Risk
8/26/2011
12:18 PM
50%
50%

4 Pre-Hurricane Disaster Prep Tips For SMBs

Earthquakes have passed, Hurricane Irene looms: Time to give your disaster readiness plan a check-up.

12 Money Saving Tech Tips For SMBs
(click image for larger view)
Slideshow: 12 Money Saving Tech Tips For SMBs
Earthquakes, hurricanes--what's next?

Well, that's kind of the point: You don't know, yet there's a seemingly endless list of things that could disrupt your company's critical systems. IT disasters aren't always wrought by Mother Nature, either. Employee error, security breaches, or technology failures can leave a business in the lurch.

I spoke with Dave Elliott, senior product marketing manager at Symantec, to get his take. He outlined four straightforward ways to keep your company prepared for the worst.

1. Have a plan. (No, really.) You can't evaluate your disaster readiness if you don't have a plan. Unfortunately, plenty of smaller companies leave this on their perpetual to-do list: 57% have no recovery plan, according to a Symantec poll of more than 1,200 small and midsize businesses (SMBs) conducted earlier this year. U.S. firms may be particularly ill-prepared. Disaster readiness can feel like the IT equivalent of going to the dentist twice a year: You know you're supposed to do it, but it's really easy to put off. (And put off. And put off again.) Then, bam: Root canal.

"Don't wait until it's too late," Elliott said. "Start with identifying your most important information and create a plan to recover that data in case there is a disaster."

A good plan need not involve reams of paper: Elliott said it can be as short as one page, so long as it covers everything the business needs to stay up and running. Put the plan in writing.

2. Prioritize critical data and systems and prepare for the worst. If you're currently operating without any kind of disaster recovery plan, coming up with one can seem daunting. Don't worry about doing it all at once--start with the most business-critical areas and work your way down the list.

Backup and redundancy are crucial to disaster preparedness. No matter your preferred storage method, keep at least one backup offsite.

"It's not enough to just do a once-a-month backup," Elliott said. "Have multiple copies, and they should be distributed."

Of course, you also have to know what to do with that backup if you need it. Consider how your business will operate if the physical office is unavailable for any period of time. Imagine the meltdown scenario: Elliott refers to the "smoking-hole syndrome: what would happen if a meteor hits your business?" He's quick to point out that a fire or theft is more likely to hit your company than a space rock--but preparing for the less probable scenario helps ensure you're ready for more common problems.

3. Get your employees involved. Even if the buck stops with you, disaster readiness needs to incorporate the broader team. This is an area where SMBs might have an advantage over larger companies: Keeping everyone in the loop is a more streamlined task. Employees should know what to do when things go wrong and have access to the written plan. You should also involve them in testing and reviewing your readiness. Elliott said this step is often overlooked, even by SMBs with plans already in place.

"Have them understand the importance of your data and their role in recovery," Elliott said. "Make sure it's not just a one-man show."

4. Test and review your plan. You might think you have a rock-solid plan for various contingencies, but you don't really know until you put it to the test. Identify various disaster scenarios and run through them in a controlled environment to be sure you're able to recover quickly. A basic check: Simulate a complete outage, and get your company's must-have systems back online in rapid fashion. In doing so, look for outdated pieces, as well as any new systems or data that didn't exist when you first wrote your plan.

"The worst possible time to realize you have a flaw in your plan is when you have a disaster," Elliott said.

You can't afford to keep operating without redundancy for critical systems--but business units must prioritize before IT begins implementation. Also in the new, all-digital InformationWeek SMB supplement: Avoid the direct-attached storage trap. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
To Be Ready for the Security Future, Pay Attention to the Security Past
Liz Maida, Co-founder, CEO & CTO, Uplevel Security,  9/18/2017
1.9 Billion Data Records Exposed in First Half of 2017
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/20/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Jan, check this out! I found an unhackable PC.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.