By David Zimmerman, CEO of LC Technology

In the wake of COVID-19, businesses are revisiting their disaster preparedness plans. Of course, the core part of such plans pertains to human safety from the virus itself. However, COVID-19 also prompted concerns about protecting data during a disaster. Businesses were thrown into array, with remote working mandates, partners and vendors going bankrupt, and general upheaval to the normal flow of business.

As the pandemic moves into a "new normal" stage, it is time to revisit your company's data protection strategies. COVID-19 has made enough of an impact already this year, so businesses that are not prepared for more unexpected events like data breaches or hurricanes could be wiped out completely. If a burglar takes 20 company laptops or the server room overheats, a prepared company could mitigate the damage through proactive planning.

Here are six expert tips for protecting and potentially recovering data after disaster strikes:

1.       Craft a Formal Written Plan

The typical office has a plan for disasters. If an earthquake or fire occurs, the employees should know how to exit the building safely and where to congregate outside. Besides keeping employees safe, the second most valuable asset for many modern companies is data. Creating a formal data management and protection plan is the first step towards data protection. The very process of planning uncovers issues and concerns, so you can find data management gaps and take proactive action.

A written plan provides guidance for all employees regarding the creation, movement, and ultimate storage for data. For disaster planning, detail the different types of possible issues (hurricane, flood, robbery, etc.) and establish actions and a chain of command. Some disasters such as hurricanes offer some lead time before they arrive. The plan should detail which information should be saved and moved offsite. Should the company delete sensitive data as a precaution? Provide step-by-step guidance for every team (not just IT) that's tailored to each type of disaster to best mimic real-world conditions. Keep in mind the limits of employee's actions during a disaster such as a fire. If the fire alarm goes off, you cannot expect staff to download their laptop data and carry external hard drives out the door.

2.       Collect the Information

Shift employee thinking to view data as a tangible asset: one that warrants consideration and protection. Encourage deeper conversations about all the sources of data the company collects. Not just transactions from the website, but also surveys conducted on a salesperson's website or photos and videos taken of product demos and stored on a DSLR. Centralizing and formalizing the collection of all this data helps keep it secure and provides downstream benefits in terms of using business intelligence tools or machine learning platforms. 

During this process, make sure all parties understand the corporate policy for keeping information. You should understand where all the data in your organization is coming from, and some might not even need to be stored long-term. Cutting out some data can reduce your footprint and exposure, while also streamlining the management process.

3.       Build a Network Map

If your company operates an on-site network, then you need detailed network maps to prep for a disaster. Build the map with labels for each component so you can recreate it at a different location. Work with the team to create a clear and simple naming convention, and then share the map in the cloud and over email to create multiple backups.

If your business is in a flood zone, then talk to the building manager about temporary equipment storage, especially if your network equipment is on the ground floor. Designate team members who can move the equipment and put someone in charge who understands the priority for each component and has "move or stay" authority. A network map is also invaluable for insurance purposes.

4.       Test Your Plan

A test keeps employees on their toes about their knowledge of the plan and ability to execute tasks under tight deadlines. Perform a detailed question and answer session after the test. Did the team access cloud or physical backups quickly? Did some members not understand their role? Did their actions correspond to the exact type of simulated disaster?

Review the answers and adjust as necessary, especially if the plan itself is flawed and needs correction. The testing might highlight other issues such as the need for more cloud storage, weak password procedures or too much local-device storage. Review the plan's language to see if you need multiple versions for different workers. The development team will read the plan differently than the graphic designers, so adjust the verbiage and instructions accordingly.

5.       Utilize the Cloud's Capabilities

The modern office's data protection plan needs the cloud at the forefront. After data is collected, organized, and unnecessary data purged, moving to the cloud is the next logical step. Whether it's a public, hybrid, or private cloud model, the data is secure and separated from natural disasters. Consider using multiple cloud services to create more than one backup layer. Use automated tools to flow information to the cloud and reduce the risks for loss. Set rules for individual devices and content creation in terms of saving to the cloud instead of local storage. Transition to online software platforms to reduce the need for moving data and limit possible exposures. And your data management plan itself should reside in the cloud, so it's accessible remotely.

6.       Embrace Proactivity

COVID-19 is a different type of disaster because it's ongoing and pervasive. It's not a single tornado or fire. As we enter a "new normal" for business, look closer at your partners and vendors in terms of their economic viability. If they fold due to the pandemic, how does that affect your shared data? And discuss their own disaster planning efforts to be sure they're taking the right steps and not exposing your company to unnecessary risks.

With data planning during COVID-19 and any other disaster, acting proactively is the best way forward. Develop a written plan, move information to the cloud, and get employees on board with safeguarding a vital company asset.

##

About the Author