When Something Goes Wrong: Good contingency planning?

Question

I work at a small firm with little technical skill/knowledge.

One colleague had a hard drive die without any backup, and we recently had a virus come through and infect our test server (the gumblar.cn one) which we may or may not have transferred to a client's server.

After these two events, management danced around promoting good practices to avoid future occurences, for about a week.

Changing the company's culture to take this more seriously is one problem I'll try and deal with, but my question is...

What events should be planned for?

I suppose there are natural disasters, hardware failures, people quitting (bus factor?).

Answer 1

Think for a while what equipment and services you use and how likely it is that they fail or become unavailable for a while. Build a list. Evaluate how likely each problem is to happen, how much it will cost you and how much a backup solution costs. Then you decide.

Answer 2

Here are some common things:

1. Shared Directories on a Fault Tolerant server to be used as a policy for user files & data (with appropriate security). Event=data loss limitation
2. Scheduled Backups of the Server. Event= data loss limitation
3. Firewall Proxy with logging and intrusion detection. Event=Data damage and theft
4. Enterprise Virus Software deployed on server and clients. Event=Virus Infection, Data theft, System Damage
5. Automated IT assets tracking software that reports on hardware and software changes happening on servers and clients. Event=Data and Hardware theft, unauthorised modification
6. Off Site storage of data. Event=Data Loss limitation
7. Firefighting Equipment & Automated firefighting mechanisms. Event=Fire
8. Internet Filtering Proxy such as WebMarshall. Event=Protection against "drive-by" infections and risks.

etc. etc. You should be able to find much more comprehensive strategies, measures etc. on the Internet.