Your business is hit with a ransomware attack. Or your ecommerce site crashes. Your legacy system stops working. Or maybe your latest software release has a major bug. These are just some of the problems that ecommerce, technology and other companies experience at one time or another.
The issue is not if a problem – or crisis – occurs, but how your company handles it when it does. Manage the problem poorly, you risk losing customers, or worse. Handle a crisis promptly and professionally, you can fend off a public relations disaster and might even gain new customers.
So what steps can businesses take to mitigate and effectively manage an IT-related crisis? Here are eight suggestions.
1. Stay calm, prioritize and don’t point fingers
“During a crisis like a site outage, which has a high level of visibility, it is absolutely critical for senior IT leadership to remain calm and focused,” says Jake Bennett, CTO, POP. “Everyone on the team is under an extreme level of stress during an outage, and this can lead to mistakes. However, you need the team to perform their best at that very moment.
“As a leader, by simply being a balanced, reassuring presence, you can calm nerves and make sure the team stays focused on resolving the issue,” he explains. “Conversely, if you appear to be spinning out of control, you’ll take your team down with you and it will take much longer to resolve the issue.”
Similarly, “micromanaging your team when the pressure is on will lead to disaster,” says David Cox, CEO, LiquidVPN. “A better approach is to hold a 10- or 15-minute meeting [to lay out the problem(s) and what needs to be done], break up the work into sections, assign work to each team member and keep them focused on their tasks.”
Finally, don’t look for excuses. “If you start making excuses about what caused the issue or pointing fingers this will erode confidence,” says Eric Hobbs, CEO, Technology Associates. “There will be plenty of time for a postmortem later.”
2. Have both an incident response plan and a disaster recovery plan in place
“Handling a security crisis can often come down to preparation,” says Ron Winward, security evangelist, Radware. “Even if you don’t have a security budget, you can still plan for what you will do if you encounter a security problem. Understand who needs to be notified, both internally and externally, as well as who will be involved in your response. Then practice it. Those first few minutes and hours will be critical to how you fare under duress.”
Similarly, “when it comes to common network problems, like servers going down, it pays to have a recovery plan in place before it happens,” says Jacob Beckstead, marketing manager, Bailey’s Moving and Storage. The plan “should be detailed enough to follow step by step, but broad enough to allow room for improvisation, because even a well-laid plan always needs changing in the moment, depending on the specific situation.”
[ Related: 8 ingredients of an effective disaster recovery plan ]
3. Take snapshots regularly (at least once a week)
“If you’re hit with viruses, ransomware or data corruption, rely on snapshots to restore your data, rolling back to several minutes, hours or a day prior,” says Kevin Liebl, vice president of marketing, Zadara Storage. “With snapshots, your Recovery Time Objective (RTO) and Recover Point Objective (RPO) depends on how you have setup your automated snapshot process. Depending on how frequently you set snapshot levels, you may not be able to restore everything, but at least you’ll have a fast path to partial restoration.”
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.