No matter what data protection system your company uses, there is no way to fully ensure that your data will remain secure in the case of a major disaster. Can you restore data lost due to water damage? Do you know exactly how each of your employees should react? Who should you call, and when and how will your information system be restored to normal? Can you estimate the impact of an IT incident on your bottom line if your system is unusable and your employees find themselves temporarily unemployed?

1. Assess the risks 

If you did not prepare an Incident Recovery Plan in advance, here are our recommendations on what to do after an IT incident before restoring the lost data in the case of an unexpected IT incident that paralyzes the operations of your infrastructures. This advice assumes that you are unable to remedy the problem or assess its consequences. 
By following these recommendations, you will avoid taking a haphazard approach to recovery, which could do your company more harm than good!

The first step is to look at two indicators, always with the goal of determining how much it will cost your company and how long you have before the incident becomes fatal:

A. Recovery point objective (RPO):

the period for which your company can continue to operate without access to your affected infrastructure and the lost data.
What is the longest IT shutdown that you can endure in financial terms, and at what cost/loss?

These costs should cover all possible scenarios: for e-commerce, the cost of customers unable to use your services while they are unavailable or of transactions not recorded; the cost associated with delayed orders not fulfilled; the cost of your teams being unable to work; costs of customer claims and other business losses related to your brand image, etc.

• For example: you have an e-commerce store, and all or part of your IT system has stopped working. Will your customers still be able to access your online store? Can they still place orders and, if so, will your teams still be able to fulfill them? Will the transactions be properly recorded and processed? 

B. Recovery time objective (RTO):

the maximum period within which the affected data must be recovered and the IT system brought back online. 
To determine this period, you will need to consider the primary objective as well as the capacities of your teams and infrastructures and the problems you will need to address.

2. Calculate the actual costs of recovery operations

Weighing these factors should help you identify priorities and determine the quantity of resources you should allocate to protecting your computer systems against the risk of an IT incident or responding to a crisis (including subcontracting, developing a better technical infrastructure, implementing an appropriate backup infrastructure, recovering lost data, etc.).

Our advice:

• To prevent an IT incident, developing a specific data protection infrastructure for the processes essential to your business continuity will minimize your losses. Although these data protection and backup solutions do come at a cost, their reliability will spare you headaches in case of a major incident, enabling you to continue your business and not go under in the case of a true disaster.
• Don’t let panic drive you to act too hastily: it is sometimes better not to try to recover the lost data yourself (using backup copies or other methods), but instead to use a professional data recovery provider.

3. Prepare your Incident Recovery Plan

List. Rank. Prioritize. Then prepare the action models each task will require. These models should contain the following components: the roles and responsibilities assigned to each employee; how to respond to a crisis, including the procedures for what to do in case of a failure; possible recovery plans, including the details of the systems and infrastructures involved (configuration, inventory, backup copies, etc.); procedures that each employee should follow; and finally, documentation describing all the information about the failure and the actions taken since the incident was reported.