We put the IT in city®

CitySmart Blog

Tuesday, March 27, 2018
Tim Koutropoulos, Data Center Engineer
Tim Koutropoulos

Highly competitive businesses (such as retail) care a lot about time to recovery. Why? Systems down for even just a few minutes can lead to millions of dollars lost and long-lasting, damaging impact to a company’s brand. But in the world of government, time to recovery is often overlooked as part of a disaster recovery plan.

Even city governments must collect revenue and keep their operations running to deliver mission critical services. Time to recovery cannot be neglected or taken lightly. Recent media coverage has put a glaring spotlight on a few Georgia cities that experienced compromised computers. As a result, these cities lost data, services were unavailable, and drastic steps were needed to recover. The result?

 

  • Unexpected, unbudgeted, reactive high costs
  • Services at risk
  • Community needs unmet
  • Citizen frustration

This is the risk of time to recovery realized. And as that time grows, cities see costs, risk, unmet needs, and citizen frustration all increase.

Is your city doing enough to ensure a quick time to recovery? Here are some ways to prevent your mission critical systems and operations from going down for weeks or months.

1. Address time to recovery for smaller incidents through onsite data backup.

For smaller incidents like a server failure or a limited virus infection, you can recover quickly from onsite data backup—sometimes within an hour or less. If something bad happens to your server and any initial means to address the issue are unsuccessful, then you always have a fallback of onsite data backup for quick recovery of your data, systems, and servers.

2. Plan for worst-case scenarios through offsite data backup.

Yes, a virus outbreak that affects thousands of computers is a very bad scenario. With cyberattacks, if you are on “the network” (connected to other computers and/or the internet), then you are at risk. It’s that simple. Hackers are looking for just one weakness as their entry point. This weakness can involve technology but it can also involve a criminal duping an employee. In one city’s case that was recently reported in the media, an email phishing attack appears to have tricked a susceptible employee. That’s all it takes.

Because you need to plan for the worst, offsite data backup must form part of your disaster recovery plan. It’s not just about fires, floods, and tornadoes. It’s about losing your site. A widespread cyberattack that compromises your network is the same as losing your site. For example, by taking snapshots of your data and storing them offsite (geographically separate from your onsite servers), you will be able to recover your data at a point in time when the data was not infected by a virus. You may still lose a little bit of data, but you will be able to recover most, if not all, of it reasonably quickly. Offsite data backup is an essential part of any disaster recovery plan—and it’s an underrated tactic to fend off viruses and ransomware.

3. Ensure that you can access your data soon after an incident.

Here’s where we go beyond simple onsite and offsite data backup recommendations. You may have data backups running and you may even have the data backups stored offsite. But can your city recover quickly? Ask yourself:

  • Do you have a plan?
  • Is your plan documented?
  • What procedures and steps will you follow?
  • Could someone other than you execute this plan?
  • Who has access to this plan?
  • Do they know how to access your data through this plan?
  • Do you know what systems need to be recovered first?
  • Is your technology compliant? Onsite and offsite?
  • Are you monitoring your data backups for issues?

As Benjamin Franklin once said, “By failing to prepare, you are preparing to fail.” When it takes weeks or months to recover, it raises questions—questions you need to ask yourself. Am I prepared? Am I taking the high risk of a cyberattack seriously?

4. Test your disaster recovery plan.

We’ve said this many, many times, and it’s always worth repeating. Test your data backup and disaster recovery plan by assuming a worst-case scenario. During this test, ask yourself:

  • Is all your data backed up (or at least what you designate as critical data)?
  • Can you recover your data and systems from your data backups? If not, then you can work to resolve those issues before a disaster happens.
  • Can you recover within any required timeframes from your data backups?
  • Are you truly accounting for a worst-case scenario?

Why do your firefighters train? Why do your police officers train? It’s because the likelihood of an event needing their response will occur.

In today’s cyber world, the likelihood of an event needing a tested disaster recovery plan at your city is high.


We’re not saying there is a magic way to prevent all serious IT disruptions, especially after a data breach, virus, equipment failure, or other incident. However, this set of time to recovery best practices can go a long way toward mitigating the risk of a longer outage—especially for mission-critical systems that affect public safety, business continuity, and revenue.

Worried about your time to recovery after a disastrous IT incident? Reach out to us today.