Disasters come in all sizes, from the significant events that can bring down your company's offices, such as fire or flooding, to the smaller occurrences that can strike your hardware or connectivity, such as server crashes or severed Internet connections. In fact, disaster can arise from something as simple as oversight—if, for example, an administrator leaves for a vacation without telling anyone a crucial password. Some disasters are unpredictable, and some occur because of lack of communication or planning. Regardless, the best disaster-recovery plan is one that you can build upon as you foresee new problems.
The usual safeguard against disaster is redundancy: You place copies of important papers and server backup tapes in offsite storage, RAID arrays keep systems running if one or more disks fail, and employees cross-train each other to do one another's jobs if necessary. Unfortunately, redundancy offers protection only if you know which parts of your infrastructure you need to duplicate.
Training plays an important role in disaster recovery because well-trained people can do a better job of identifying these weak points in your infrastructure. Well-trained network administrators can recognize overloaded servers and routers before the hardware fails and hinders your productivity. Knowing how all the pieces of the networking infrastructure work and paying attention to typical performance can help you build an effective plan to mitigate the repercussions of disasters.
Security training will also benefit your disaster-recovery efforts. Until the rash of viruses and worms of the last 18 months, many network administrators thought of security as just the mundane tasks of adding user accounts and resetting forgotten passwords. Now, administrators know that they can impede and even defeat attacks by implementing password complexity policies, creating zones for Internet-connected servers separate from the main network, scanning for viruses, and educating end users about risky actions, such as using Outlook's preview pane. Unchecked, attacks can cause an environment of chronic disaster by sapping Internet and LAN bandwidth, shutting down systems, blocking access by your customers, and clogging your email servers.
The usual method for protecting against security disasters is isolation, not redundancy. Isolating vulnerable parts of your network from the rest of the network is typically effective. However, isolation didn't stop the Nimda virus, which traveled to internal networks through email.
Knowledge is crucial in planning for disasters in the Information Age. As you plan your classroom training for the coming year, investigate whether the classes will not only teach you the skills you need to do your job, but also whether they'll help you understand where and how things can go wrong. Plan to attend local user-group meetings so that you can learn how your peers respond to crises. Look for conferences and online seminars that can give you a broader understanding of how to minimize the effects of failure in crucial parts of your network infrastructure. Improve your knowledge of proper security practices and look for ways to encourage hackers to look for other, easier targets. The best way to plan for disaster is by thinking about how something could go wrong before it actually does. Such thinking will help to prepare you for the unexpected.