How Resilient are Your IT Systems?

When an IT update causes systemic disruption, how should businesses and their advisers respond in terms of their own IT testing and planning?

CREDIT: This is an edited version of an article that originally appeared on ICAEW

A widescale IT incident – such as a system wide crash or update failure – can have massive implications on a small business, affecting operating processes, deliveries and data security. In addition, such incidents can cause damage to reputation as customer businesses are also affected causing a knock-on effect to services.

Experts stress the importance of regular IT resilience testing to prevent the significant reputational and financial damage that can result from large-scale IT incidents.

Daniel Teacher, Managing Director of T-Tech says that businesses should not be complacent when it comes to testing out their IT resilience.

“Importantly, try to work with a supplier who’s tried and tested, and ask them difficult questions on an annual basis,” says Teacher. “Just because a year ago they were good at something doesn’t mean they still are.”

There are risks in not testing software sufficiently. Even when nothing else in the organisation is changing, software should be tested thoroughly – something that few organisations do regularly or rigorously enough.

“Contingency planning relates to the IT team’s ability to respond to a large-scale issue quickly. Having one person in your IT team who is qualified to assist is not going to help you,” says Teacher. “You need to make sure you have a way to respond to an incident very quickly. You don’t want to be dependent on one or two people.”

Taking lessons from the CrowdStrike incident on 19th July which caused an estimated 8.5m computers running Microsoft Windows to crash, Ian Pay, ICAEW’s Head of Data Analytics and Tech, said “Given most businesses place heavy reliance on third-party software and IT infrastructure, it’s unlikely you would be able to completely avoid something like this impacting your operations if it happened to you. So, it’s all about risk mitigation and having a plan in place for catastrophic IT failures.”