Risk
8/26/2011
12:18 PM
50%
50%

4 Pre-Hurricane Disaster Prep Tips For SMBs

Earthquakes have passed, Hurricane Irene looms: Time to give your disaster readiness plan a check-up.

12 Money Saving Tech Tips For SMBs
(click image for larger view)
Slideshow: 12 Money Saving Tech Tips For SMBs
Earthquakes, hurricanes--what's next?

Well, that's kind of the point: You don't know, yet there's a seemingly endless list of things that could disrupt your company's critical systems. IT disasters aren't always wrought by Mother Nature, either. Employee error, security breaches, or technology failures can leave a business in the lurch.

I spoke with Dave Elliott, senior product marketing manager at Symantec, to get his take. He outlined four straightforward ways to keep your company prepared for the worst.

1. Have a plan. (No, really.) You can't evaluate your disaster readiness if you don't have a plan. Unfortunately, plenty of smaller companies leave this on their perpetual to-do list: 57% have no recovery plan, according to a Symantec poll of more than 1,200 small and midsize businesses (SMBs) conducted earlier this year. U.S. firms may be particularly ill-prepared. Disaster readiness can feel like the IT equivalent of going to the dentist twice a year: You know you're supposed to do it, but it's really easy to put off. (And put off. And put off again.) Then, bam: Root canal.

"Don't wait until it's too late," Elliott said. "Start with identifying your most important information and create a plan to recover that data in case there is a disaster."

A good plan need not involve reams of paper: Elliott said it can be as short as one page, so long as it covers everything the business needs to stay up and running. Put the plan in writing.

2. Prioritize critical data and systems and prepare for the worst. If you're currently operating without any kind of disaster recovery plan, coming up with one can seem daunting. Don't worry about doing it all at once--start with the most business-critical areas and work your way down the list.

Backup and redundancy are crucial to disaster preparedness. No matter your preferred storage method, keep at least one backup offsite.

"It's not enough to just do a once-a-month backup," Elliott said. "Have multiple copies, and they should be distributed."

Of course, you also have to know what to do with that backup if you need it. Consider how your business will operate if the physical office is unavailable for any period of time. Imagine the meltdown scenario: Elliott refers to the "smoking-hole syndrome: what would happen if a meteor hits your business?" He's quick to point out that a fire or theft is more likely to hit your company than a space rock--but preparing for the less probable scenario helps ensure you're ready for more common problems.

3. Get your employees involved. Even if the buck stops with you, disaster readiness needs to incorporate the broader team. This is an area where SMBs might have an advantage over larger companies: Keeping everyone in the loop is a more streamlined task. Employees should know what to do when things go wrong and have access to the written plan. You should also involve them in testing and reviewing your readiness. Elliott said this step is often overlooked, even by SMBs with plans already in place.

"Have them understand the importance of your data and their role in recovery," Elliott said. "Make sure it's not just a one-man show."

4. Test and review your plan. You might think you have a rock-solid plan for various contingencies, but you don't really know until you put it to the test. Identify various disaster scenarios and run through them in a controlled environment to be sure you're able to recover quickly. A basic check: Simulate a complete outage, and get your company's must-have systems back online in rapid fashion. In doing so, look for outdated pieces, as well as any new systems or data that didn't exist when you first wrote your plan.

"The worst possible time to realize you have a flaw in your plan is when you have a disaster," Elliott said.

You can't afford to keep operating without redundancy for critical systems--but business units must prioritize before IT begins implementation. Also in the new, all-digital InformationWeek SMB supplement: Avoid the direct-attached storage trap. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2808
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a rel...

CVE-2014-9713
Published: 2015-04-01
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

CVE-2015-0259
Published: 2015-04-01
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

CVE-2015-0800
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2...

CVE-2015-0801
Published: 2015-04-01
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.