DISASTER RECOVERY PLANS FOR YOUR BUSINESS COMPUTERS

INTRODUCTION:

Like clockwork, once a high publicity disaster befalls a community, all the newspapers, media and business journals go on at length about the destruction of vital records and the loss of the priceless asset that is the information stored in the typical company’s computers. Everything from vendor and customers lists to years of correspondences, plans and specs, employee and tax information and, increasingly vital, e mail exchanges are often lost forever.

Most medium and small businesses save most of their records now either on desktop computers or a local server (a larger storage and distribution computer) located on the premises. A few wiser companies also use backup provided by a local company that routinely stores the company files on a much larger server at another location.

But a surprising number of companies do not take the time or trouble to truly analyze the safety of such methods. Most companies do not know where the off site server is located or if it is subject to the same threat of disaster or loss of electricity for prolonged periods. (It’s eight o’clock…do you know where your backup server is?)

One client felt relaxed about having not only a very good local server in the office but a backup server provided by his computer maintenance people-until he discovered that they were located in the same building and the flood that destroyed his system…destroyed theirs. Another client knew that his backup outside server had a battery to maintain its functioning and memory if there was a power outage…but never investigated to discover that the batteries useful life, when new, was six hours, woefully inadequate.

The wise business understands that taking time to plan for such disasters is not only wise but vital in today’s electronic information age. This article shall briefly discuss some basic steps to take to implement your disaster recovery plan for your own data.

THE BASIC PLAN:

1. Consider the Risks And Prepare Defensive Steps To Minimize Them.

1. IN OFFICE DISASTERS: Most people readily consider the danger of fire and flood within the office but few realize that having an actual fire in the premises may not be necessary for destruction of electronic memory. Smoke travels where the air travels and smoke is actually particulates (soot) on air currents. Most computers have fans that bring cool air into the computer. Most buildings have heating and air condition systems that move air around. Put simply, a fire on a floor five hundred feet below you could result in soot ruining your server on your floor. Indeed, fire sprinkler systems are often the cause of “local flooding” that destroys data. Most buildings have extremely sensitive systems that release water even if the fire is not on the in office premises. The fire may be putting soot in your server while the fire protection system simultaneously drowns it…all due to a fire not even in your premises. Waterproof casings on the computer and isolated ventilation systems are recommended-but seldom practically available. Back up systems are, realistically, your only solution to this in office risk.

2. IN OFFICE VANDALISM/THEFT.  Disgruntled employees or vendors can easily gain access to most servers in most offices and pushing a few buttons or pulling a plug can wreck havoc. Most battery back up systems do not have alarms sounding when they come on and only last a few hours. It is remarkable that few companies bother to lock their server away in truly secure locations, with power chords locked into plugs. If a separate room is not available, secure and locked computer cabinets can be purchased that enclose the entire server and power supply and, of course, if battery power comes on there should be warning alert on every computer screen and an audible alarm. The battery back up should be a minimum of twelve hours. This is not expensive to create and should be the part of every system in every business.

3. VIRUSES AND INTERNET SECURITY ATTACKS. Although most people are aware in a vague manner that viruses are out there and purchase some anti virus programs, few realize that it is only a matter of time until a virus will truly disrupt the internet and all computers on it for hours or weeks. We are engaged in a race between defensive measures and brilliant hostile minds seeking to demonstrate their prowess or harm the global economy. When suicide bombers cheerfully commit suicide to wreck havoc in a store or bus station, it is apparent that the technologically sophisticated enemies of this nation will sooner or later break through with a system attack that could, in microseconds, cause more economic harm than a thousand suicide bombings. No one expected the Twin Towers, All should expect the internet attack. One easy solution is to disconnect from the internet when not actually using it. The problem with that is most businesses are now global and require twenty four hour a day access. Further, the most likely time for an attack would be during regular business hours.  The only real protection is the best virus protection software one can find and a backup system described below. Your system will sooner or later be a victim of attack. Plan on storing data off the internet linked computers now and keep the older technology available since sooner or later you will need it. Yes, cell phones, not just Trios, yes fax and Xerox machines, not just scanning and e mail. And print out information and place the key information in file cabinets. Someday, when all are bewailing the loss, you will still be in business.

