are ill-prepared. When a company is data-centric (most 21st Century businesses are), then complete data loss often destroys the entire business.
So, whether it’s a burst pipe that floods the server room or a fire that decimates an entire office building, companies have to protect their information. Thankfully, by taking some proactive steps and embracing the right technology tools, companies can lessen the risks posed by emergencies to a great extent.
Following are six tips for managing data proactively against disasters.
1. Develop a Formal Plan
Many firms complete disaster management and recovery plans that detail evacuation routes, communications procedures and other details. These are vital, as the safety of people is of paramount importance. Another part of such plans should be how data is managed and protected during emergencies.
Crafting a written plan forces you to consider any flaws in your data management and makes everyone accountable. Perhaps you operate a server room in an office that’s prone to flooding, or you’re ignoring strong password procedures. A written plan brings such flaws to light.
The plan needs to account for the type and severity of an emergency. For example, if a hurricane is two days out, then what steps should the firm take to prepare? Perhaps sensitive data should be wiped from the servers and moved offsite? Does the plan account for the most likely types of disasters given the geographic location?
Assign specific tasks to each member of the team as part of the plan. Every staff member should understand that data is an asset, and that it must be managed proactively before an emergency strikes. Of course, you should create a data plan as part of a broader disaster response plan that first ensures personal safety. Never place people in a spot where they try to save data when instead they should be exiting the building or taking some other action. Simply reinforce the need for proactive planning.
2. Collect and Organize the Data
Think of your data as a tangible asset, similar to the actual office building, machinery, computers, and all of the other “things” in the office. With this mindset, you can spot all of the data sources effectively, and then work to organize them into a centralized location.
Perhaps your remote sales team has some video and photo files from a conference that are stored on a digital camera. That graphic designer consultant you hired might keep your new logo files on a personal laptop, instead of your servers. You can protect only what you can find, so perform a collection and organization phase to keep your data secure.
Perform an accounting of your files, and organize them in a way that makes sense, likely on cloud services. Organization removes data loose ends that can be impacted or overlooked during or after an emergency.
Remember that you don’t have to keep everything, unless there’s a regulatory or compliance reason to hold the information. Cutting some unneeded data can reduce your information footprint and leave you less exposed to problems. Collecting the data also can improve your company’s ability to perform analytics, and perhaps relate two previously unrelated data sets for new observations.
3. Prepare to Recreate Your Network
If you still operate an on-site network, then you have to understand its architecture intimately. Create network maps with labels on all the components so you can recreate the network if needed at an alternate location. Use a simple and clear naming convention and then share the network map with the group via email, and store the map in the cloud.
If you operate in a flood zone and your network equipment is in the basement or on the ground floor, then work with the building manager to have a temporary equipment location to keep your data safe. Part of the plan should include designated team members that will move the equipment, details on who makes the final move-or-stay decisions, and a priority list so staff will move the most valuable equipment and data first. Conducting a network map and inventory also can be useful for insurance purposes.
4. Test Your Plan for Weaknesses
You cannot simulate an actual hurricane or lightning strike, but you can test your plan under simulated conditions. Doing a test is a way to see if staff members know how to follow the right procedures and if your backups are easily accessible.
Did your team gain access to cloud backups quickly during the test? Did everyone understand their specific role? Testing should answer these types of questions. Any deviations from the plan warrant some retraining and review of the plan in case conditions or best practices have changed.
Perhaps the testing shows flaws in the team’s security and password procedures, or exposes the need for expanded cloud storage to include all of the firm’s data. Talk to your entire team after the testing to see if parts of the plan are confusing or contradictory. The plan might need a rewrite with plainer language to avoid any miscommunications. Recognize the technical aptitude of everyone reading and following the plan, and adjust the language and procedures accordingly.
Testing a plan is also a prime opportunity to see if your business adheres to regulations such as fire codes or various data management rules. You might uncover gaps in your procedures during the testing phase which you can fix before your next audit.
5. Secure Your Hardware
While it’s a best practice to move most of your data to the cloud, businesses still utilize devices for content creation and data storage. Protecting these devices can save your data and reduce your capital costs. For flood protection, electronics should be elevated off the floor and all cords unplugged. If time permits, you can store devices in waterproof containers. Run diagnostics on your power supplies to check for overheating that can spark fires.
To prevent fires, you can keep electronics free from dust, check worn cords, and maintain monitored temperature and humidity levels. If you operate an on-premises server room, then you need a fire suppression and detection system with “clean agent” technology that uses special chemicals to stop fires without utilizing damaging water. Server room fires often start because of overheating, so ensure your room’s cooling system is functioning optimally.
Thunderstorms bring the risk of power surges that can wipe out hard drives and fry electronics. Use approved surge protector devices that are rated properly for your specific hardware. Unplugging devices is a low-tech way to remove them from power-related risks, especially when they’re also stored in waterproof containers.
6. Take Advantage of the Cloud
The modern business needs instant connectivity to data. The cloud provides this connection and is ideally suited for data management during emergencies. Choose a major cloud provider such as Google or AWS and back up all of your data with automated tools so you don’t expose any information to loss. Consider using more than one cloud provider for extra protection, especially for the most sensitive or important information.
Your data management plan also should be a cloud-based document so it’s easy to access after an emergency by staff members who might need to work remotely for days or weeks.
Having access to the cloud is only useful in an emergency if you’re continuously moving data to cloud storage. Put in place automation to move files to the cloud on a schedule. Also consider moving staff away from traditional offline software platforms and utilizing online-created formats to remove the risks posed by data-destroying incidents.
The cloud effectively removes your data from localized events such as hurricanes or earthquakes. It also allows your staff to work remotely for extended periods after a disaster strikes, so your business can remain viable and survive. The plan should detail what staff are expected to do in terms of reconnecting to the network and their workflows — assuming, of course, that the disaster did not impact their homes and families directly.
Accidents and emergencies happen. A fire can break out within another company’s offices because someone plugged in too many Christmas lights. Or the city might have neglected the water infrastructure, causing a pipe to burst and flood the entire building.
These types of emergencies come without any advance warning, but they’re still manageable with advance planning. The key for IT managers and facilities operators is to proactively plan for disasters. Expect the worst outcomes, build in redundancies and safeguards, and then you and your data will likely emerge unscathed.