To backup your company data in the "Cloud" with an online backup provider or to backup to only a local hard drive? That is what many small business owners are asking themselves these days.
For a small business with inadequate (or no) Disaster Recovery Plan, online backup can be a huge step in the right direction from a data protection standpoint. A company's data is considered one of the most valuable assets a business possesses, and should be protected in the event of a total disaster such as a fire, flood, earthquake, or theft. Therefore, having an offsite backup is very prudent. However, business owners should consider some of the security concerns associated with putting your data on someone else's computers.
Acccording to Kevin Beaver, information security consultant with Principle Logic LLC, "How do you know your backups are going to be secure? It's more than just 'we encrypt' and 'you'll have a login,'" said Beaver. "Online backup environments are just like any other Web application. There are literally tons of security flaws that can be exploited to put your backups at risk. Don't fall for the common 'we're SAS 70 certified' response. Ask for an independent penetration test/security assessment of Web-based environment and ensure the vendor's assessing for new security flaws on a regular basis."
Security expert Jon Toigo, CEO of Toigo Partners International echoed this sentiment. "A lot of cloud vendors will tell you everything you want to hear in order to get your business, but it would take a lot of time and energy for you to go and investigate whether they can deliver what they are saying they can. Interview other customers and make sure there are ironclad security policies in place before choosing a vendor."
If you personally don't have the time to weed out the "Cloud" hype from reality, then consult with your computer services consultant or contact Avisotek.
Also, data backup should only be one component of a full Disaster Recovery Plan. If your server or computer that stores all your company data has a complete meltdown, how quickly do you need to have that computer up and running? Two hours? One day? 72 hours?
How quickly data can be restored from a Cloud backup provider depends on your Internet bandwidth and how much data needs to be recovered. Your can easily recover one Word document in 10 minutes or less. However, recovering 200 GBs of data or thousands of files is another matter. It could take days or even a week. You will need to know what the data transfer rate is in order to calculate how long it will take to fully recover ALL of your data in the event of a complete disaster. If it is going to take too long, then you will need to explore other alternatives.
Showing posts with label Disaster Recovery Planning. Show all posts
Showing posts with label Disaster Recovery Planning. Show all posts
Friday, June 29, 2012
Put the "Plan" into Recovering from a Disaster
Four Essential Elements For an Effective Disaster Recovery Plan
Step #1: Identify Which Systems Are Absolutely Critical to Operating Your Business
There are three areas you need to assess: data, systems, and communications. Determine the data that is critical. Your customer database and accounting may be critical, but your employment applications forms may not be. On what computer systems is this data stored? Your company data may not be stored in one location. Data can be scattered over many computers. Also, determine which computer systems are critical. Perhaps, your company website availability is not important, but being able to access the Internet is. Sure, you need to access your customer database, but is printing also critical? Lastly, how do your customers communicate with you? How long can your business survive if all forms of communication are disrupted? What percentage of customers get a hold of your company through the telephone, email, or website? If 90% of you customers choose to contact your company using the telephone, then you could consider your phone system is far more critical than email.
Step #2: Determine How Long You Can Be Without These Critical Systems
If you clients could not contact you because all you communication systems are disrupted, how long will it take before they will contact a competitor? If you cannot process orders, at what point will you lose revenue and potentially loose customers? If you need your systems functional in 24 hours, then a solution that will get those systems functional in 7 to 10 days is not the right solution for your business.
Step #3: Know the Value of Your Critical Computer and Communications Systems
It is easier to figure out what the replacement costs of you computers are, but what about that customer database? How many hours have you spent entering information, comments, orders, etc? How much did you pay employees to enter this data? Sure, you will need this information for insurance purposes. You do need to make sure you are properly covered. And, you can't determine the best coverage until you know the replacement value of your systems and how much business you may lose as a result of the system being down. But, insurance companies do NOT cover data loss, only lost business. How long would it take to reconstruct your customer database? How much would it cost you to have all that data re-entered into the database? You may be surprised to find out that your database may be valued at tens of thousands of dollars.
Step #4 Have a Disaster Recovery Plan in Writing!
