In the information age, productivity miracles have become almost commonplace. But living digitally, also entails risk – the kind of risk that can bring a business to the precipice:
- A new Veritas Software/Dynamic Markets survey found that, three years after 9/11, 43 percent of organizations worldwide are still not ready to respond to a major disaster. The report, which surveyed 1,259 IT professionals around the world, found that only 38 percent claimed to have comprehensive, integrated disaster
recoveryand business continuity plans in place — even though 92 percent acknowledged that serious consequences would result if they were faced with a major disruption to their IT infrastructure.
- Big business is grimly aware that disaster
recoveryisn’t the priority it should be. In a SunGard/Harris survey of Fortune 1000 companies, those responding gave themselves just a B when grading their company’s ability to access business-critical data after a disaster.
For small and mid-size businesses, a disaster
For an organization whose very existence depends upon its Web-based applications, disaster can strike in any number of ways: viruses, worms, network failure, hardware crash, power outage, fire, natural disaster or cyber terrorist denial-of-service attack. But despite the growing threats, small and mid-size companies are especially vulnerable when it comes to disaster preparedness – in part because many lack both the consciousness to integrate disaster planning into the “normal” routine and the tools/staff to make preparedness happen.
According to a nationwide survey conducted for BroadSpire late last year, more than one-third of American workers are “quite” or “somewhat” concerned that a natural disaster or terrorist act could take out computer systems at work. Another survey, conducted by Imation, reports that about 30 percent of companies lack a formal disaster
Virtually every corporation of any appreciable size has an IT department staffed with people who are trained to analyze their company’s level of preparedness and then enhance it, as needed. But smaller companies – many of which don’t have any specialized IT knowledge in-house – must make a conscious effort to learn the vocabulary and practices of disaster preparedness.
Who’s at Risk?
Nearly every small and mid-size company is vulnerable to the effects of a disaster to a certain extent, but businesses that have the most to lose are those that rely on e-commerce, email or other Web-based communication, and online collaboration tools to sustain their critical business functions. The more connected they are, the higher the risk and the more they have to lose.
Unfortunately, many smaller companies increase their own likelihood of encountering a disaster with indiscriminate processes – like installing random applications on computers without knowing the implications, opening email attachments from unfamiliar addresses and downloading trial versions of software and leaving them on the server. Technology redundancies, while helpful in many cases to keep things running, can cause a small failure to quickly turn catastrophic as it moves unimpeded throughout an entire network.
Further, small and mid-size businesses are perennially understaffed, often leaving preventative routines like data backup and virus software updates to fall by the wayside – making companies vulnerable to disaster and not prepared to mitigate the damage once a disaster occurs.
But disasters can be anticipated and planned for, and data and systems often can be recovered. All it takes is forethought and some preventative action. Disaster
Procedures as the Secrets to Prevention
Many of the most important steps in disaster
Begin by developing a clear, repeatable process for backing up data and your entire network — and then make sure to follow through and do the backups faithfully, according to that schedule. This is the basis for all disaster
The next key step is to make sure backups are in fact usable. According to a recent study by Storage Magazine, only half of all businesses ever test their tape backups and of those that do, 77 percent find they are unable to fully recover data from those tapes.
Retail virus detection software solutions provide another critical layer of protection, as long as they’re kept up-to-date. In addition, install an email filtering program and keep Windows updates current.
Don’t store everything – email, accounting software, customer database, etc. — on one server. Distribute key data and applications on to more than one machine, so all is not lost if a system crashes.
Once all these pieces are in place, establish some company-wide guidelines to help prevent a virus-related disaster. These might include shutting down computers every night, a schedule of regular updates and patches, periodic password changes, rules about opening email attachments, guidelines on how to protect data while working in public places (like airplanes or Starbuck’s), and tips on how to ensure the physical security of laptop computers and actual office buildings.
Plan, Plan, Plan
Any business that has
- Assignments – Employees need clear-cut roles once a disaster happens, and these need to be determined before disaster strikes. For example, someone should be in charge of communications (working with the phone company or email host to re-establish connection, if necessary), another person can oversee
data recovery, someone else can make sure the company Website is accessible, etc.
- A communication plan – Provide a list of key cell phone numbers to employees to keep handy in case you lose phones and email. Have someone designated to call important contacts – clients, vendors, partners – to tell them what’s going on and how to reach you in the meantime. Make arrangements in advance with your host (if applicable) to provide a backup email system to access during or after a disaster, to keep critical business communications flowing.
Outside Help – Look to Your Host
For starters, ask your host to keep your contact and vendor lists in a secure, web-accessible location outside the company’s data center. This may not seem important at the moment, but after a fire the last thing you want is to realize the only surviving copy of these lists is stored at the home of your former business manager – who moved out of state two years earlier.
Also ask your host to provide an instant messaging platform to serve as the critical communications system between all employees when disaster strikes, a backup email system to capture corporate email and prevent “bounces” during an outage at the main data center, and a “hot” standby email system for communication during disasters. This system will work when company email doesn’t, and will allow all employees to communicate with one another – with all communications stored in backups.
Make sure your host can provide you with a geographically diverse DNS and a dedicated server to allow corporate Websites to stay online even during a disaster. This service either can move corporate Web traffic to this standby server, or simply display a notice to end-users. Traffic can shift back to corporate data centers once the outage has been rectified.
While most disasters are not entirely preventable, there are measurable that steps small and mid-size companies can take to protect their critical business functions. The modest up-front investment will pay dividends down the road, perhaps even saving a business from the ultimate disaster – bankruptcy.