THESE 7 EMERGENCIES CAN TURN IT OPERATIONS INTO CHAOS

The typical IT department spends most of its time and energy maintaining smooth operations. The next biggest consumer of resources is implementing new technologies and products. As long as there are no major disruptions, these activities can be planned and coordinated. It is the unexpected emergencies that sabotage normal operations and chew up working capital. Avoid them and you'll sleep better at night.

There are several high-risk areas where a little planning can minimize the disruption caused by typical IT emergencies. You can't prevent all failure scenarios from occurring but by being prepared, you can minimize the damage and speed up the recovery effort.

Hardware Failures

Even the best equipment fails from time to time. These failures often result from the two worst enemies of electronics, dirt and heat. To minimize risk and maximize lifetime, keep your electronic systems clean and operate them in a cool environment. Be aware that when failures occur, replacement parts may be hard to find. The narrower the market and the older the system, the more difficult it will be to locate parts and service. Delays of weeks or months are common.

Be ready to deal with these breakdowns. Evaluate all major systems and identify those that are mission critical. Keep redundant equipment or spare parts on hand. If this isn't practical, find a technical support service that can guarantee 2-4 hour response and maintains a parts inventory.

Of course, make sure all systems are backed up regularly and test the restore process periodically.

Disgruntled or Mischievous Employees

We would like to believe that all network intrusions and unauthorized information retrievals originate externally. Unfortunately, it has been shown that many such activities originate inside corporate networks. Angry or unhappy employees can cause serious problems by virtue of the inherent trust we place in them.

Reasonable precautions can stop or at least minimize errant behavior. Have clearly documented policies and procedures for using corporate resources and for accessing information. Use security techniques such as passwords, encryption and internal firewalls to separate and protect sensitive information. Make sure doors to sensitive areas are locked at all times.

Software Vulnerabilities

Any software package is vulnerable, particularly if it accesses information over a network. This includes not just operating systems and browsers but also CRM, ERP, e-mail and office productivity software. While vendors shoulder significant responsibility for the current state of our software systems, ultimately the burden of protecting your network lies with you.

It is imperative to keep systems up to date with the latest vendor patches. Implement a policy for testing and deploying such patches on a monthly basis. Many companies that suffer serious consequences from an attack simply failed to keep their systems updated. Don't let this happen to you.

Virus, Trojan and Worm Attacks

Viruses, trojans and worms are variations of a common type of software that invades systems and performs unauthorized activities. Not all such software is destructive, but certainly unwanted. Keep anti-virus software updated at least weekly. Use desktop firewalls on critical systems and run spyware scans periodically.

It is also important to create an incident response plan. Once a virus has penetrated your network, it may spread quickly and be difficult to eradicate. You will need to respond decisively and isolate the infected systems immediately. This may require disconnecting a portion of the network and re-routing network traffic. Clean the infected systems and do not re-connect them to the network until the source of the attack is found and disinfected.

Natural and Artificial Disasters

If equipment is damaged by flood, fire, wind, temperature extremes, or any other cause that results in damage to the building, quickly restoring the hardware will not be enough. In these cases, operations may have to be moved to another location. This is where a business continuity plan comes in. This type of plan is essential to maintaining critical services after a catastrophic disaster. It also helps to have an IT asset database to make insurance filing and equipment replacement easier.

Security Breaches and Information Theft

If the network is compromised and sensitive information is stolen, you could face serious consequences and loss of business. If the information belongs to your customers, you may need to notify them. Firewalls and intrusion detection systems monitor network activity and often provide an early warning that illegal activity is taking place. Take full advantage of these solutions by keeping security systems up to date and reviewing log files regularly. Also consider using multiple security layers including internal firewalls, intrusion prevention systems and encryption to protect highly sensitive content.

Slow Response Times

Enhanced security measures and the ever increasing loads of new software create bottlenecks throughout corporate networks. Connectivity among employees, customers, suppliers and partners places ever increasing loads on our systems. Network servers slow to a crawl, desktop PC's struggle to run multiple applications, and network infrastructure is strained by too much data.

These problems grow over time and can be spotted early by keeping an eye on response times and investigating user complaints about performance. Productivity losses can be huge as network response degrades.

Often, low cost network improvements can achieve dramatic paybacks.

We read and hear about all the events discussed above on a daily basis. None can be completed avoided but the impact on your business can be minimized.

Take some simple precautions and make it standard procedure to monitor and review network activity.

No one likes to have their normal routine thrown into chaos.

Vin D'Amico is Founder and President of DAMICON, your ADJUNCT CIO™. He is an expert in leveraging open software to drive growth. DAMICON provides Freelance Technical Writing, IT Disaster Response Planning, and Network Security Management services to firms throughout New England.

This article appeared in Vin's monthly Virtual Business column for the IndUS Business Journal in February 2005.

To learn more about how DAMICON can help your business, please take a look at our service programs.