Skip to content
Close
Get Started
Get Started
VC3 is the bar

We Make IT Easy

With VC3, it’s never license this, per hour that. Instead, it’s good people. Good people who work tirelessly .

Learn More
"VC3 has made it easier than ever before for our local government to serve our citizens by providing us with modern web tools and a team
of talented and courteous professionals.
City of Valdosta, GA
Get out of the IT trenches

Municipal Disaster Recovery Checklist

Download the guide for real-life scenarios, containing data backup lessons and a checklist to help ensure you are ready for a disaster. 

Learn More

Municipal League Partnerships

VC3 is the IT partner that focuses on municipalities. We understand your budgeting cycles and critical
concerns.
Our Partners

2024 Managed IT Services Cost & Pricing Guide

You’ve probably heard about how managed IT services saves businesses money and are wondering if that’s possible for your organization too. This guide will help walk you through different pricing strategies and costs you can expect.

Get the Guide
Get Started
GovernmentBuilding-katie-moum-623907-unsplash-e1610401340764-1

An IT Disaster Recovery Blueprint for Municipal Leaders

“A Disaster? It Probably Won’t Happen to Me. Right?” 

When you think of a disaster that can impact your municipality, it’s easy to think of something rare and devastating on a mass scale. We think of disasters the media would cover—a massive hurricane, a F5 tornado, or California’s wildfires. 

Thinking of a disaster as rare affects our ability to believe it won’t happen to us. Thus, it’s easy to not properly prepare for a devastating disaster, leaving your municipality at risk of serious disruption. 

For a moment, let’s think about a rare disaster. Why is it frightening? A few reasons: 

  • Potential injuries and loss of life. 
  • Serious property damage. 
  • Organizational disruption and possible operational shutdown. 
  • An inability to serve residents. 
  • Destruction of IT systems and permanent data loss. 
The first two reasons deal with loss of life, threat to health, and damage to property. It’s true that rarer disasters more often lead to these outcomes. 

But what about the other reasons? Common disasters can easily cause organizational disruption, prevent you from serving residents, and lead to permanent data loss. 

It’s important to define a disaster by its impact rather than its nature. Before we comment on rarer disasters, let’s first look at disasters that could easily strike at any time. 

What You’ll Learn in This Guide:

  • 1
    Common Disasters: Ransomware and Other Cyberattacks
    View
  • 2
    Common Disasters: Flooding and Fire
    View
  • 3
    Common Disasters: Power Outages
    View
  • 4
    Seasonal and Geography-Specific Disasters
    View
  • 5
    Disaster Best Practices
    View
  • 6
    Monitor Your Backups
    View
  • 7
    Endpoint Detection and Response (EDR)
    View
  • 8
    Proactively Monitor and Manage IT infrastructure
    View
  • 9
    Employee Training
    View
  • 10
    Create a Disaster Recovery Plan
    View
  • 11
    Disaster Recovery Checklist
    View

Short on Time? Download the PDF! 👇

An IT Disaster Recovery Blueprint for Municipal Leaders Cover

 

Common Disasters 

Ransomware and other cyberattacks 

When you think about a disaster, ransomware often doesn’t come to mind. It’s not caused by nature, it’s all electronic, and it seems like it’s just an IT problem if it happens. Yet, the impact of ransomware or another serious cyberattack can wreak havoc as much as or more than a natural disaster—seriously affecting your operations and finances. 

Compare the effects of a ransomware attack with a natural disaster. 

  • Operational Disruption: Ransomware encrypts files and locks users out of their systems, effectively halting all operations until the ransom is paid or systems are restored. 
  • Financial Losses: Some municipalities may feel compelled to pay the ransom, which can be a substantial amount. (However, there's no guarantee that paying the ransom will result in the restoration of data.) Even if the ransom is not paid, the costs of restoring data from backups, cleaning systems, and rebuilding infrastructure can be significant. 
  • Permanent Data Loss: If backups are not recent or also compromised, some data may be permanently lost such as tax records, business licenses, financial reports, police reports, body camera video, utility records, etc. Even if data is recovered, it may be corrupted or incomplete, leading to further operational challenges. 
GovernmentBuilding-katie-moum-623907-unsplash-e1610401340764-1

Municipalities are often targets for ransomware and other cyberattacks. Ransomware attacks get a lot of attention, but there are other cyberattacks that can also be devastating. 

