I can’t tie a knot that would safely secure a boat, nor can I carve a race-winning pinewood racer, but I’m pretty sure my time as a Boy Scout primed me for a career in technology. Their motto, “be prepared” made a deep and lasting impression on me, and I try to exemplify that attitude in how I conduct my business, and encourage my clients to do the same. This can take all forms – planning for the safety and security of your loved ones is something everyone should take very seriously – but many businesses are less than ideally prepared for adverse events. Though most folks think in terms of actual disasters – fires, floods, earthquakes and so on (welcome to Southern California!) – you should also consider smaller-scale catastrophes such as data loss, security breaches, employee malfeasance, theft, vandalism, and virus infections. Every business should have a Disaster Recovery and Business Continuity Plan, and if that business or organization relies on technology, those plans should include technology recovery and continuity as well. Don’t have a plan? Here are five important items to get you started on writing one:
- Back up your data – most folks have learned the hard lesson of data loss and at a minimum try to back up their most important data to a separate drive. But if that backup is stored on premise, it is just as susceptible to whatever might damage your source data. At minimum, a copy of your backups should be stored offsite in a secure location, and the best solution is a combination of cloud-based backups and regular rotation of local backups to an offsite location.
- Keep track of critical logins and passwords – most organizations that can’t afford to maintain a full-time IT person on staff often suffer from a blind spot in their operation manuals and documentation: logins and passwords for important technology services, as well as contact numbers or email addresses for critical vendor services. Keeping these small bits of information current and stored offsite can mean the difference between hours and days in recovering from a disastrous event.
- Identify your technology weak spots – if your business relies on physical technology to conduct business, consider how hard it would be to operate without that technology for days, or even weeks. Email or web server on premise? Payroll checks printed on special printers? Even if you don’t use any specialized hardware, can your business operate without internet or electricity? Identifying these potential vulnerabilities will go a long way to helping you minimize or eliminate them before they can cripple your business during adverse circumstances.
- Evaluate vendor preparedness – if you rely on service providers for crucial technology services, you should have at least a basic understanding of how prepared they are for disasters. Though you have less to worry about with large, experienced providers (even Gmail goes down from time to time), if one of your “weak spots” is a service provided by someone else, you should know if they are prepared to handle a disaster, and how the loss of this service would affect your own operations.
- Train your people – if you or someone in a leadership position is incapacitated or isolated from the organization, others need to be prepared to fill those shoes. This means training them or at least preparing documentation for them on all of the above. Nothing is worse than watching an organization flounder while everyone stands around staring at each other not knowing what to do.
These are only a few aspects of a well-formed DR/BC Plan. The larger the business, the more detailed and complex it will become, but every organization large or small, should have one. It may seem expensive or a waste of time, but putting the effort into a DR/BCP will be the difference between your organization overcoming a challenge or succumbing to a disaster. Be prepared!
Image courtesy of winnond at FreeDigitalPhotos.net
Normally, New Jersey and Manhattan datacenters don’t have to worry about floods, but Hurricane Sandy quickly overwhelmed many major providers like Internap and Peer 1 who provide service across the country. While most of their electronics were relatively safe from the torrential rains and high winds, water will – given time and opportunity – get into everything, and thousands of buildings in the area experienced severe flooding in basements and even ground-floor spaces. “Surely they don’t keep their electronics down in the basement!” I can hear you exclaim, and they don’t, but what is down there are generators and fuel pumps for those generators, because that’s where most buildings put their big, noisy mechanical equipment. Power outages don’t stop big datacenters – they’re designed to last for hours, even days without power – but those generators need fuel and air. When they are under 5 feet of water, both are going to be in short supply.
What this means for you:
When doing your disaster preparedness and continuity planning (you do have a DR/BC Plan, right?) you need to assess all vendors that provide services you would consider critical to your core business processes, particularly the ones that service your customers, such as website or application hosts, or even your own employees such as outsourced payroll services. If you are using providers that have weak, or even incomplete DR/BC plans of their own, you may want to change providers, or, at minimum, compartmentalize your own business processes so that your company isn’t completely crippled by a weak point in your service supply chain.
Image courtesy of “winnond” / FreeDigitalPhotos.net