Successful Disaster Recovery: It’s All in the Planning

In the information age, productivity miracles have become almost commonplace. But living digitally, also entails risk – the kind of risk that can bring a business to the precipice:

  • According to the National Archives and Records Administration, 93 percent of companies that lost their data centers for 10 days or more due to a disaster, filed for bankruptcy within a year of the disaster. Fifty percent of businesses filed for bankruptcy immediately.
  • When calculating hard and soft costs, the average company spends between $100,000 and $1,000,000 per year for desktop-oriented disasters – so reports the 7th Annual ICSA Lab’s Virus Prevalence Survey.
    • A new Veritas Software/Dynamic Markets survey found that, three years after 9/11, 43 percent of organizations worldwide are still not ready to respond to a major disaster. The report, which surveyed 1,259 IT professionals around the world, found that only 38 percent claimed to have comprehensive, integrated disaster  recovery  and business continuity plans in place — even though 92 percent acknowledged that serious consequences would result if they were faced with a major disruption to their IT infrastructure.
    • Big business is grimly aware that disaster  recovery  isn’t the priority it should be. In a SunGard/Harris survey of Fortune 1000 companies, those responding gave themselves just a B when grading their company’s ability to access business-critical data after a disaster.

    For small and mid-size businesses, a disaster  recovery  plan is not just a good idea, it’s a necessity. But whatever a company’s size, the threat of disaster is real, with new virus and worm attacks launched regularly, threatening data and network security at every turn – and the pressure to protect information and business systems is not only economic but now comes with the full force of the law. Legislation such as the Health Insurance Portability and Accountability Act (HIPAA), along with Sarbanes-Oxley compliance and stringent SEC and IRS regulations, require many industry segments to provide information, safeguards in case of disaster.

    For an organization whose very existence depends upon its Web-based applications, disaster can strike in any number of ways: viruses, worms, network failure, hardware crash, power outage, fire, natural disaster or cyber terrorist denial-of-service attack. But despite the growing threats, small and mid-size companies are especially vulnerable when it comes to disaster preparedness – in part because many lack both the consciousness to integrate disaster planning into the “normal” routine and the tools/staff to make preparedness happen.

    According to a nationwide survey conducted for BroadSpire late last year, more than one-third of American workers are “quite” or “somewhat” concerned that a natural disaster or terrorist act could take out computer systems at work. Another survey, conducted by Imation, reports that about 30 percent of companies lack a formal disaster  recovery  strategy and 64 percent of companies say their  data  backup and disaster  recovery  plans have significant vulnerabilities.

    Virtually every corporation of any appreciable size has an IT department staffed with people who are trained to analyze their company’s level of preparedness and then enhance it, as needed. But smaller companies – many of which don’t have any specialized IT knowledge in-house – must make a conscious effort to learn the vocabulary and practices of disaster preparedness.

    Who’s at Risk?

    Nearly every small and mid-size company is vulnerable to the effects of a disaster to a certain extent, but businesses that have the most to lose are those that rely on e-commerce, email or other Web-based communication, and online collaboration tools to sustain their critical business functions. The more connected they are, the higher the risk and the more they have to lose.

    Unfortunately, many smaller companies increase their own likelihood of encountering a disaster with indiscriminate processes – like installing random applications on computers without knowing the implications, opening email attachments from unfamiliar addresses and downloading trial versions of software and leaving them on the server. Technology redundancies, while helpful in many cases to keep things running, can cause a small failure to quickly turn catastrophic as it moves unimpeded throughout an entire network.

    Further, small and mid-size businesses are perennially understaffed, often leaving preventative routines like data backup and virus software updates to fall by the wayside – making companies vulnerable to disaster and not prepared to mitigate the damage once a disaster occurs.

    But disasters can be anticipated and planned for, and data and systems often can be recovered. All it takes is forethought and some preventative action. Disaster  recovery  plans are not just for the big guys. With so much riding on data integrity, no business can afford to ignore disaster planning. There are several basic steps a company of any size can incorporate to fend off disasters and increase the chances of  recovery  when one occurs.