  • Distributed Denial of Service (DDoS) Attacks: DDoS attacks overwhelm a municipality’s servers with traffic, causing service disruptions and potentially taking down websites and online services. 
  • Business Email Compromise (BEC): BEC attacks involve fraudsters impersonating executives or trusted partners to trick employees into transferring funds or sharing sensitive information. 
  • Malware: Malware includes various types of malicious software such as viruses, worms, and trojans designed to damage, disrupt, or gain unauthorized access to systems.

Common Disasters 

Many common natural disasters can strike out of nowhere and lead to devastation. 

firefighter looking at wildfire

Flooding and Fire 

Flooding is the most common natural disaster that takes place in the United States, and major flooding events have increased during the last 10 years. In fact, 25% of flood insurance claims come from moderate- to low-risk areas—meaning a lack of past incidents are not predictors of future incidents. 

Fires are also very common. Many originate through faulty wiring, unattended cooking, cigarettes, improper storage of materials, spills and leaks, overheating equipment, clutter, and other forms of negligence. Lightning strikes can also cause fires, particularly in areas with inadequate lightning protection systems. 

Such common disasters can arrive out of nowhere, causing physical, operational, and financial devastation. From an IT perspective, consider the following repercussions: 

  • Infrastructure Damage: Floodwater or fire can damage buildings, machinery, and IT infrastructure such as servers, computers, and network equipment. 
  • Data Destruction: Physical damage to servers and storage devices can lead to the loss of critical data. 
  • System Downtime: Flooding or fire can cause extended downtime for IT systems, disrupting municipal operations and resident services. 
  • Recovery Costs: Data recovery efforts can be costly and may not always be successful, leading to permanent data loss. 

Power Outages 

Power outages are also a source of disaster, depending on the severity of the outage. From an IT respective, a major power outage can involve: 

  • Damaged hardware components from the sudden shutdown
  • Unsaved changes to files and documents
  • Data corruption caused by voltage spikes and irregularities
  • Critical systems inaccessible due to a backup power system failure 

Seasonal and Geography-Specific Disasters 

We’re definitely not ignoring the bigger natural disasters, but we want to make sure we place them within a wider context of disasters—from the common to the rare—that reinforces that a disaster can strike at any time. 

Tornadoes 

In the United States, tornado season lasts from approximately March through July, although a tornado can strike at any time. The South usually gets the most tornadoes between March and May, while the Northern Plains and Midwest are most at risk during June and July. 

Remember, all it takes is an “average” tornado such as an F2 tornado, with winds upward of 150 miles per hour, to cause serious damage. 

Hurricanes 

Hurricane season lasts from approximately June through November, although a hurricane sometimes appears outside of that monthly range. States that most need to worry are the Gulf Coast states (Texas, Louisiana, Mississippi, Alabama) and East Coast states (especially Florida, Georgia, South Carolina, North Carolina, Virginia, and New York). 

Even “mild” hurricanes can cause enormous flooding, power outages, and wind damage, from the coast to far inland. 

Wildfires

Wildfire season lasts from approximately October through January, although wildfires can spread any time. While California gets most of the media attention for its massive wildfires, Texas actually experiences the most. The Southeast is also quite prone to wildfires. 

There is often little warning before a wildfire tears through an area, giving people evacuation as an only option. The devastation to a city or town can be apocalyptic. 

Earthquakes

Thankfully, massive earthquakes are rare, but they can happen out of nowhere. Again, California is an obvious state at higher risk, but states such as Alaska and Hawaii also experience many earthquakes. Earthquakes can quickly destroy buildings—which contain your servers and IT equipment—and lead to permanent data loss and operational disruption. 

Disaster Recovery Checklist 

Municipalities provide a diverse range of services to the public and handle a lot of critical data. For example: 

  • Police, fire, and emergency services data require immediate availability and high levels of security.
  • Water, electricity, and waste management systems need reliable data backups to ensure continuous service in case of a disaster.
  • City Hall needs to keep functioning during and after a disaster to assist residents. 

