X

Crisis management: Your 5-step guide to surviving IT emergencies

The thought of IT emergencies — from natural disasters to cyberattacks — has kept many an admin up at night. But thinking about it won’t help. What you need is a well-planned and structured contingency plan, one that analyzes potential problems and develops possible reactions. FUBAR (Fouled Up Beyond Any Repair) situations like crashed servers and outdated backups can hamper the normal work routine, but IT professionals can protect against possible downtime using the following methods:

1. Ensure the right people know about IT emergencies at the right time

The first thing you should do is take some time to figure out which people need to be informed about your IT emergencies. Also, note the sequence for notifying them. The best way to proceed is to prepare a list of all the company contacts affected by IT emergencies so they can be alerted. At the same time, write them down in sequential order so you can contact them in descending order of authority and importance.

However, this plan yields positive results only if you maintain a comprehensive database of all your contacts. Make sure to update them regularly. After all, if you try to get in touch with someone during a crisis and find that the information is outdated, you’ll lose vital minutes. Remember though that a single contact option is never a good idea for more critical roles. It’s better to keep a few substitutes handy who you can get in touch with via call or text at any time of the day. Have a record of their home numbers, email addresses, and mobile numbers.

Notify the people who will be called into work during IT emergencies. At the same time, speak to the higher-ups about who to inform regarding the crisis, such as law enforcement. To make things easier, try to strike up a good rapport with the authorities before a disaster occurs. Also, decide among yourselves in advance who will speak on behalf of the company to employees and clients. Have a thorough idea of what you need to say, how much you plan on revealing, and the way who intend to calm down the people who might be skeptical of maintaining business relationships with your organization.

2. Consider emergency scenarios and develop appropriate recovery plans

It is always better to prepare for IT emergencies in advance. For that reason, you should note down the worst-case scenarios capable of affecting your organization’s IT environment as well as the method you intend to adopt for resolving each scenario. Discuss this with your team and facilitate discussions about similar experiences they may have had in the past. This will help you build out potential solutions for every one of these scenarios. Maintain a record of these sessions because when crisis strikes your company, you will always find some helpful suggestion or note that can help you devise multiple solutions.

The key is to identify the important aspects of your business. Not everything deserves protection or is worth saving. For example, your proprietary data needs to be safeguarded from threats at all costs. On the other hand, you can afford to let go of any information that can be made public.

3. Organize and save copies of your crisis process outside the company premises

As soon as you devise the process — starting with the alarm chain to the contact people, and ending with potential disaster situations — find a good place to store this info. Once a disaster occurs, you might not be in a position to access your company server for a specific period. Thus, you need to have a hardcopy of the process off-premises but close enough to be accessible.

The ideal course of action would be to keep printouts of the necessary documents. Remember to store one copy in a safe location within the office and another copy in a separate area that is fireproof. In fact, your home might be a good place to store such sensitive documents, as long as the company authorities allow it.

4. Make room in the budget

Once you start recording the crisis plans, it may expose loopholes in the current operations of your organization. Notify the management early on about such shortfalls, so they take corrective action wherever necessary. Keep in mind though that this might involve budgeting. Because once the disaster situation is mitigated, additional concerns might crop up.

For example, the server room of your company might be in a state of disrepair, and you might have to replace the entire environment immediately. Unless you have the requisite amount of cash and suppliers ready, you will fail to accomplish the task in time. So, make it a point to alert your CEO as well as your CFO quickly.

5. Importance of testing and improving the measures to handle IT emergencies

Flickr / Sergey Galyonkin

Most of the time, a crisis sheds light on areas that were unplanned. But by then it is too late. Even the most efficient, comprehensive emergency plan will fail without the right testing. Sure, this might be a time-consuming affair, but it can lead to stronger, more effective solutions. Put all your theory to the test at least once a year, so you have proof that it works. If everything goes smoothly during the emergency crisis simulation, then the battle is already half-won.

Make the process of testing a part of your annual routine. Take your backup tapes and start from scratch in a clean environment. Use clean servers to try and restore the important aspects of your company. You will be surprised how many problems you find each time. Do not skimp on testing and stay protected. Make sure other members of your team practice the procedures as well on a regular basis. Otherwise, your IT survival plan might become ineffective.

In a predominantly digital environment, everyday operations suffer from the loss of access. Unfortunately, critical IT technology cannot afford downtime due to the reliance on interconnected devices. As a result, admins must make provisions to keep systems stable at all costs and prevent failures by responding quickly to IT emergencies.

Featured image: Shutterstock