This is the most important element that you must have. When a disaster occurs you must be ready to recover and get your business up and running otherwise your business will be a statistic. As simple as it may sound, just thinking through in advance what needs to happen if your server has a meltdown or a natural disaster wipes out your office, will go a long way in getting it back fast. At minimum, the plan should contain details on what disaster could happen and a step-by-step process of what to do, who should do it and how. Also include contact information for various providers and username and password information for various key web sites and services. Writing this plan will also allow to think about what you need to budget for backup, maintenance, and disaster recovery. If you can’t afford to have your network down for more than a few hours, then you need to a plan that can get you back up and running within that time frame. You may want a redundant server, allowing your office to run off the redundant server while the real one is being repaired. And, with “virtualization” there are real inexpensive options to having a redundant server. If you can afford to be down a couple of days then there are less expensive solutions. Once written, print out a copy and store it in a fireproof safe, and offsite copy, and a copy with your IT consultant.
"Open for Business" disaster planning recovery series is an excellent source for those wanting to properly and fully plan for staying open for business in the event of any major disaster.
http://www.disastersafety.org/ofbInfo?execution=e5s2&execution=e5s1&execution=e5s1&type=ofb_basic
Step #1: Identify Which Systems Are Absolutely Critical to Operating Your Business
There are three areas you need to assess: data, systems, and communications. Determine the data that is critical. Your customer database and accounting may be critical, but your employment applications forms may not be. On what computer systems is this data stored? Your company data may not be stored in one location. Data can be scattered over many computers. Also, determine which computer systems are critical. Perhaps, your company website availability is not important, but being able to access the Internet is. Sure, you need to access your customer database, but is printing also critical? Lastly, how do your customers communicate with you? How long can your business survive if all forms of communication are disrupted? What percentage of customers get a hold of your company through the telephone, email, or website? If 90% of you customers choose to contact your company using the telephone, then you could consider your phone system is far more critical than email.
Step #2: Determine How Long You Can Be Without These Critical Systems
If you clients could not contact you because all you communication systems are disrupted, how long will it take before they will contact a competitor? If you cannot process orders, at what point will you lose revenue and potentially loose customers? If you need your systems functional in 24 hours, then a solution that will get those systems functional in 7 to 10 days is not the right solution for your business.
Step #3: Know the Value of Your Critical Computer and Communications Systems
It is easier to figure out what the replacement costs of you computers are, but what about that customer database? How many hours have you spent entering information, comments, orders, etc? How much did you pay employees to enter this data? Sure, you will need this information for insurance purposes. You do need to make sure you are properly covered. And, you can't determine the best coverage until you know the replacement value of your systems and how much business you may lose as a result of the system being down. But, insurance companies do NOT cover data loss, only lost business. How long would it take to reconstruct your customer database? How much would it cost you to have all that data re-entered into the database? You may be surprised to find out that your database may be valued at tens of thousands of dollars.
Step #4 Have a Disaster Recovery Plan in Writing!
This is the most important element that you must have. When a disaster occurs you must be ready to recover and get your business up and running otherwise your business will be a statistic. As simple as it may sound, just thinking through in advance what needs to happen if your server has a meltdown or a natural disaster wipes out your office, will go a long way in getting it back fast. At minimum, the plan should contain details on what disaster could happen and a step-by-step process of what to do, who should do it and how. Also include contact information for various providers and username and password information for various key web sites and services. Writing this plan will also allow to think about what you need to budget for backup, maintenance, and disaster recovery. If you can’t afford to have your network down for more than a few hours, then you need to a plan that can get you back up and running within that time frame. You may want a redundant server, allowing your office to run off the redundant server while the real one is being repaired. And, with “virtualization” there are real inexpensive options to having a redundant server. If you can afford to be down a couple of days then there are less expensive solutions. Once written, print out a copy and store it in a fireproof safe, and offsite copy, and a copy with your IT consultant.