To recover quickly from disasters, no matter their devastation, requires a set of best practices that mitigate the risk of permanent data loss. 

blue check mark iconUse onsite local data backups to lessen  time to recovery for smaller incidents (such as a server failure). 

An onsite backup solution can get you up and running again in minutes, which is crucial for minimizing downtime in the event of data loss or corruption. Local backups do not rely on an internet connection, ensuring data can be backed up and restored even during internet outages. IT staff can manage and maintain local backup systems directly, sometimes allowing for quicker troubleshooting and problem resolution. 

For example, you might have an older server that dies after a severe power outage as a result of a bad thunderstorm. The onsite backup will take over and operate as that server until you can order and replace the hardware. Because there is a power outage that also prevents your connection to the internet, you are able to run the local backup once your generator starts working, allowing you immediate access to your data. 

blue check mark iconUse offsite data backup to plan for worst-case scenarios. Offsite means storing your data backups far from your geographical location. 

Offsite does not mean nearby, or a few blocks down the road. It means geographically distant in case of disasters that take out all your local equipment. Flooding, hurricanes, and tornadoes can easily destroy backup servers onsite, leaving you with permanent data loss. And ransomware can infect all equipment on your network, including your local backups. 

Storing backups offsite reduces the risk of losing all data due to a single catastrophic event affecting your primary location. By keeping backups in a different geographic location, you can mitigate risks associated with localized events, ensuring business continuity. Plus, as long as you have an internet connection, you can remotely access your offsite data while restoration and repair takes place. 

Offsite backups are also less susceptible to ransomware and other malware attacks that can encrypt or delete on-premises data. Data can be stored redundantly across multiple locations or cloud regions, providing additional layers of protection and availability. 

blue check mark iconMonitor your data backups. It’s important to identify problems with your onsite and offsite backups before a disaster occurs. 

Data backup monitoring ensures the integrity, reliability, and availability of your data when needed, confirming that backups are completed successfully without errors. 

Monitoring systems can send alerts in real-time if a backup fails or if there are issues. By detecting failures proactively, you can promptly troubleshoot and resolve problems.  

Monitoring includes regularly checking the integrity of the backed-up data to ensure it is complete and uncorrupted. This guarantees that the data can be reliably restored.  

Monitoring can help identify unusual activity that may reveal a ransomware attack or other security threats, allowing for immediate action. 

disaster recover - tornado - storm-1

blue check mark iconRegularly test your data backups. If you don’t test your backups, you won’t know if you will be able to recover after a disaster. 

It’s incredible how many municipalities just assume their data backup solution is working. Then, they get a big shock when an actual disaster occurs and they cannot restore critical data. Permanent data loss results—when you thought you were doing the right thing. 

Test. Test. Test. 

We cannot say this enough. Don’t trust the backup dashboards or the reports your solution spits out. You won’t know if it actually works until you test it. 

And don’t just check a few files and documents as a sample to reassure you. Everything critical must be restored and operational after a disaster—databases, software applications, website, email, and documents. IT professionals can help you conduct a simulation that shows you how your data will look if restored after a disaster. 

blue check mark iconEncrypt your backup data at rest and in transit—such as when you’re sending data backups to your data center or cloud provider. Make sure your decryption keys are stored both onsite and offsite. 

Encryption ensures that only authorized users with the correct decryption key can access your data. This prevents unauthorized access to sensitive information such as personal data, financial records, and police reports. 

When transferring backup data over networks, encryption ensures that the data remains secure and protected from interception or eavesdropping by malicious actors. Similarly, encrypting your onsite backups prevents unauthorized access in case of theft or a malicious employee’s actions. 

blue check mark iconUse endpoint detection and response (EDR) to prevent and detect attacks. 

Cybersecurity - Guide

At first, this doesn’t appear to be a disaster recovery best practice. However, the inability for municipalities to detect cyber threats has become a bigger issue over the last few years. Cyberattackers have become subtler and more sophisticated, often breaching and remaining undetected inside your systems for many, many months without your knowledge. Your response after detecting the cybercriminal can be the difference between proactively managing an inconvenience or reactively dealing with a significant cybersecurity incident that leads to permanent data loss. 

