Preventing IT disasters - checklist

A man uses a secure password to access the company's IT

If the thought of an IT-related breakdown or data breach gives you cold sweats, you need to take steps to minimise the risks. These steps can help safeguard your IT

  • Consider how serious the consequences of a system failure, misuse or data breach could be (government data reveals that 32% of the firms surveyed in 2023 had suffered a data breach in the previous 12 months); use this to decide how much to invest in disaster prevention.
  • Purchase proven equipment and software; try to avoid bespoke systems. A good IT supplier can recommend reliable, widely-used hardware, software and cloud services.
  • Evaluate cloud services carefully. Using a reputable cloud computing service could be safer and more cost-effective than running software in-house - providing you do your research. Check where your data is stored and how it is protected.
  • Assess the risks posed by staff using their own devices for work, particularly tablets and smartphones - known as bring your own device (BYOD).
  • Ensure your data practices (from capture to processing) comply with the General Data Protection Regulation (GDPR).
  • Treat mobile devices as if they're computers. These days, employees' smartphones may hold lots of sensitive data, so you need to take steps to protect them. Make sure you can wipe these devices remotely if they are lost or stolen.
  • Arrange any external support you may need. For example, you might need help with IT installation, maintenance, training, troubleshooting and disaster recovery. Your two main options are to outsource IT support or provide it in-house.
  • Physically protect your equipment. Use surge protectors or uninterruptible power supplies and ensure your premises are secure. Key equipment like servers should be kept locked in a separate room.
  • Establish security procedures (for instance, restrict access to sensitive information to those who need it). Use anti-virus software, strong passwords and an internet firewall. Change passwords regularly and remove access from staff when they leave the business.
  • Assign responsibility for the system to one individual and make sure they have time to undertake this role properly. Provide cover when that person is unavailable, appropriate training and clear guidance on when to call in external experts.
  • Train employees how to use your IT system and specify what tasks must be referred to others. Establish a procedure for reporting faults or problems.
  • Establish and implement an email and internet policy to regulate how your staff use the internet. Make sure they're aware of the risks - particularly from phishing and malicious websites.
  • Establish a safe installation and upgrade procedure, including backing up data, updating your anti-virus protection and running parallel systems while testing if necessary.
  • Carry out routine maintenance. For example, keep equipment clean and dust-free, run utilities to clean up your systems, archive old files and test system performance.
  • Establish an effective backup procedure and combine in-house backup measures with an online backup service. It's important to regularly test restoring data from your back-ups, too.
  • Make plans to help you keep working and recover quickly should the worst happen.
  • Take precautions to protect your website. A cyber attack or problem with your site can hit sales significantly.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.