Technological progress can be an exciting but obsessive mistress, offering seductive visions of the future to have today, but demanding that you take on the changes completely and unwaveringly. So when mobile phones were transformed into something useful and practical, in no time at all they came to be seen as a universal necessity - just as the internet leapt from a few thousand bedrooms to overnight ubiquity, just as social networking moved suddenly from a whiff of an idea to a necessity and essential part of most people's lives. Offices full of computers fit this principle, too: from a luxury or an aid to a very specific task, to a constant part of the business furniture; offices have desks, they have seats, they have computers, part of the infrastructure of the company.

But ubiquity does not guarantee perfection, and to say that we take it as read that companies rely on their IT infrastructure is not to say that the reliance is without its own problems. Computers, as we're all aware, do break down from time to time. For many businesses, of course, that isn't much of a problem - call a technician, whether from an in-house department or outside, and work around the issue until it's fixed (which hopefully shouldn't be long). But what if you have a problem which affects many or all of your computers? Is your business able to survive a large IT crisis?

We can divide such crises into two categories: hardware and software.

Hardware crises are those which create a physical inability to use many or all of your company's computers - such as damage from fire or flood, or loss through theft.

Software crises are those which leave your IT visibly unaffected, but leave them unable to be used properly (or at all) - most likely virus and worm attacks, although a critical error or bug could be responsible, as could deliberate and malicious intervention on behalf of a third party.

Yet in both cases, the impact can be the same: information is lost, communications are derailed, and a vital part of the business is stopped; at the very least, this will cause a severe and very costly inconvenience for the business - and at worst, it could jeopardise the company's very existence. However, in spite of the dangers, the majority of businesses continue to operate with either a very limited disaster recovery plan, or no plan whatsoever. Why?

Well, in many cases, there's just a lack of understanding - it's clear enough that a recovery plan is desirable, but how to go about it is less obvious. We need to break it down into assessing what we need to protect, what would be a catastrophic loss and what would be a setback than can be overcome. For example, in a fire the costs of replacing hardware ought to be covered by insurance, but what about the impact of losing the information on them?

Every company stores business critical data, data that is essential to the organisation and irreplaceable should it be lost - for example, lists of clients, financial information, certificates and licences, or technical documents - and a study by Synertech Systems found that less than 35% of companies have disaster recovery plans that deal specifically with critical data loss, and that of those that don't, only six per cent are able to successfully resume business after a crisis.

That's a troublingly low figure, so clearly it's imperative that any business must have a disaster recovery plan that comprehensively addresses data loss issues - and the first rule here is to backup, and backup often. If losing critical data can be a catastrophe for your business, then it stands to reason that you should minimise the chance of it being lost; identify which data is critical for the running of the business, and create a backup of this data that can be stored safely away from the computers and servers, somewhere without the risk of the same incident (whether physical or technological) damaging both your IT infrastructure and the backups.

It's also essential to create a regular backup schedule, so that the most up-to-date information is always accessible - backing up once and then building a recovery plan with obsolete data can be as damaging as not backing up at all.

The other key aspect of recovery is a continuity plan - preparing for how your company will move through the disaster and come out the other side with as little disruption as possible. With a physical disaster, replacing equipment is the main issue, but what if the disaster stemmed from a virus or worm infecting your computers? The critical data is safe, backed up, but how can you be sure of having your IT systems up and running again as soon as possible?

Here, Microsoft Windows can play a key role: it's straightforward and quick to set a system restore point for all Windows computers, allowing the system to be rolled back to a time when it was working securely and cleanly, and making sure that you regularly update the restore point can markedly reduce the time it takes to return your computers to the state you need them to be in. Windows also makes it easy to create backup discs from which the system can be restored, vital for more severe incidents when a software infection might damage the operating system or hard drive too much for Windows to run its own restoration program.

Finally, once you've put your plan in place, you need to be certain that it will work. Identify scenarios which could cause a catastrophe, and test your disaster recovery plan against them. This needs to be a thorough process - discuss with colleagues what could potentially go wrong, and run through how your plan will work in each eventuality, from a smaller-scale failure to the absolute worst possible case. It's better to take the time and effort to leave no stone unturned now, than to put the future survival of your business at risk.

Of course, this planning should under no circumstances take the place of proper precautions, of ensuring your IT infrastructure is protected. Windows' integral Firewall and Defender (preventing malicious programs from being run automatically on your systems) will run alongside other commercial antivirus packages to make your network and data as secure as possible - and providing that security must never be seen as anything less than an absolute must for all businesses large and small. However, there's no such thing as foolproof protection, and your disaster recovery plan should be maintained simultaneously with the security; you should always keep both the prevention and the cure at hand. A short training course for yourself or colleagues can play a vital role in this process - and with an effective plan, backed up by Windows' powerful security and recovery tools, you can be confident that your business can ride out any storm.