I currently volunteer my disaster planning services for the rural township where I live. Computer security is not a major problem here, as our MIS department consists of a single PC. However, on a smaller scale, our township’s concerns are the same as yours. Just as with any business, our most important goal is to be able to recover from a disaster as quickly and cheaply as possible.

A key part of a security administrator’s job is developing a plan to mitigate damages after the inevitable disaster occurs. Since your goal is to keep the computers running with as little interruption as possible, nothing will give you a better sense of security than having a recent backup available. But to make backups a solid component in your overall security plan, you need to coordinate your efforts with a backup routine that regularly stores data offsite.

Backup pointers

  • Store the most critical files online (encrypted, of course) to make them accessible worldwide.
  • Don’t rely on tape for your long-term offsite storage, since it requires periodic rewinding.
  • Have a minimum offsite hardware configuration for total protection.
  • Establish a free Internet account in case your local ISP is also involved in the disaster.
  • Don’t put off implementing backup procedures while you wait for the “perfect” solution. Any backup is better than none!

How safe are backups from physical damage?
There’s a tendency to leave backups near the systems they’re created on. When I was a supervisor at an IBM 360 installation, the data tapes were stored just a few feet away, making them extremely vulnerable to any physical threat of damage to the computers. Today, the backups might be made to optical disks instead of tape, but often the backup medium is still treated too carelessly. I can’t count how many times in the past 35 years I’ve had to fight to enforce a backup procedure that moved the backups to offsite storage. Most clients who have ignored my advice have, at some point, regretted it. No matter how much resistance you encounter, at a minimum, it is vital to get the backup out of the computer room and into a fire-resistant safe. Ideally, it is best to get the media completely out of the building.

Have a comment?

Had a recent disaster? What steps did you take to recover? Was offsite storage a part of your recovery process? Start a discussion below or send the editor an e-mail.