"Open for Business" disaster planning recovery series is an excellent source for those wanting to properly and fully plan for staying open for business in the event of any major disaster.
http://www.disastersafety.org/ofbInfo?execution=e5s2&execution=e5s1&execution=e5s1&type=ofb_basic
Saturday, May 12, 2012
"Disaster Recovery Plan" May Not Be Sexy, But It Will Save Your Business Assets
I think Dale Carnegie said it best "plan for the worst, and only good things can happen". In previous blogs I've talked about how 50% of businesses file for bankruptcy immediately after a disaster which prevents them from accessing their data for 10 days or more. 93% will file for bankruptcy within one year following a disaster. Clearly, these companies were ill prepared, and the worst happened because of this lack of preparation.
In the blog "What Kind of Disasters Can Put Your Business Out of Business" I discussed what were the most common disasters that caused these companies to file for bankruptcy. Many of these so called "disasters" do not fall in the category of "acts of God". In fact, the majority of these disasters are "man made" and therefore are 100% preventable.
It does take information to know what to do, and it takes motivation to implement a plan. Sitting on the information won't do you any good. You need to put that information into action. Now that I've outlined what can happen and how certain disasters can impact your business, you will need to know what can be done to prevent, mitigate or even recovery from these disasters.
The best approach to managing disasters is a combination of the following:
But, what is this disaster prevention and planning going to cost my business in time and money?
That is an excellent question, but you are putting the cart before the horse. You should first ask, "If a particular disaster strikes my business, what will be the financial impact on my business?" And, you need to determine not just the short term financial impact, but potentially the long term financial impact as well. Once you have put together reasonably accurate financial impact numbers, then you can start examining the disaster prevention and recovery planning costs. At this stage it is more like shopping for insurance.
In the next series of blogs I'll drill down into more detail about the most effective methods of disaster recovery and prevention planning.
In the blog "What Kind of Disasters Can Put Your Business Out of Business" I discussed what were the most common disasters that caused these companies to file for bankruptcy. Many of these so called "disasters" do not fall in the category of "acts of God". In fact, the majority of these disasters are "man made" and therefore are 100% preventable.
It does take information to know what to do, and it takes motivation to implement a plan. Sitting on the information won't do you any good. You need to put that information into action. Now that I've outlined what can happen and how certain disasters can impact your business, you will need to know what can be done to prevent, mitigate or even recovery from these disasters.
The best approach to managing disasters is a combination of the following:
- Disaster Prevention
- For those events that are within your control to prevent then take the steps necessary to prevent the disaster from occurring. Even if you are not confident you can 100% prevent the event, even reducing the likelihood or mitigating the effects can save money or even your business.
- Disaster Recovery Planning
- For those events that are outside your control then develop a plan to recovery from these disasters in such a way that produces the minimal impact on your business when that disaster strikes
But, what is this disaster prevention and planning going to cost my business in time and money?
That is an excellent question, but you are putting the cart before the horse. You should first ask, "If a particular disaster strikes my business, what will be the financial impact on my business?" And, you need to determine not just the short term financial impact, but potentially the long term financial impact as well. Once you have put together reasonably accurate financial impact numbers, then you can start examining the disaster prevention and recovery planning costs. At this stage it is more like shopping for insurance.
In the next series of blogs I'll drill down into more detail about the most effective methods of disaster recovery and prevention planning.
Saturday, March 24, 2012
What Kind of Disasters Can Put Your Business Out of Business
When a disaster occurs you will want be ready to recover and get your business up and running ASAP, otherwise your business might be a statistic. Considering that 93% of companies that lost access to their data for 10 days or more filed for bankruptcy within one year of the disaster, and 50% file for bankruptcy immediately, you can't afford not to be prepared...unless you are prepared to completely lose your business!
In order to prepare you need to know what to prepare for...
What kind of disasters caused the above mentioned businesses to file for bankruptcy?
As you can see, not all disasters are "Acts of God" out of your control. In fact, numbers 2 through 8 are 100% preventable. To prevent these disasters you just need to know what process, procedures, or products to put into place.
How did these disasters impact the businesses to the point of putting the company out of business?
The answer is actually pretty simple. Essentially, the businesses were unable to deliver their product or service to their clients because...
And the above is just to name a few causes, but you get the idea.
