| In the information age, productivity miracles have | | | | for backing up data and your entire network -- |
| become almost commonplace. But living digitally, | | | | and then make sure to follow through and do the |
| also entails risk - the kind of risk that can bring a | | | | backups faithfully, according to that schedule. This |
| business to the precipice: | | | | is the basis for all disaster recovery plans - even |
| According to the National Archives and Records | | | | if it's just one person using the Windows backup |
| Administration, 93 percent of companies that lost | | | | software, copying data to a DVD or CD and |
| their data centers for 10 days or more due to a | | | | taking that media home or to another location. It's |
| disaster, filed for bankruptcy within a year of the | | | | basic, it has zero cost implications and it works. |
| disaster. Fifty percent of businesses filed for | | | | The next key step is to make sure backups are |
| bankruptcy immediately. | | | | in fact usable. According to a recent study by |
| When calculating hard and soft costs, the average | | | | Storage Magazine, only half of all businesses ever |
| company spends between $100,000 and | | | | test their tape backups and of those that do, 77 |
| $1,000,000 per year for desktop-oriented | | | | percent find they are unable to fully recover data |
| disasters - so reports the 7th Annual ICSA Lab's | | | | from those tapes. |
| Virus Prevalence Survey. | | | | Retail virus detection software solutions provide |
| - A new Veritas Software/Dynamic Markets | | | | another critical layer of protection, as long as |
| survey found that, three years after 9/11, 43 | | | | they're kept up-to-date. In addition, install an email |
| percent of organizations worldwide are still not | | | | filtering program and keep Windows updates |
| ready to respond to a major disaster. The report, | | | | current. |
| which surveyed 1,259 IT professionals around the | | | | Don't store everything - email, accounting |
| world, found that only 38 percent claimed to have | | | | software, customer database, etc. -- on one |
| comprehensive, integrated disaster recovery and | | | | server. Distribute key data and applications on to |
| business continuity plans in place -- even though | | | | more than one machine, so all is not lost if a |
| 92 percent acknowledged that serious | | | | system crashes. |
| consequences would result if they were faced | | | | Once all these pieces are in place, establish some |
| with a major disruption to their IT infrastructure. | | | | company-wide guidelines to help prevent a |
| - Big business is grimly aware that disaster | | | | virus-related disaster. These might include shutting |
| recovery isn't the priority it should be. In a | | | | down computers every night, a schedule of |
| SunGard/Harris survey of Fortune 1000 | | | | regular updates and patches, periodic password |
| companies, those responding gave themselves | | | | changes, rules about opening email attachments, |
| just a B when grading their company's ability to | | | | guidelines on how to protect data while working in |
| access business-critical data after a disaster. | | | | public places (like airplanes or Starbuck's), and tips |
| For small and mid-size businesses, a disaster | | | | on how to ensure the physical security of laptop |
| recovery plan is not just a good idea, it's a | | | | computers and actual office buildings. |
| necessity. But whatever a company's size, the | | | | Plan, Plan, Plan |
| threat of disaster is real, with new virus and | | | | Any business that has data to lose should have a |
| worm attacks launched regularly, threatening data | | | | disaster recovery plan in place. It doesn't require |
| and network security at every turn - and the | | | | an IT expert - in fact, there's software available |
| pressure to protect information and business | | | | that helps companies format their own plans. |
| systems is not only economic but now comes | | | | Some key elements of a good plan include: |
| with the full force of the law. Legislation such as | | | | Assignments - Employees need clear-cut roles |
| the Health Insurance Portability and Accountability | | | | once a disaster happens, and these need to be |
| Act (HIPAA), along with Sarbanes-Oxley | | | | determined before disaster strikes. For example, |
| compliance and stringent SEC and IRS regulations, | | | | someone should be in charge of communications |
| require many industry segments to provide | | | | (working with the phone company or email host |
| information, safeguards in case of disaster. | | | | to re-establish connection, if necessary), another |
| For an organization whose very existence | | | | person can oversee data recovery, someone else |
| depends upon its Web-based applications, disaster | | | | can make sure the company Website is |
| can strike in any number of ways: viruses, | | | | accessible, etc. |
| worms, network failure, hardware crash, power | | | | A communication plan - Provide a list of key cell |
| outage, fire, natural disaster or cyber terrorist | | | | phone numbers to employees to keep handy in |
| denial-of-service attack. But despite the growing | | | | case you lose phones and email. Have someone |
| threats, small and mid-size companies are | | | | designated to call important contacts - clients, |
| especially vulnerable when it comes to disaster | | | | vendors, partners - to tell them what's going on |
| preparedness - in part because many lack both | | | | and how to reach you in the meantime. Make |
| the consciousness to integrate disaster planning | | | | arrangements in advance with your host (if |
| into the "normal" routine and the tools/staff to | | | | applicable) to provide a backup email system to |
| make preparedness happen. | | | | access during or after a disaster, to keep critical |
| According to a nationwide survey conducted for | | | | business communications flowing. |