    Procedures as the Secrets to Prevention

    Many of the most important steps in disaster  recovery  are inexpensive and relatively easy to implement. The key is developing procedures that mitigate risk while protecting critical business functions and information.

    Begin by developing a clear, repeatable process for backing up data and your entire network — and then make sure to follow through and do the backups faithfully, according to that schedule. This is the basis for all disaster  recovery  plans – even if it’s just one person using the Windows backup software, copying  data  to a DVD or CD and taking that media home or to another location. It’s basic, it has zero cost implications and it works.

    The next key step is to make sure backups are in fact usable. According to a recent study by Storage Magazine, only half of all businesses ever test their tape backups and of those that do, 77 percent find they are unable to fully recover data from those tapes.

    Retail virus detection software solutions provide another critical layer of protection, as long as they’re kept up-to-date. In addition, install an email filtering program and keep Windows updates current.

    Don’t store everything – email, accounting software, customer database, etc. — on one server. Distribute key data and applications on to more than one machine, so all is not lost if a system crashes.

    Once all these pieces are in place, establish some company-wide guidelines to help prevent a virus-related disaster. These might include shutting down computers every night, a schedule of regular updates and patches, periodic password changes, rules about opening email attachments, guidelines on how to protect data while working in public places (like airplanes or Starbuck’s), and tips on how to ensure the physical security of laptop computers and actual office buildings.

    Plan, Plan, Plan

    Any business that has  data  to lose should have a disaster  recovery  plan in place. It doesn’t require an IT expert – in fact, there’s software available that helps companies format their own plans. Some key elements of a good plan include:

    • Assignments – Employees need clear-cut roles once a disaster happens, and these need to be determined before disaster strikes. For example, someone should be in charge of communications (working with the phone company or email host to re-establish connection, if necessary), another person can oversee  data   recovery , someone else can make sure the company Website is accessible, etc.
    • A communication plan – Provide a list of key cell phone numbers to employees to keep handy in case you lose phones and email. Have someone designated to call important contacts – clients, vendors, partners – to tell them what’s going on and how to reach you in the meantime. Make arrangements in advance with your host (if applicable) to provide a backup email system to access during or after a disaster, to keep critical business communications flowing.
  • Vendors – Have a list of vendors to contact for help. This is critical, and should be documented somewhere accessible. Keep hard copies in the office and off-site (possibly at home), and post a version in a secure area of your Website or your host’s Website.
  • Priorities – Examine your company’s  data  and business functions, and rank them in order of importance to establish a protocol of  recovery  – making sure your limited resources are focused on the information and applications that are most critical to your business’ survival. Practice this in order to verify that it works and makes sense.
  • Training – Train your employees. Individual users are security’s weakest link. Having proper procedures in place is only effective if all employees know them and follow them. Conduct periodic disaster drills to reinforce the procedures set forth in your plan and the roles that have been assigned.
  • Outside Help – Look to Your Host

    If your company works with a Web hosting company, your host can do a variety of things to protect  data  and Web functions in case of disaster, speeding up  recovery  time significantly.

    For starters, ask your host to keep your contact and vendor lists in a secure, web-accessible location outside the company’s data center. This may not seem important at the moment, but after a fire the last thing you want is to realize the only surviving copy of these lists is stored at the home of your former business manager – who moved out of state two years earlier.

    Also ask your host to provide an instant messaging platform to serve as the critical communications system between all employees when disaster strikes, a backup email system to capture corporate email and prevent “bounces” during an outage at the main data center, and a “hot” standby email system for communication during disasters. This system will work when company email doesn’t, and will allow all employees to communicate with one another – with all communications stored in backups.

    Make sure your host can provide you with a geographically diverse DNS and a dedicated server to allow corporate Websites to stay online even during a disaster. This service either can move corporate Web traffic to this standby server, or simply display a notice to end-users. Traffic can shift back to corporate data centers once the outage has been rectified.

    While most disasters are not entirely preventable, there are measurable that steps small and mid-size companies can take to protect their critical business functions. The modest up-front investment will pay dividends down the road, perhaps even saving a business from the ultimate disaster – bankruptcy.

    Source by Suresh Srinivasan

    Related Posts

    About The Author