Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/26/2011
12:18 PM
50%
50%

4 Pre-Hurricane Disaster Prep Tips For SMBs

Earthquakes have passed, Hurricane Irene looms: Time to give your disaster readiness plan a check-up.

12 Money Saving Tech Tips For SMBs
(click image for larger view)
Slideshow: 12 Money Saving Tech Tips For SMBs
Earthquakes, hurricanes--what's next?

Well, that's kind of the point: You don't know, yet there's a seemingly endless list of things that could disrupt your company's critical systems. IT disasters aren't always wrought by Mother Nature, either. Employee error, security breaches, or technology failures can leave a business in the lurch.

I spoke with Dave Elliott, senior product marketing manager at Symantec, to get his take. He outlined four straightforward ways to keep your company prepared for the worst.

1. Have a plan. (No, really.) You can't evaluate your disaster readiness if you don't have a plan. Unfortunately, plenty of smaller companies leave this on their perpetual to-do list: 57% have no recovery plan, according to a Symantec poll of more than 1,200 small and midsize businesses (SMBs) conducted earlier this year. U.S. firms may be particularly ill-prepared. Disaster readiness can feel like the IT equivalent of going to the dentist twice a year: You know you're supposed to do it, but it's really easy to put off. (And put off. And put off again.) Then, bam: Root canal.

"Don't wait until it's too late," Elliott said. "Start with identifying your most important information and create a plan to recover that data in case there is a disaster."

A good plan need not involve reams of paper: Elliott said it can be as short as one page, so long as it covers everything the business needs to stay up and running. Put the plan in writing.

2. Prioritize critical data and systems and prepare for the worst. If you're currently operating without any kind of disaster recovery plan, coming up with one can seem daunting. Don't worry about doing it all at once--start with the most business-critical areas and work your way down the list.

Backup and redundancy are crucial to disaster preparedness. No matter your preferred storage method, keep at least one backup offsite.

"It's not enough to just do a once-a-month backup," Elliott said. "Have multiple copies, and they should be distributed."

Of course, you also have to know what to do with that backup if you need it. Consider how your business will operate if the physical office is unavailable for any period of time. Imagine the meltdown scenario: Elliott refers to the "smoking-hole syndrome: what would happen if a meteor hits your business?" He's quick to point out that a fire or theft is more likely to hit your company than a space rock--but preparing for the less probable scenario helps ensure you're ready for more common problems.

3. Get your employees involved. Even if the buck stops with you, disaster readiness needs to incorporate the broader team. This is an area where SMBs might have an advantage over larger companies: Keeping everyone in the loop is a more streamlined task. Employees should know what to do when things go wrong and have access to the written plan. You should also involve them in testing and reviewing your readiness. Elliott said this step is often overlooked, even by SMBs with plans already in place.

"Have them understand the importance of your data and their role in recovery," Elliott said. "Make sure it's not just a one-man show."

4. Test and review your plan. You might think you have a rock-solid plan for various contingencies, but you don't really know until you put it to the test. Identify various disaster scenarios and run through them in a controlled environment to be sure you're able to recover quickly. A basic check: Simulate a complete outage, and get your company's must-have systems back online in rapid fashion. In doing so, look for outdated pieces, as well as any new systems or data that didn't exist when you first wrote your plan.

"The worst possible time to realize you have a flaw in your plan is when you have a disaster," Elliott said.

You can't afford to keep operating without redundancy for critical systems--but business units must prioritize before IT begins implementation. Also in the new, all-digital InformationWeek SMB supplement: Avoid the direct-attached storage trap. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This gives a new meaning to blind leading the blind.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28815
PUBLISHED: 2021-06-16
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link vers...
CVE-2021-3535
PUBLISHED: 2021-06-16
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. ...
CVE-2021-32685
PUBLISHED: 2021-06-16
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-5...
CVE-2021-32623
PUBLISHED: 2021-06-16
Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using...
CVE-2021-32676
PUBLISHED: 2021-06-16
Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9...