Top Tips to Tackle IT Crisis Preparation and Employee Training

Mastering IT Crisis Preparation. Discover essential plans, training, and security measures to safeguard your business.

Table of Content

    We all like to be “glass half full” people, but let’s face it, in a post-COVID world, we realize that disaster happens—either man-made or natural. How can your IT department ensure its prepared for anything? 

    To prepare an IT department for a natural or human-related crisis, you must think about your business from every possible angle. To do that, you need to work with other key stake holders to understand how they do business and what systems and data drive their productivity. You also need to understand the possible events that can impact your business and estimate their likelihood of occurring. Understanding the scope of what you’re protecting and what you’re protecting it from is not static and should be reviewed at least annually. To ensure a business can survive a disaster, having plans and processes in place beforehand is essential.  

    Top Tips to Tackle IT Crisis Preparation and Employee Training: How to prepare for the next big disaster

    While technology plays an important role in crisis response, it’s only one part of a comprehensive strategy, says Sean O’Brien, cybersecurity lecturer and Yale Law School Fellow. “Effective crisis preparation requires a holistic approach that takes into account the needs of all stakeholders, including employees, customers, and the broader community,” he states. 

    How to Plan for The Next Big Disaster

    Crisis preparation begins with planning—outlining the steps that must be taken in the event of a crisis, as well as procedures for data backup and recovery, network security, communication with stakeholders, and employee safety, says O’Brien, who founded the founded the Yale Law School Privacy Lab. “Every organization should conduct regular drills and simulations to test the effectiveness of their plan,” he adds. 

    Having a plan is important, but testing and constantly improving that plan is essential for it to be effective in a real-world situation. Testing shows how comprehensive the plan is and highlights areas for improvements (Was anything missed? What could have been done better? Easier? Faster?). Testing also allows for those that are taking the actions to practice. A well tested plan will reduce downtime and could minimize the impact of an incident.  

    Zero-Trust Architecture is Key 

    From a security perspective the best course of action is to shift toward zero-trust architecture ASAP. Zero trust reinforces the idea that there is no safe haven, no castle to lock away your data. With its three principles (verify explicitly, use least privileged access, and assume breach), zero trust provides a road map for a more secure organization while preparing them to scale safely and be more prepared as cyberthreats evolve. By assuming breach, our goal is to decrease the impact.  

    Crisis Preparation Key Stakeholders 

    Crisis planning is typically led by the head of an organization’s IT department but buy in from key stake holders is important because they will help drive the importance of security, planning and help identify what systems, data, and processes are most important.   

    Regardless of who’s in charge, there should be unique plans designed for covering various types of potential crises. A volcanic eruption or a hurricane will certainly require a different response than a cyberattack. Organizations can’t plan for every scenario, but plans should be tailored to specific crisis scenarios as much as possible and should outline the steps that need to be taken to address the situation. 

    Employee Training for Crisis Preparation 

    Every employee should be well trained and prepared for crisis aversion. Employees can be your greatest risk or your best line of defense when it comes to cyber-attacks. Poorly trained employees can undermine even the most sophisticated protections. All it takes is one person downloading an infected file or clicking a malicious link and, just like that, bad actors gain access to start latterly moving. The good news is, arming your team with some basic skills is one of the best (and easiest) ways to defend your business from cyber-attacks. Annual security training should be a minimum, recurring attack simulations, and consistent messaging from all levels of management of its importance. It is critical that employees have a clear process for reporting and responding to cyber incidents.   

    Initially, your goal is to demonstrate to employees how individual actions are directly linked to protecting the organization and its customers from cyberthreats. Reassure employees that it’s ok to raise their hand when they think they did something wrong, or something feels off. Remind them consistently that mistakes happen, but a small mistake can become larger if you pretend like nothing happened. Educate employees about current threats—ransomware as a service, recent breaches, business interruption vulnerabilities, etc.  

    Train employees how to spot phishing emails, texts, social media messages, apps, and websites. Small things like looking at grammar usage, salutations (i.e.: Dear Sir/Madam), and sender emails (i.e.: or hovering over links for more info before clicking can go a long way in preventing crises before they happen.  

    Remote-hybrid work has increased the threat of cyberthreats—with more threat actors capitalizing on unsecured personal devices, Remote Desktop and VPN vulnerabilities, and things like USB devices. It’s important that your training efforts focus on ensuring that employees are aware of the risks that come with their devices and what they can do to stay safe.  

    IT Crisis Response Plans 

    Crisis response plans will be informed by your business model, strategy, and the regulations that dictate how these things are accomplished within your industry. But, all industries need to clearly define and document your game plan, communicate it to key employees, and run routine tests to ensure that you’re ready to fend off threats of all types, whether it’s natural disaster or driven by malicious actors.  

    It’s worth noting that cyber incidents come in many different “flavors,” and you’ll want to consider those nuances as you develop a response plan. Like, how will you:  

    •  Respond to ransom demands? 
    • Report incidents to law enforcement? 
    • Inform customers that there’s been a breach? 
    • Check backups and critical systems for infection? 
    • Quarantine infected systems and files? 
    • Get up and running? 

    Crisis Preparation Mistakes   

    The biggest mistake that an IT department can make is not backing up their data securely. If a client has been breached, the very first thing we ask them is if they have their data backed up. It can mean the difference between a dead-in-the-water or business-as-usual scenario. In addition to ransomware attacks, you need a backup in case of system crashes, storage failures, theft, or simply human error. A company’s data is its life blood.  

    In the event of a disaster, getting your business up and running again quickly can give you a competitive advantage. Many businesses around the world have suffered huge losses and reputation damage after poorly handling incidents. Being able to assure your customers and partners that you have a regularly tested disaster recovery and business continuity plan can make your business more reliable than those that don’t. Proper planning means your doors can stay open or open back up faster in the face of a disaster.   

    Every crisis plan requires continuous maintenance. A neglected plan, one that falls out of date by failing to address new and evolving threats—as well as changes within the organization itself—is ultimately worthless. If you need help with IT crisis preparation, reach out to an expert at Velosio today!

    Eric Robertson

    Director of IT

    Follow Me:

    Ransomware & Cybersecurity
    Dynamic Communities Summit ’23
    October 15-20, 2023
    Learn More
    Advanced Projects for D365 Business CentralAgribusinessAnalytics, Business Intelligence & WorkflowsAXIO Advanced ProjectsAXIO for Dynamics 365 FinanceBusiness ProductivityCloudCommercial HVACData FabricDealer ManagementDistributionDynamics 365 Business CentralDynamics 365 Customer Engagement & Dynamics CRMDynamics 365 ERPDynamics 365 Finance and OperationsDynamics AXDynamics GPDynamics NAVDynamics SLEnterprise Resource Planning (ERP)Field ServiceGenerative AIIndustry InsightsMarketing AutomationMicrosoft (Office) 365Microsoft CopilotNon-ProfitOn-Premises DynamicsPower AppsPower AutomatePower BIPower PlatformProject Centric BusinessProject Service AutomationRansomware & CybersecurityRestaurant Equipment DistributionSharePoint