Protect Your Small Business From
Data Loss
By Mike Garcia, Apollo Networks, LLC mikeg @ apollo-networks. com
Businesses, large and small alike, are becoming increasingly dependent on technology and data to streamline processes, collaborate ideas, and safeguard sensitive information. Many companies fail to realize that the impact of a catastrophic IT failure can result in loss of income, loss of productivity and could ultimately lead to the business entity’ s demise. According to Information Management Magazine,“ Forty-five percent of [ these ] businesses fail to recover and subsequently don’ t survive for another five years. In addition, this percentage can increase when major damage to computer centers is involved.” 1 The solution is to mitigate loss through the implementation of a simple disaster recovery plan. The purpose of this article is to explain the process of designing a disaster recovery plan for small businesses in three easy steps.
Step 1: Risk assessment
Loss of data or system downtime can result from a variety of sources both natural and humanbased. Some examples of natural disasters can be floods or fire as well as hardware failure and harmful electrical events such as lags or spikes. Loss from human intervention can come from intentional means or from accidental data deletion. Intentional, human-caused loss can result from software that was written to maliciously delete or corrupt data( such as viruses), and from data theft. A great place to start is to ask,“ How far can we operate if our entire computer system is down?” One quick and effective risk assessment tool is to simply create a list in a single column of presentable threats in order by the likelihood that they could happen. Prioritize each event by the severity its impact could have on your infrastructure and data. Which applications and data stores are integral to your survival? Where are they located? Are they being backed up?
STEP 2: Establish a budget It’ s up to the company principals to decide if a risk is worth safeguarding against. It’ s not up to the IT department to decide if the risk is worth presenting. Larger companies usually incorporate somewhere between 2-8 percent of their IT budget on disaster recovery planning. Small businesses tend to follow a different model and sometimes ignore disaster planning altogether. Since most small businesses don’ t even have IT departments, the company owner will usually run down to the local computer store and purchase a few computers and a basic router … that’ s their IT budget. Try associating downtime with a dollar amount. Questions to ask are: How much money can we potentially lose each hour or day that we don’ t have our computers. How are we backing up our data? What type of backups should we be using? How do we protect our computers and data from harmful power events? Are we protecting our sensitive data from theft and viruses? Are some computers more important than others?
A knowledgeable IT department should be able to answer these questions and help put dollar amounts on viable solutions based on the budget dedicated to minimizing downtime and data loss.
Step 3: Develop and test your plan
When planning business continuity, remember, be prepared for the unexpected. Establish a phone list defining who you need to call in the event of a disaster. Discuss how to deal with the loss of a server, database, or firewall. Identify which applications and data must be restored first in order to resume operations. An accounting firm can’ t operate without their Quickbooks. An architecture company can’ t work on building plans without their CAD.
Finally, test, test, test! Test your backups monthly. Imagine losing your server and realizing that your backups were never properly set up or weren’ t complete. After a disaster strikes is the wrong time to discover that your backups don’ t work. Purchase a“ smart” battery backup for any computer or server hosting a database and test it monthly. An abrupt shutdown while writing to a database can have catastrophic outcomes.
Dollars spent on prevention are worth more than dollars spent on the process of recovery.