4. GENERAL DISASTER PLAN FOR YOUR PERSONNEL. Too many companies protect the machinery and do not think about the fact that the people with the expertise to utilize same may not be available to use it. If you have expert personnel who are essential to the retrieving of the data, have you considered how to make sure they are available and reachable in an emergency to actually do the work? Find out what expertise is needed and either learn it yourself or have at least two persons capable of working on the data with one always local and available. Create a plan for how to get that person to your office. This should form part of a personnel disaster plan that is not the topic of this article but should be a part of your office overall business plan.

5. UPDATE YOUR NEEDS.  Most businesses upgrade their computers at least annually, often more. A disaster plan good for last year may be useless for this year. One client after a fire discovered to his horror that the operating system he needed to retrieve his older data storage system was no longer in production. Each year, every year, review the entire methodology and technology of what you are using and update it.

6. MAKE SURE YOUR CONTRACTS GIVE YOU TIME TO REPAIR.  Each obligation your company undertakes should have a clause giving you extra time to perform should you face computer data loss. These are called Force Majeure clauses and your attorney should review your agreements to make sure they exist. Check the Contracts article on our web site for a fuller discussion of this clause.

THE PLAN IN WRITING.

Using the criteria above, management should create a written plan which is also stored off site but which all top management can gain access to when needed. DO NOT STORE IT ON COMPUTER…PRINT IT OUT AND KEEP IT IN A FIRE PROOF SAFE OFF SITE.

1. A disaster recovery plan needs to include documentation of the computer configuration, backup copies of the application software and most importantly, backup copies of your data. It also should specifically identify for various levels of interruption what needs to be done and who has the responsibility to do it.  The plan must be tested periodically to assure that it’s working correctly. An essential element: get the data off site in a secure location and update that process weekly or more often.

2. The very small business with one computer has two options depending on the amount of data that needs to be backed up. One is the DOS/Windows backup utility that comes with the computer. This is an inexpensive, yet effective solution. But as the number of required disks for the database increases, the more time- consuming this project becomes for the person whose job it is to sit and feed the disks.

3. In the case where several megabytes need to be backed up, a tape backup drive is a better solution. This is available from 250 MB and costs less than $300. Tape backup drives come with software that allow regular, unattended backups - including program files. This allows for the quickest recovery in case the hard disk drive fatally crashes. For a relatively small cost, this solution is convenient and frees up the computer during business hours.

4. It is important to maintain and rotate several tapes (two weeks’ worth, for example) and periodically take one out and save it. This enables data to be restored from any point in time (as long as there is a backup) without having to make up lost data manually.  Periodically test backup tapes by restoring some files to a temporary directory to make sure the backups are working. Keep backups in a fireproof safe or cabinet and take the most recent copy offsite in case the office is destroyed.

5. There are companies with multiple computer sites operating duplicate equipment and data for the sole purpose of an emergency backup system. These hot sites ensure a business’s critical operations can continue to function in the event the primary location becomes unusable.

6. If a disaster occurs, the action plan must address all variables.  Where will the business function if the principal location is not usable? How and where will the necessary equipment be obtained (computers, copiers, telephones, etc.)?  A disaster recovery plan should be updated on a regular basis to ensure appropriate timely measures will be implemented in a crisis. 

7. The plan, and a complete listing of all equipment and software, should be made available to your insurance carrier. 

8. Finally, make certain key individuals are aware of the disaster recovery plan and able to implement it if necessary. Develop practice drills to prepare staff if such a crisis occurs.

CONCLUSION

In 1906 the young banker Giannini, owner of the Bank of Italy, saw his buildings crumble along with the rest of San Francisco and watched the fire approaching which had already burned much of the City. At some risk, he retrieved his documents, records and cash from the ruins, removed them to a safe locale, buried them, and waited for the disaster to pass.

A week later, to the astonishment of the citizens (and his competitors) he was open in a shack for business, making loans from his coffers, helping the city to rebuild. His reputation was made forever as a brilliant businessman who looked ahead, who had prepared for catastrophe and had reopened  his business when others were still wondering how to recreate their documents. He later became the Bank of America.

When asked how he had recovered so quickly, he simply stated that business is risk and problems and the business that does not know that and prepare for that will not long be in business.

A lesson for all of us.