Next Blog: What steps you need to take to prevent the above from happening to your business.
In order to prepare you need to know what to prepare for...
What kind of disasters caused the above mentioned businesses to file for bankruptcy?
- Fire, flood, earthquake, tornado, or other natural disaster that caused major damage to the computer systems or completely destroyed the building where the business was located
- Theft of the major or all computer systems and/or data
- Electrical surges, brown outs, or power outages that caused electrical damage to the computer systems
- Act of sabotage which in most cases were directed at the most important data or database by a disgruntled employee or contractor
- A lawsuit brought against the company for lack of required data security
- Lack of sufficient environmental controls which caused the computer systems to overheat to the point of complete failure
- A virus infection which was designed to wipe out or erase all data on a computer hard drive
- Hardware failure from normal usage
As you can see, not all disasters are "Acts of God" out of your control. In fact, numbers 2 through 8 are 100% preventable. To prevent these disasters you just need to know what process, procedures, or products to put into place.
How did these disasters impact the businesses to the point of putting the company out of business?
The answer is actually pretty simple. Essentially, the businesses were unable to deliver their product or service to their clients because...
- Customers could not communicate with the business due to phone or email systems being unavailable
- Ordering, inventory, and accounting databases were lost or unavailable preventing the processing of customer orders
- The good name or reputation of the business was lost causing customers to go elsewhere because of lack of reliability, slow delivery of product, or lack of confidence their private data is secure
And the above is just to name a few causes, but you get the idea.
Next Blog: What steps you need to take to prevent the above from happening to your business.
Saturday, December 3, 2011
A Computer Disaster Can Put Your Company Out of Business
"93% of companies that lost access to their data for 10 days or
more due to a disaster filed for bankruptcy within one year of the
disaster, and 50% filed for bankruptcy immediately." (Source: National Archives & Records Administration in Washington.)
Yes, disasters do happen, but we don't need to be helpless victims in the face of every disaster.
To prepare for various causes of computer system disasters there are two important approaches: prevent the disasters you can, and develop a recovery plan for those disasters caused by forces outside your control. There are many computer system disasters that are 100% preventable. Then there are circumstances that are out of your control like "acts of God" such as fire, flood, and earthquakes. Under those situations the best you can do is mitigate the consequences as much as possible. Whether you want to prevent disasters or mitigate the consequences of one you need a plan of action.
Why are so many small businesses ill prepared for a computer disaster?
This illustration provides an explanation: 3% of all hard drives fail on an annual basis. That statistic is constant whether you have one computer or 1000. However, there is a difference in perception between the company that has one computer versus a company that has 1000 computers. The company with 1000 computers experiences 30 computer hard drive failures each year. As result that company will have a process in place to replace those hard drives quickly and with as little disruption as possible. Contrast that with the company that has one computer. It may have yet to experience a hard drive failure. Therefore, there is a perception hard drive failures don't happen and are ill prepared and caught of guard when it does happen. I'm certain that the functioning of the computer system is just as important to the company with one computer as the one with 1000 computers. The difference is the company with 1000 computers has been taught through experience and developed disaster recovery process whereas the company with one computer has no experience with such a disaster and therefore is lacking the appropriate level of emergency recovery preparedness.
But, do you have to wait for a disaster to occur in order to learn what can happen and what you need to do to prevent that kind of disaster or be properly prepared with an emergency recovery process? Obviously, the answer is no. You can learn from your peers. What about that 1000 computer company? Don't you think that company may have some insight you would find useful? It is definitely very important for you to find an expert in this area. Lack of experience or knowledge can be extremely costly if that lack of preparedness results in the loss of your business.
Next: What Computer "Disasters" Can Be Avoided or Prevented
Yes, disasters do happen, but we don't need to be helpless victims in the face of every disaster.
To prepare for various causes of computer system disasters there are two important approaches: prevent the disasters you can, and develop a recovery plan for those disasters caused by forces outside your control. There are many computer system disasters that are 100% preventable. Then there are circumstances that are out of your control like "acts of God" such as fire, flood, and earthquakes. Under those situations the best you can do is mitigate the consequences as much as possible. Whether you want to prevent disasters or mitigate the consequences of one you need a plan of action.