Antivirus is not enough anymore to protect yourself, and it’s become obsolete in lieu of EDR. This now-baseline tool uses machine learning (a form of AI) to detect anomalous behavior on your endpoints (servers, computers, etc.). The advantage of this tool is that the anomalous behavior doesn’t just have to be a virus or malware—EDR can detect applications used in strange ways, data exfiltration happening at odd hours, or ransomware in the act of deploying. 

For example, if a threat is found on your computer, an EDR tool can cut your computer off from your municipality’s network—preventing further spread of a dangerous virus. An EDR tool can be deployed easily, run in an automated fashion, and enhance the level of security protection for a town or city at a low cost. 

blue check mark icon Proactively monitor and maintain your IT hardware, software, and network equipment. This includes software patching to eliminate cyber vulnerabilities. 

Like EDR, this is another best practice that doesn’t seem related to disaster recovery, but it lies at the root of many permanent data loss incidents. 

Monitoring your hardware, software, and network equipment for issues lets you get ahead of problems before they become system failures and disruptions. For example, your IT team may see an alert indicating a high chance of server failure within the next six months. That allows you to take care of the problem today, avoiding an incident in the future when you might lose data. Continuous monitoring also helps detect vulnerabilities and potential security threats early, allowing for prompt mitigation. 

Similarly, maintenance is important—especially in applying software patches and updates. Cyberattackers exploit security vulnerabilities all the time and they rely on many municipalities not keeping up with software patching. Regularly applying security patches and updates helps protect systems from malware, viruses, and cyberattacks. 

Proper maintenance extends the life of IT assets, reducing the risk of hardware failure that leads to data loss. Having up-to-date and well-maintained systems simplifies disaster recovery processes, minimizing data loss and recovery time. 

Technician fixing computer hardware-2-1

blue check mark iconPeriodically train employees about ways to spot phishing attacks and common cyberattacks. (95% of cyberattacks begin in an email.) 

Ransomware is bad enough—but you don’t want your employees to increase that risk. Yet, many employees are tricked by clever cybercriminals who use sophisticated social engineering tactics by means of emails that contain malicious attachments or links to malicious websites. 

A cyberattacker’s strategy might involve posing as a trusted entity (such as a colleague, boss, or well-known company) and convincing an employee to download a file or click a link. For example, an email might claim to be from IT support needing the user to run a supposed update or security tool. Employees can also visit compromised or malicious websites that may trick them into providing their login credentials on fake login pages. 

Cybercriminals often use these credentials to access networks and systems, where they deploy ransomware manually. They can also gain access to email accounts or other systems, spreading ransomware within the municipality by sending infected emails from a trusted source. 

Train employees to recognize phishing emails and understand the risks associated with opening attachments or clicking links from unknown sources. You can also use advanced email filtering solutions to detect and block phishing emails before they reach users’ inboxes. 

🔎 Related: The Importance of Municipal Employee Security Awareness Training

blue check mark iconCreate a disaster recovery plan that clearly outlines how your municipality will recover your data and restore operations after a cyberattack or other disaster. 

A comprehensive disaster recovery plan is essential for ensuring that your municipality can quickly and effectively respond to and recover from unexpected disruptions. Your plan should identify potential threats (natural disasters, cyberattacks, hardware failures, human errors) and assess the potential impact of different disaster scenarios on critical business functions and processes.  

Objectives 

Your disaster recovery plan should achieve the following objectives. 

  • Minimize downtime and the risk of delays when restoring impacted services.
  • Protect and secure data.
  • Ensure business continuity.
  • Guarantee the reliability of your data backup and standby systems.
  • Minimize reactive decision-making during a disaster. 
Flood
https___www.gcu.edu_sites_default_files_media_computer programmer

Components 

Components of the disaster recovery plan include: 

Assessing Critical Systems 

Rank your applications and data by criticality. 

  • Recovery Time Objective: What is the maximum amount of time you can afford to have a system unavailable?
  • Recovery Point Objective: How much data can you lose before it negatively affects your municipality?
  • Data Priority: Base your priority on the impact of not having a server or cloud solution functional.
    • Low: Minor impact on users and not critical to the daily functions of the municipality.
    • Medium: Some users affected but not critical to the daily functions of the municipality.
    • High: All users affected and critical to the daily functions of the municipality. 