| BroadSpire late last year, more than one-third of | | | | Vendors - Have a list of vendors to contact for |
| American workers are "quite" or "somewhat" | | | | help. This is critical, and should be documented |
| concerned that a natural disaster or terrorist act | | | | somewhere accessible. Keep hard copies in the |
| could take out computer systems at work. | | | | office and off-site (possibly at home), and post a |
| Another survey, conducted by Imation, reports | | | | version in a secure area of your Website or your |
| that about 30 percent of companies lack a formal | | | | host's Website. |
| disaster recovery strategy and 64 percent of | | | | Priorities - Examine your company's data and |
| companies say their data backup and disaster | | | | business functions, and rank them in order of |
| recovery plans have significant vulnerabilities. | | | | importance to establish a protocol of recovery - |
| Virtually every corporation of any appreciable size | | | | making sure your limited resources are focused |
| has an IT department staffed with people who | | | | on the information and applications that are most |
| are trained to analyze their company's level of | | | | critical to your business' survival. Practice this in |
| preparedness and then enhance it, as needed. But | | | | order to verify that it works and makes sense. |
| smaller companies - many of which don't have | | | | Training - Train your employees. Individual users |
| any specialized IT knowledge in-house - must | | | | are security's weakest link. Having proper |
| make a conscious effort to learn the vocabulary | | | | procedures in place is only effective if all |
| and practices of disaster preparedness. | | | | employees know them and follow them. Conduct |
| Who's at Risk? | | | | periodic disaster drills to reinforce the procedures |
| Nearly every small and mid-size company is | | | | set forth in your plan and the roles that have |
| vulnerable to the effects of a disaster to a | | | | been assigned. |
| certain extent, but businesses that have the most | | | | Outside Help - Look to Your Host |
| to lose are those that rely on e-commerce, email | | | | If your company works with a Web hosting |
| or other Web-based communication, and online | | | | company, your host can do a variety of things to |
| collaboration tools to sustain their critical business | | | | protect data and Web functions in case of |
| functions. The more connected they are, the | | | | disaster, speeding up recovery time significantly. |
| higher the risk and the more they have to lose. | | | | For starters, ask your host to keep your contact |
| Unfortunately, many smaller companies increase | | | | and vendor lists in a secure, web-accessible |
| their own likelihood of encountering a disaster with | | | | location outside the company's data center. This |
| indiscriminate processes - like installing random | | | | may not seem important at the moment, but |
| applications on computers without knowing the | | | | after a fire the last thing you want is to realize |
| implications, opening email attachments from | | | | the only surviving copy of these lists is stored at |
| unfamiliar addresses and downloading trial versions | | | | the home of your former business manager - |
| of software and leaving them on the server. | | | | who moved out of state two years earlier. |
| Technology redundancies, while helpful in many | | | | Also ask your host to provide an instant |
| cases to keep things running, can cause a small | | | | messaging platform to serve as the critical |
| failure to quickly turn catastrophic as it moves | | | | communications system between all employees |
| unimpeded throughout an entire network. | | | | when disaster strikes, a backup email system to |
| Further, small and mid-size businesses are | | | | capture corporate email and prevent "bounces" |
| perennially understaffed, often leaving | | | | during an outage at the main data center, and a |
| preventative routines like data backup and virus | | | | "hot" standby email system for communication |
| software updates to fall by the wayside - making | | | | during disasters. This system will work when |
| companies vulnerable to disaster and not prepared | | | | company email doesn't, and will allow all employees |
| to mitigate the damage once a disaster occurs. | | | | to communicate with one another - with all |
| But disasters can be anticipated and planned for, | | | | communications stored in backups. |
| and data and systems often can be recovered. All | | | | Make sure your host can provide you with a |
| it takes is forethought and some preventative | | | | geographically diverse DNS and a dedicated server |
| action. Disaster recovery plans are not just for | | | | to allow corporate Websites to stay online even |
| the big guys. With so much riding on data | | | | during a disaster. This service either can move |
| integrity, no business can afford to ignore disaster | | | | corporate Web traffic to this standby server, or |
| planning. There are several basic steps a company | | | | simply display a notice to end-users. Traffic can |
| of any size can incorporate to fend off disasters | | | | shift back to corporate data centers once the |
| and increase the chances of recovery when one | | | | outage has been rectified. |
| occurs. | | | | While most disasters are not entirely preventable, |
| Procedures as the Secrets to Prevention | | | | there are measurable that steps small and |
| Many of the most important steps in disaster | | | | mid-size companies can take to protect their |
| recovery are inexpensive and relatively easy to | | | | critical business functions. The modest up-front |
| implement. The key is developing procedures that | | | | investment will pay dividends down the road, |
| mitigate risk while protecting critical business | | | | perhaps even saving a business from the ultimate |
| functions and information. | | | | disaster - bankruptcy. |
| Begin by developing a clear, repeatable process | | | | |