Why are so many small businesses ill prepared for a computer disaster?
This illustration provides an explanation: 3% of all hard drives fail on an annual basis. That statistic is constant whether you have one computer or 1000. However, there is a difference in perception between the company that has one computer versus a company that has 1000 computers. The company with 1000 computers experiences 30 computer hard drive failures each year. As result that company will have a process in place to replace those hard drives quickly and with as little disruption as possible. Contrast that with the company that has one computer. It may have yet to experience a hard drive failure. Therefore, there is a perception hard drive failures don't happen and are ill prepared and caught of guard when it does happen. I'm certain that the functioning of the computer system is just as important to the company with one computer as the one with 1000 computers. The difference is the company with 1000 computers has been taught through experience and developed disaster recovery process whereas the company with one computer has no experience with such a disaster and therefore is lacking the appropriate level of emergency recovery preparedness.
But, do you have to wait for a disaster to occur in order to learn what can happen and what you need to do to prevent that kind of disaster or be properly prepared with an emergency recovery process? Obviously, the answer is no. You can learn from your peers. What about that 1000 computer company? Don't you think that company may have some insight you would find useful? It is definitely very important for you to find an expert in this area. Lack of experience or knowledge can be extremely costly if that lack of preparedness results in the loss of your business.
Next: What Computer "Disasters" Can Be Avoided or Prevented
Have you ever lost an hour of work on your computer?
Now imagine if you lost days or weeks of work – or imagine losing your client database, financial records, and all of the work files your company has ever produced or compiled. Imagine what would happen if your network went down for days, where you couldn’t access e-mail or the information on your PC. How frustrating would that be?
Or, what if a major storm, flood, or fire destroyed your office and all of your files? Or if a virus wiped out your server…do you have an emergency recovery plan in place that you feel confident in? How quickly do you think you could recover, if at all?
Many small business owners tend to ignore or forget about taking steps to secure their company’s network from these types of catastrophes until disaster strikes. By then it’s too late and the damage is done.
"93% of companies that lost access to their data for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster, and 50% filed for bankruptcy immediately." (Source: National Archives & Records Administration in Washington.)
Your first response may be this is an astonishing statistic. But, is it all that surprising?
Obviously, this statistic would not even exist if all business owners had effective disaster recovery plans in place. I'm sure that these companies that declared bankruptcy after disaster thought their businesses were secure from the consequences the very disaster that put their company out of business. Unfortunately, there is a huge gap in the knowledge small business owner need to have in order to develop an effective disater recovery plan.
In the next series of blogs I will go over developing an emergency recovery plan for your business that will keep your business functioning through the loss of your computer systems or communication systems as well as loss of access to your company data and customer databases.
Having a disaster recovery plan is critical to not only your company continuing to conduct business but also staying in business.
Or, what if a major storm, flood, or fire destroyed your office and all of your files? Or if a virus wiped out your server…do you have an emergency recovery plan in place that you feel confident in? How quickly do you think you could recover, if at all?
Many small business owners tend to ignore or forget about taking steps to secure their company’s network from these types of catastrophes until disaster strikes. By then it’s too late and the damage is done.
"93% of companies that lost access to their data for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster, and 50% filed for bankruptcy immediately." (Source: National Archives & Records Administration in Washington.)
Your first response may be this is an astonishing statistic. But, is it all that surprising?
Obviously, this statistic would not even exist if all business owners had effective disaster recovery plans in place. I'm sure that these companies that declared bankruptcy after disaster thought their businesses were secure from the consequences the very disaster that put their company out of business. Unfortunately, there is a huge gap in the knowledge small business owner need to have in order to develop an effective disater recovery plan.
In the next series of blogs I will go over developing an emergency recovery plan for your business that will keep your business functioning through the loss of your computer systems or communication systems as well as loss of access to your company data and customer databases.
Having a disaster recovery plan is critical to not only your company continuing to conduct business but also staying in business.
Subscribe to:
Comments (Atom)