Data Backup Policies and Procedures 

Detail your data backup policies including: 

  • Frequency of backup: How often do you back up your data? 
    • Local backup: You have a server, device, or media that you use to back up data onsite. 
    • Remote Backup: Data is backed up to a remote server or data center. 
    • Cloud Backup: Data is backed up to a cloud-based storage service. Type of backup: Decide what type of backup fits your disaster recovery objectives.
    • Hybrid Backup: Combines local and cloud backup solutions. 
  • Storage Capacity: Municipalities often experience rapid growth of data due to digitalization and increased record-keeping. They also handle large data files, such as high-resolution maps and video surveillance footage. 
  • Retention period: How long are you legally required to retain your data? How long do you wish to retain your data? Municipalities need to retain specific records and documents for legal, historical, and operational purposes. 
  • Locations: How many locations need to be backed up? Also note that in many municipalities, different departments may use different systems, making centralized backup difficult. You need to create and enforce uniform backup policies across departments. 
  • Team: Define the disaster recovery team structure including team members, roles, and contact information. Clearly delineate the responsibilities of each team member and department involved in the disaster recovery process. 
  • Communications: Define how to communicate with employees, management, and the disaster recovery team during a disaster. Remember to also outline the communication plan for external stakeholders such as residents, partners, vendors, and regulatory bodies. Specify the communication tools and channels to be used, such as email, phone trees, messaging apps, and emergency notification systems. 
  • Incident Response: Describe the steps to recover critical systems, applications, and infrastructure. When should the plan be implemented? Who can initiate the plan? What steps should be followed? What information needs to be logged? Important steps include: 
    • Acquiring replacement equipment. 
    • Restoring data integrity to the point of the disaster. 
    • Synchronizing backup data with any new data collected from the point of the disaster forward. 
  • Periodic Review: Review and update your disaster recovery plan periodically. Establish a regular schedule for testing the disaster recovery plan, such as quarterly or annually. Outline the process for reviewing and updating your plan based on test results, changes in your municipality, or new threats. 
  • Documentation: Ensure that your disaster recovery plan is well-documented and easily accessible to authorized personnel. Include network diagrams, system configurations, and other technical documentation. 

Disaster Recovery Checklist 

While disasters can take many tragic forms, the way to recover from those disasters follows some predictable principles that you can apply now. Follow the checklist below to ensure that you can recover your data after a disaster and begin to help residents immediately. 

  • Use onsite local data backups to lessen time to recovery for smaller incidents (such as a server failure).
  • Use offsite data backup to plan for worst-case scenarios (such as a natural disaster or ransomware). Offsite means storing your data backups far from your geographical location.
  • Monitor your data backups. It’s important to identify problems with your onsite and offsite backups before a disaster occurs.
  • Regularly test your data backups. If you don’t test your backups, you won’t know if you will be able to recover after a disaster.
  • Encrypt your backup data at rest and in transit—such as when you’re sending data backups to your data center or cloud provider. Make sure your decryption keys are stored both onsite and offsite.
  • Use enterprise-grade antivirus and endpoint detection and response (EDR) to prevent and detect attacks.
  • Proactively monitor and maintain your IT hardware, software, and network equipment. This includes software patching to eliminate cyber vulnerabilities.
  • Periodically train employees about ways to spot phishing attacks and common cyberattacks. (95% of cyberattacks begin in an email.)
  • Create a disaster recovery plan that clearly outlines how your municipality will recover your data and restore operations after a cyberattack or other disaster.

Is a disaster waiting to happen at your municipality?

Implementing all these best practices may feel overwhelming. 

VC3 helps prevent data loss by providing your municipality onsite data backup for quick recovery after events like a server failure, after a major incident like a natural disaster or ransomware, real-time monitoring to quickly address data backup issues, and quarterly testing to verify your disaster recovery. 

Have additional questions? Concerns about your current data backup and disaster recovery strategy? Contact us to talk with an IT specialist! 

Let's talk about how VC3 can help you AIM higher.