85.7 F
San Fernando
Friday, Mar 29, 2024

Disaster Preparedness: Not Just for Big Businesses

Fire in the server room! Your multi-location business is headquartered in a 3-story building in the Valley. You’re the CEO and on Sunday morning you receive bad news. An electrical fire that began in your headquarters server room took its toll, destroying everything on that floor. You just lost all your critical digital business information (spreadsheets, accounting records, customer histories, documents and contracts) and you also lost your ability to process revenue-generating transactions because your eCommerce Web site and e-mail relied on the servers in the building. Oh, you lost most of your paper records, also. Sound far-fetched? It’s not. Your business could truly be at a standstill. Each of your employees, customers and vendors rely on digital connections to your headquarters in order to transact your business. The adage of “when the computers are down, everyone seems to have nothing to do” has been proven. Worse yet, your IT staff informed you that your business system’s backup tapes were kept in a safe down the hall from the server room, but the safe did not survive the fire. Now what? This is an example of a simple, local “disaster”; one that may not be recoverable. Its pales in comparison to the challenges faced during more comprehensive regional disasters like earthquake, storms, environmental damage and others which leave public resources and communications in total disarray. Then there are disasters such as when an ex-employee steals confidential or trade secret data, or someone you don’t even know hacks into your accounting system and causes great harm. Now, ask yourself: what kind of disasters can hit your company? If you’ve not addressed this in your business, you should before you become victim of an otherwise remediable disaster. It is your fiduciary duty, among other more practical reasons. If practicality were not enough, just recognize that regulations such as Sarbanes-Oxley and others now include business continuity in their scope. Get started Businesses should create, maintain and regularly test a Disaster Recovery Plan (or “DRP”, also referred to as a Business Continuity Plan) for mitigating the losses of operations, information and systems illustrated above. It is not a “one size fits all” process rather, each business must consider the kind of disaster(s) it believes it should prepare for and the actions required to recover from them. DRP’s should address information systems, human resources, sales, administration, manufacturing, procurement, operations and commerce-based logistics. The process is laborious and requires collaboration among owners and staff. Considerations should include, among others, an assessment of what assets digital and otherwise need protection, how operations will physically commence again, where operations will be commenced, on what systems and with what equipment and other hard assets. Also, the simple concept of how employees will communicate among themselves immediately after a disaster is often overlooked. Finally, keep the DRP current, updating it as your make changes to operations, systems and staffing and test its effectiveness frequently. Perhaps you think this may not apply to your small business. Not so. Smaller and mid-size businesses can tackle the DRP process less formally; however, like larger businesses, the process requires complete buy-in from the executive and ownership level. Mitigating the risk We can’t escape the need to do business digitally. DRP’s must emphasize IT in their scope, such that electronic data-oriented operations can resume without material impact on the profitability of the underlying business. Using the fire example above, let’s consider a few simple steps that could have comprised the IT portion of the missing DRP: – Maintain a backup procedure that requires off-site storage of backup media with both current and archival data. Data would have been available after the fire, if this was employed. – Have ready a mirrored Web site setup for those instances when headquarter-based Web servers are lost or out of service temporarily. E-commerce transactions could have continued after the fire, in such a case. – Configure an off-site server and data infrastructure capable of hosting and transacting most of your business information in the event of loss of the main server infrastructure. This concept is often termed a “hot” or “warm” site. Business data and transactions could have been live immediately after the fire, with little effort. – Establish an externally-managed call routing system that would forward critical calls to staff and phones not affected by the fire. DRP’s are critical in today’s business climate and businesses that invest time and effort in their creation, maintenance and testing will be well-rewarded in the event of disaster. Robert P. Green, CPA, CITP, is the managing director of INSYNC Consulting Group Inc., which is now in its third decade of providing objective IT advisory services and computer forensics services to its clients. He can be reached at 818.784.8600 ext. 650, or [email protected].

Featured Articles

Related Articles