W3 Discussion Comments

Testing the plan: Many of you were surprised that companies were not better prepared for disasters. The preparation can be very costly. Also, as you mentioned, the preparation can be next to useless if recovery procedures are not tested periodically. This testing can also be expensive. Sometimes business look at this expense and make a bad calculation on risk vs. reward.

In the future, you may be involved in making decisions about how much to invest in Disaster Recovery Plans and Drills vs. projects that could increase sales and profits. How much risk will you be willing to take?  Will you be able to sell your point of view to the person that makes the decision?

Many of you mentioned file backups in this discussion. Another key aspect of disaster recovery is having a way to get in contact with the people in the company who will be involved in the recovery. In a major disaster, how can you find out which employees are still alive and uninjured? Not being able to find people who know passwords or know where recovery passwords are stored can delay recovery even if backup files are available. What procedures and lists would you setup in advance? Remember that the normal phone systems may not be working.

War Story: Never assume that automatic backups are automatic. In Tech Republic, there was an article where a consultant discovered that backups at his client had not taken place for two weeks because someone unplugged the external hard drive being used for backups in order to charge his cell phone.

Trade-offs: Estimating the time to recovery helps management understand the trade-off between cost and recovery time. Having servers off-site ready to go allows for a quicker recovery. This is expensive in terms of initial investment and requires that data and programs be frequently replicated to the "hot backup" site. It is a business decision to determine how to balance costs vs. the business needed for a quick recovery. For example, Could Dominican survive a one-week outage? (I would say yes). Could the Chicago Mercantile Exchange survive a one-week outage? (I would say they would never recover their reputation and lost business).

Chicago is not immune to disasters: Chicago has tornados and winds especially along the I-55 corridor.  Dominican has a multiple week power outage three summers ago and made extensive use of all the backup generators.

What if you are not in the IT Department? Even if you run a department other than IT, you should determine how your department will operate under various disaster scenarios (no power for 2 days, fire in your department, flood keeps 75% of your workers from reaching the office etc.).

Dominican: You should read Jill Albin-Hill's comments in the Week 4 Optional Discussion to see what Dominican is doing in terms of Disaster Recovery.

If you hire an outside Consultant you should use him/her as a Consultant - not as the person to be making the management decisions that you should be making. You need the mind-set that you are responsible and you are in charge and that the Consultant is there to provide technical assistance and advice.

What would you do first -- was that a fair question? No, it was not fair because you did not have enough information to make a good decision on what to do first. You would have been justified in saying that the first step was to obtain the existing DR Plan and review it. However, I wanted to get you thinking about a specific environment and this question seems to have done that.

Personal Disaster Recovery (D3):

Personal disaster recovery planning also involves more than cell phone and hard drive backup. Depending in your situation, health insurance, disability income insurance, life insurance and home/renters insurance could also be very important. Lizet provided a good list and I have placed it at the end of the page.

Many of you mentioned using the Cloud for backup. Systems like Carbonite allow you to specify what files on your personal hard drive should be automatically copied to an off-site server. Other types of cloud personal backup include copying documents and files to Drop Box, Evernote, Google Documents, Hotmail, Gmail, or Windows One Drive.

Although this is not a course in computer security, you need to consider the security of backup copies of your personal and company files. Corporate Backups should be encrypted so if someone finds your backup files, they cannot easily extract information from them.

Lizet's list:

Items that should be in my Personal Disaster Recovery Plan:

• Homeowner’s Insurance Policy Agent Contact Information
• Copies of Important Personal Identification Documents: Driver License, Passports, Birth Certificates, Marriage License
• Financial Information ie: Bank account information
• Copies of Credit Cards and Bank Cards
• Emergency and Family Contacts
• Home Inventory
• Pictures and Videos Of The Contents and Components Of My Home
• Home Floor Plan
• Family Photos and Videos
• Document Protection- Help protect important documents by keeping them in a fire and water proof safe. 
• Scanning and storing my important documents on my computer- I can either download these to a USB drive or backup to my computer online with a virtual cloud data backup program.

What to Do if My Computer Crashes

Computer loss, theft, natural disaster, and accidental deletion, are just some of the ways you can lose the data you’ve spent a long time creating. The only way to prepare for the unforeseen is to have a good backup plan in place.

Three Kinds of Backups to consider:

• Bootable Backup (or “Clone”) - A clone is a complete copy of your computer’s primary hard drive. 
• External Backup Drive- A portable storage device that can be attached to a computer through a USB or FireWire connection, or wirelessly. 
• Cloud Backup- Strategy for backing up data that involves sending a copy of the data or proprietary or public network to an off-site server.

What to Do If My Cell Phone is Stolen

What to do if my cell phone is stolen?