Information and information technology (IT) are the lifeblood of most businesses and must be included in any business continuity plan.
Failing to take the necessary steps to protect data and data equipment from weather and other causes of loss leaves your business vulnerable. Take time now to review systems you have in place to protect your data and the equipment your employees use to create, receive, transmit and store information.
Even though most businesses cannot operate without vital records and critical information, much of which is created and recorded electronically, many business owners may not know where this information is digitally located and stored. Some businesses also may have important current and historical documents that are only available in paper form. Without proper planning, these vital records may be damaged or lost in the event a weather event or other disaster strikes. All too often, the loss of critical data and information brings commerce activity to a standstill and ultimately can cause the business to fail. This reinforces the need to have systems in place to protect and retrieve your data as part of your business continuity plan.
THE NEED FOR PLANNING
Many situations can wreak havoc on IT systems, often resulting in time consuming and difficult attempts to re-create the stored information. Even if the inability to access data is temporary, it could reduce your competitive edge, damage your reputation and result in the loss of new and existing customers.
WHY YOUR SYSTEM IS AT RISK
Your business continuity plan should include steps to protect and/or back up all aspects of the IT system, including hardware, software, data and connectivity. Different hazards may target different parts of an IT system; it is important to consider everything from a brief power interruption to the physical destruction of the facility.
HELPFUL DEFINITIONS
- Hardware: peripheral devices such as monitors, printers, scanners, external hard drives, and keyboards.
- Software: programs that enable applications to run or operate on your computer systems.
- Data: information stored and saved on your computer such as files, folders, and multimedia.
- Connectivity: movement of data from one source to another including wireless computing, network or cable lines and modems.
POWER DISRUPTIONS
The interruption of the power supply can take on many forms: surges, spikes, brownouts and blackouts. The briefest and most common disturbances such as power or voltage surges are virtually inevitable and can be damaging. While often lasting only a millisecond, these surges can raise the voltage in electronic circuits from a few hundred to as much as several thousand volts, potentially damaging sensitive IT and other electronic equipment. For information about the use and maintenance of surge protectors, see IBHS’ article on protecting commercial properties from power surges at http://disastersafety.org/commercial_maintenance/ protecting-commercial-properties-from-power-surges.
Back-up power plays a critical role in the protection of IT systems. In the short-term, and as a complement to a surge protector, an uninterruptible power supply (UPS) provides near-instantaneous protection from power interruptions for a relatively short period. The typical period of 10-20 minutes is enough time to properly shut down protected equipment or bring an auxiliary power source online. This will provide a bridge to save data and issue shutdown commands to the operating system until power resumes normally or a secondary power source is provided.
Over the long-term, an emergency power generator allows for the operation of some or all electronic equipment and lights and can greatly reduce business disruption when normal power is interrupted. The use of a generator poses certain risks that must be addressed for safe operation, including fire, damage to electrical equipment and even injury or death to people operating the generator or in the building where it is being used. For information on the safe operation and maintenance of generators, see the IBHS article here.
If you are aware of an upcoming power disruption, make time to turn off and unplug computer hardware and other sensitive electrical equipment in advance to avoid the risk of serious damage due to power fluctuations.
BOUNDLESS INTERNET CONNECTIVITY CHOICES
Large businesses no longer have a monopoly on the best Internet connection solutions. There is a variety of options available and connections that are capable of keeping up with everyday tasks. However, choosing the right solution means evaluating the needs of your business:
- How critical is connectivity?
- Is it important to have connectivity that is always online?
- Do you have Web hosting requirements?
- Do you send and receive large files?
- How much security do you need?
Once you determine basic usage criteria, choosing a dependable connection service will help you grow and adapt to your business needs. Evaluate and consider all of the Internet service options available in your area and what is most affordable.
HELPFUL DEFINITIONS
- ISDN (integrated services digital network): runs over digital telephone lines or normal telephone wires
- DSL (digital subscriber line): runs over a business phone line and connects to your computer network using a modem or router
- Cable: same as DSL but runs over a coaxial cable
- ADSL (Asymmetric Digital Subscribers Line): connection works by splitting your phone line into two separate channels, one for data (Internet) and one for voice (phone calls)
- Satellite: requires a satellite dish with a clear line of sight Dedicated Leased Lines: T-carriers (T-1 and T-3) lines
- Fixed wireless: long range wireless connectivity
- BPL (broadband over power lines): Internet over power lines
BACKUP AND RECOVERY PROCEDURES
Every business owner should have data backup and recovery procedures to reduce the economic impact of data and service interruptions. Consider the various risks facing your business:
- Hardware failure
- Software failure (failed application patches or upgrades, viruses and malware)
- Human error (accidental deletion of data, theft, sabotage, etc)
- Corrupt data
- Power outages
- Security
- Disaster (natural or man-made)
What should be backed up? While this will vary, business owners should identify critical data that needs to be backed up and archived, such as electronic files, spreadsheets, documents, email, databases, notes, pictures, graphics, applications and their settings, servers and other irreplaceable customer data. Full physical backups of data should be done at least weekly, and even more often if your business generates large amounts of new data daily. Incremental data backups can be done on a daily basis.
There is a wide range of options when it comes to choosing a backup strategy for your business. Determine the most effective method for your company based on how much data you have to store, how vital specific types of data are to the continuation of your business, and how quickly you need to retrieve it. There are several backup methods to consider. Mix and match the options below for different types of data, beginning with very basic to more complex.
TEST WHEN THE SUN SHINES
Like evacuation and fire drills, test your backup recovery strategies. From time to time, restore a file from your backup drive or tape. If you use an outside service provider, ask them to run through a disaster scenario with you. In addition, be sure to inquire as to their business continuity plans. You want to make sure their backup not only is secure, but also that it and/or its backup servers are located outside the same region as you, so they are not affected by the same storm or other disaster that may damage your facility or IT system.
For any business function, be sure to document the recovery steps. For testing your backup recovery strategies, there should be documentation on how to retrieve the data in a step by step process in the event someone else other than the primary person is not available after a disaster. The documentation should include the pre-, during and post- backup steps. By keeping good records, you can restore your backups with the least amount of downtime. If downtime does occur, having a social media strategy can keep the lines of communication open with your customers and suppliers. For example, using Twitter to announce that you are offline for “maintenance” will fill the void if you are unable to respond quickly due to a power disruption. Twitter and Facebook posts can be made using smartphones, which will limit the hardware that needs to be functioning while you restore data or power sources.
INFORMATION TECHNOLOGY AS PART OF YOUR BROADER BUSINESS CONTINUITY PLAN
The Insurance Institute for Business & Home Safety’s (IBHS) Open for Business® program is a no-cost, comprehensive disaster planning tool to assist businesses in reducing the potential for loss and recovering quickly should a disaster strike. Open for Business® covers many aspects of business operations; for data protection, the program will help you to determine the following:
- What you need to backup,
- How much disk space needs backed up,
- Review of your Internet connection capacity (can it accommodate off-site file transfers),
- How often should backups be performed (depends on how often your data changes),
- How will you monitor your backup system(s), and
- Test your ability to restore data (restore a portion of your data on a scheduled basis)
The goal is to make sure that your data and IT systems are available and ready when you are ready to resume operations, so that you can continue to offer your products and/or services to your customers in the event of any business disruption, keeping your business open without the loss of critical data that allows you to continue with little disruption even if your facility and its IT systems are not available for normal operations.