How to prevent IT disasters


  1. 1 Consider how serious the consequences of a system failure, misuse or data loss could be (some surveys suggest they could cost small businesses up to £7,500 a day); use this to decide how much to invest in disaster prevention.
  2. 2 Purchase proven equipment and software; try to avoid bespoke systems. A good IT supplier can recommend reliable, widely-used hardware, software and cloud services.
  3. 3 Evaluate cloud services carefully. Using a reputable cloud computing service could be safer than running software in-house - providing you do your research. Check where your data is stored and how it is protected.
  4. 4 Assess the risks posed by staff using their own devices for work, particularly tablets and smart phones — known as bring your own device (BYOD).
  5. 5 Treat mobile devices as if they're computers. These days, employees' smart phones may hold lots of sensitive data, so you need to take steps to protect them. Make sure you can wipe these devices remotely if they are lost or stolen.
  6. 6 Arrange any external support you may need. For example, you might need help with IT installation, maintenance, training, troubleshooting and disaster recovery. Your two main options are to use outsourced IT support or to provide it in-house.
  7. 7 Physically protect your equipment. Use surge protectors or uninterruptible power supplies and ensure your premises are secure. Key equipment like servers should be kept locked in a separate room.
  8. 8 Establish security procedures (for instance, control access to sensitive information). Use anti-virus software and an internet firewall.
  9. 9 Assign responsibility for the system to one individual and make sure they have time to do this role properly. Provide cover when that person is unavailable, appropriate training and clear guidance on when to call in external experts.
  10. 10 Train employees how to use your IT system and specify what tasks must be referred to others. Establish a procedure for reporting faults or problems.
  11. 11 Establish and implement an email and internet policy to regulate how your staff use the internet. Make sure they’re aware of the risks - particularly from phishing and malicious websites.
  12. 12 Establish a safe installation and upgrade procedure, including backing up data, updating your anti-virus protection and running parallel systems while testing if necessary.
  13. 13 Carry out routine maintenance. For example, keep equipment clean and dust-free, run utilities to clean up your systems, archive old files and test system performance.
  14. 14 Establish an effective back-up procedure and store back-ups securely off-site. It’s important to regularly test restoring data from your back-ups.
  15. 15 Make plans to help you keep working and recover quickly should the worst happen.
  16. 16 Take precautions to protect your website. An attack on or problem with your site can hit sales significantly.

Cardinal rules


  • protect your system physically and with appropriate software and procedures
  • train employees
  • identify and arrange any external support you need
  • back up your data
  • make contingency plans


  • allow untrained employees to install unnecessary software
  • ignore the need for routine maintenance
  • assume that procedures will always be followed