Data Protection 360

Are you ready for disaster?

Nobody likes to think about it, and nobody likes to spend money to prepare for something that may never happen. But in ’89 in San Francisco, there was a 7.1 earthquake on the day of the World Series, and the company I worked for spent months getting everything put back together again. There have been many disasters since, and there will be more to come. But one thing stands out in my mind from the ’89 earthquake, and that is the surprising number of companies that went out of business completely in the weeks and months after it happened. These were, mind you, companies that were otherwise viable—they just went under because they weren’t able to get back in business quick enough and they lost momentum.

There is both a technical and a strategic element to business continuity and disaster recovery, and before the technology gets put into place, it’s all about policy and planning. Even if you do have your data, you need several things to keep operating:

• You need to know where your people are
• You need a place for them to work if your office has been damaged
• You need computers for them to work on

In case of a major disaster, an office may be completely inaccessible (this was the case in ’89). If the office has been destroyed, and no plan has been put into place, nobody will know that they still need to come to work at an alternate location. The first measure is to have multiple officers in possession of an employee contact list, which details all addresses, phone numbers, cell phone numbers, and email addresses, which for purposes of privacy and compliance with various regulations, should be kept in secure locations off-site. The list would allow all personnel to be contacted, their safety and well-being determined, and then informed of alternate work arrangements.

It would be relatively easy for a small company with just a few staff to find some alternative work space, even if it’s just in the CEO’s garage. But larger companies will need to consider this ahead of time, possibly with a standing arrangement with another office facility in a neighboring town for backup work space. And of course, keep in mind that we are in the era of Web 2.0, and teleworking is a viable way of doing business, assuming that Internet lines are still operational. Even if you do not have a telecommuting program in place for day-to-day operations, a backup plan for taking the company “virtual� at a moment’s notice could get you back up and running within hours.

Lastly, if the office is a total loss, you have probably lost your computers as well (but hopefully not your data). Know ahead of time where you can purchase, rent, lease, or borrow computers and servers on short notice. But besides that, it’s very likely that almost every staff member has a personal computer at home, and this would hasten the teleworking option. However, if this is the case, security must be paramount—home computers are frequently unsafe and unprotected, so make every effort to ensure that the usual authentication and authorization measures are in place, a secure virtual private network, as well as, to the extent possible, current anti-virus and anti-malware in place at each endpoint.

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world