Risk
8/26/2011
12:18 PM
Connect Directly
RSS
E-Mail
50%
50%

4 Pre-Hurricane Disaster Prep Tips For SMBs

Earthquakes have passed, Hurricane Irene looms: Time to give your disaster readiness plan a check-up.

12 Money Saving Tech Tips For SMBs
(click image for larger view)
Slideshow: 12 Money Saving Tech Tips For SMBs
Earthquakes, hurricanes--what's next?

Well, that's kind of the point: You don't know, yet there's a seemingly endless list of things that could disrupt your company's critical systems. IT disasters aren't always wrought by Mother Nature, either. Employee error, security breaches, or technology failures can leave a business in the lurch.

I spoke with Dave Elliott, senior product marketing manager at Symantec, to get his take. He outlined four straightforward ways to keep your company prepared for the worst.

1. Have a plan. (No, really.) You can't evaluate your disaster readiness if you don't have a plan. Unfortunately, plenty of smaller companies leave this on their perpetual to-do list: 57% have no recovery plan, according to a Symantec poll of more than 1,200 small and midsize businesses (SMBs) conducted earlier this year. U.S. firms may be particularly ill-prepared. Disaster readiness can feel like the IT equivalent of going to the dentist twice a year: You know you're supposed to do it, but it's really easy to put off. (And put off. And put off again.) Then, bam: Root canal.

"Don't wait until it's too late," Elliott said. "Start with identifying your most important information and create a plan to recover that data in case there is a disaster."

A good plan need not involve reams of paper: Elliott said it can be as short as one page, so long as it covers everything the business needs to stay up and running. Put the plan in writing.

2. Prioritize critical data and systems and prepare for the worst. If you're currently operating without any kind of disaster recovery plan, coming up with one can seem daunting. Don't worry about doing it all at once--start with the most business-critical areas and work your way down the list.

Backup and redundancy are crucial to disaster preparedness. No matter your preferred storage method, keep at least one backup offsite.

"It's not enough to just do a once-a-month backup," Elliott said. "Have multiple copies, and they should be distributed."

Of course, you also have to know what to do with that backup if you need it. Consider how your business will operate if the physical office is unavailable for any period of time. Imagine the meltdown scenario: Elliott refers to the "smoking-hole syndrome: what would happen if a meteor hits your business?" He's quick to point out that a fire or theft is more likely to hit your company than a space rock--but preparing for the less probable scenario helps ensure you're ready for more common problems.

3. Get your employees involved. Even if the buck stops with you, disaster readiness needs to incorporate the broader team. This is an area where SMBs might have an advantage over larger companies: Keeping everyone in the loop is a more streamlined task. Employees should know what to do when things go wrong and have access to the written plan. You should also involve them in testing and reviewing your readiness. Elliott said this step is often overlooked, even by SMBs with plans already in place.

"Have them understand the importance of your data and their role in recovery," Elliott said. "Make sure it's not just a one-man show."

4. Test and review your plan. You might think you have a rock-solid plan for various contingencies, but you don't really know until you put it to the test. Identify various disaster scenarios and run through them in a controlled environment to be sure you're able to recover quickly. A basic check: Simulate a complete outage, and get your company's must-have systems back online in rapid fashion. In doing so, look for outdated pieces, as well as any new systems or data that didn't exist when you first wrote your plan.

"The worst possible time to realize you have a flaw in your plan is when you have a disaster," Elliott said.

You can't afford to keep operating without redundancy for critical systems--but business units must prioritize before IT begins implementation. Also in the new, all-digital InformationWeek SMB supplement: Avoid the direct-attached storage trap. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2886
Published: 2014-09-18
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during ins...

CVE-2014-4352
Published: 2014-09-18
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

CVE-2014-4353
Published: 2014-09-18
Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.

CVE-2014-4354
Published: 2014-09-18
Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.

CVE-2014-4356
Published: 2014-09-18
Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.

Best of the Web
Dark Reading Radio