Risk
8/26/2011
12:18 PM
Connect Directly
RSS
E-Mail
50%
50%

4 Pre-Hurricane Disaster Prep Tips For SMBs

Earthquakes have passed, Hurricane Irene looms: Time to give your disaster readiness plan a check-up.

12 Money Saving Tech Tips For SMBs
(click image for larger view)
Slideshow: 12 Money Saving Tech Tips For SMBs
Earthquakes, hurricanes--what's next?

Well, that's kind of the point: You don't know, yet there's a seemingly endless list of things that could disrupt your company's critical systems. IT disasters aren't always wrought by Mother Nature, either. Employee error, security breaches, or technology failures can leave a business in the lurch.

I spoke with Dave Elliott, senior product marketing manager at Symantec, to get his take. He outlined four straightforward ways to keep your company prepared for the worst.

1. Have a plan. (No, really.) You can't evaluate your disaster readiness if you don't have a plan. Unfortunately, plenty of smaller companies leave this on their perpetual to-do list: 57% have no recovery plan, according to a Symantec poll of more than 1,200 small and midsize businesses (SMBs) conducted earlier this year. U.S. firms may be particularly ill-prepared. Disaster readiness can feel like the IT equivalent of going to the dentist twice a year: You know you're supposed to do it, but it's really easy to put off. (And put off. And put off again.) Then, bam: Root canal.

"Don't wait until it's too late," Elliott said. "Start with identifying your most important information and create a plan to recover that data in case there is a disaster."

A good plan need not involve reams of paper: Elliott said it can be as short as one page, so long as it covers everything the business needs to stay up and running. Put the plan in writing.

2. Prioritize critical data and systems and prepare for the worst. If you're currently operating without any kind of disaster recovery plan, coming up with one can seem daunting. Don't worry about doing it all at once--start with the most business-critical areas and work your way down the list.

Backup and redundancy are crucial to disaster preparedness. No matter your preferred storage method, keep at least one backup offsite.

"It's not enough to just do a once-a-month backup," Elliott said. "Have multiple copies, and they should be distributed."

Of course, you also have to know what to do with that backup if you need it. Consider how your business will operate if the physical office is unavailable for any period of time. Imagine the meltdown scenario: Elliott refers to the "smoking-hole syndrome: what would happen if a meteor hits your business?" He's quick to point out that a fire or theft is more likely to hit your company than a space rock--but preparing for the less probable scenario helps ensure you're ready for more common problems.

3. Get your employees involved. Even if the buck stops with you, disaster readiness needs to incorporate the broader team. This is an area where SMBs might have an advantage over larger companies: Keeping everyone in the loop is a more streamlined task. Employees should know what to do when things go wrong and have access to the written plan. You should also involve them in testing and reviewing your readiness. Elliott said this step is often overlooked, even by SMBs with plans already in place.

"Have them understand the importance of your data and their role in recovery," Elliott said. "Make sure it's not just a one-man show."

4. Test and review your plan. You might think you have a rock-solid plan for various contingencies, but you don't really know until you put it to the test. Identify various disaster scenarios and run through them in a controlled environment to be sure you're able to recover quickly. A basic check: Simulate a complete outage, and get your company's must-have systems back online in rapid fashion. In doing so, look for outdated pieces, as well as any new systems or data that didn't exist when you first wrote your plan.

"The worst possible time to realize you have a flaw in your plan is when you have a disaster," Elliott said.

You can't afford to keep operating without redundancy for critical systems--but business units must prioritize before IT begins implementation. Also in the new, all-digital InformationWeek SMB supplement: Avoid the direct-attached storage trap. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7877
Published: 2014-10-30
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.

CVE-2014-3051
Published: 2014-10-29
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof s...

CVE-2014-3668
Published: 2014-10-29
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument t...

CVE-2014-3669
Published: 2014-10-29
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function ...

CVE-2014-3670
Published: 2014-10-29
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly exec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.