When a computer disaster occurs, it has its origins in very diverse causes (inadequate infrastructures, lack of expertise of professionals, lack of security software…), and the consequences can be severe (drastic decrease in productivity, the collapse of the profits of the company…). In the face of a computer disaster, the company goes through four phases: initial panic, assessment of the situation, redo the work and return to normality.
Difference between computer incidents and disaster
To begin, we must be clear about the difference between an incident and a computer disaster:
An incident is an event we can fix: attacks (malicious code, denial of customer service, illegitimate system access, data theft or loss, physical damage, illegitimate use of systems and networks, or hacking).
Disaster: occurs when the incident is beyond our control, we cannot resolve it, it is sudden, and it causes severe damage to our computer system.
Functions (tasks) of computer disaster management
To be prepared, we must recognize them and put in place the means to manage them. Some of these means are:
- Prepare security alerts based on incidents.
- Analysis of incidents, documenting and cataloging them, establishing priorities.
- Study incidents, analyze their causes, and install security measures for future situations.
Establish a point of communication to receive and disseminate information on happenings.
Determine an incident response protocol and keep it updated to have defined the steps and the management of the problem that we must do.
How to make a disaster recovery plan
To develop a good disaster plan, several considerations must be taken into account:
Focus on the vital departments of the company.
Assess the threat risks to said departments.
Determine how to organize for the recovery of essential services.
Implement strategies to recover said services.
Run periodic tests to verify that the plan works.
Improve the program with the results of said tests.
Training, awareness and dissemination of the program among the employees who have to implement it.
Characteristics of a good recovery plan
For a recovery plan to be correct, it must meet at least the following characteristics:
Prompt restoration of the company’s essential services at all levels (hardware, software, access regulation…)
Double backup: on tape and in the cloud.
For a recovery plan to be optimal, it must anticipate any disaster (natural or human). The program must be checked and subjected to continuous evaluation by an expert to advise the company, relying on his skill and know-how.
Involvement of the entire company in the resolution
The directors of many companies consider that computer security is the sole and exclusive responsibility of the specialized department. Still, given the spread of computer equipment throughout the company, all personnel (from the directors to the last employee who uses equipment company IT) must be involved in preventing a computer disaster.
Many companies lack the means to deal with their own IT security and security training for their staff; To remedy these shortcomings, independent companies have emerged dedicated to providing this service to companies that lack the means to ensure adequate protection against computer disasters.
Phases for the elaboration of the recovery plan
A good recovery plan should consist of the following phases:
- Specify the recovery plan: the data, programs and structures that are essential in the company must be determined to design a recovery strategy in the event of a disaster, following the budget and with the personnel dedicated to it.
- Specify what role and responsibilities each team member involved in the recovery have. It must be a detailed plan with activities, protocols and people.
- A detailed list of all the elements that make up the hardware and software, as well as the contacts and maintenance details of the suppliers.
- Calculate how much a co-star will recover from the disaster in time and money, and assess whether the company can afford it.
- They must establish action plans for each disaster zone: the cloud, the databases, the network…
- Have an information strategy for employees, partners…
- Disaster drills to keep the recovery plan up to date.
As we have seen, computer disasters can seriously affect a company, and not all companies have the capacity and the problems to deal with security measures or to design recovery plans to guarantee their computer security.