Half of SMBs not prepared for disaster

If a power outage should hit the city, or an ice storm similar to the one the one that covered Montreal in 1998 occur once more or if cyber terrorists strike against IT infrastructures, as much as half of small and medium businesses will not be prepared to deal with the disaster, according to a security software vendor Symantec.

In a report released by Symantec today, the anti-virus and end-point security company said as much as 50 per cent of SMBs worldwide do not have any disaster preparedness (DP) plan. While 36 per cent of respondents indicated they intend to create such a plan, 14 per cent admitted they have no intention of creating a disaster preparedness plan.

The Symantec 2011 SMB Disaster Preparedness Survey queried 1288 SMBs and 552 customers from various industries worldwide.

Related stories

The “boogedy-boo” approach to selling IT security

What SMBs can learn from WikiLeaks’ resilient network

Expedia.ca triggers ‘Oh S%#t Canada’ exercise to prepare for disaster

G20 Summit: Business data security in the ‘Zone’

The top reasons for critical downtime, according to Symantec are:

  • Cyber attacks
  • Power outages
  • Natural disasters

“The numbers tell us that majority of SMB operators do not view computer systems as integral to their business,” observed Bernard Laroche, senior director of SMB product marketing for Symantec.

“On the other hand, there are also operators who are just not aware that they should have a disaster preparedness plan,” he added.

According to the survey as many as 52 per cent of SMBs do not think computer systems are critical to business. Another 41 per cent of respondents said it never occurred to them that they needed a DP, 40 per cent said DPs were not a priority.

Nineteen per cent of respondents said they lacked skills and qualified personnel to formulate a DP and nine per cent said they did not have enough resources.

System survivability not top priority

Many of these SMBs focus on sales and business process but view IT as ancillary assets, according to Ian Zwirek, network systems manager for Quadra Chemicals, a Baudrevil-Dorion, Quebec-based chemical distributor. The company is an SMB that delivers chemicals to large businesses in the energy, heavy industry, food and pharma and paint industry.

“For a large number of small and even medium sized businesses computer and network systems are just not that critical,” Zwirek said.

Such organization may use computers or the Internet, he said, but these technologies are not essential to their business process. But despite this, any business operation must have a clear plan of how ensure that operations are not disrupted or stopped when disaster strikes.

For instance, he said, over the years Quadra’s operations has grown to include facilities in Burlington, Ont.; Calgary; Delta, B.C.; Calgary, Edmonton and Grand Prairie, Alta.; and Shanghai, China.

The company’s inventory, delivery and invoice data now rely on networked and automated systems to ensure that the right cargo is being delivered to the right location at the right time, he said.

“We can tolerate a downtime of four hours but we set system standards to enable us to be up and running within five minutes of an outage,” Zwirek said. “If we miss our window, we risk creating confusion among delivery personnel and possibly losing some order.”

Negative impact of downtime

A power outage, a crippling distributed denial or service (DDoS) attack or a natural disaster can take a heavy toll on a business, according to Laroche of Symantec.

He said that on average SMBs experience some sort of service disruption that last for one day at least six times a year.

A disruption could cost a business as much as $10,000 to $12,000 a day, Laroche said. “Many operations can only take four hours of downtime before they begin losing money.”

“As many as 54 per cent of customers we interviewed said they switched vendors or service providers because of vulnerability issues,” he added.

3 things to consider when creating a DP

Zwirek of Quadra said there SMBs that intend to develop a DP should consider three key points.

1. Determine your downtime tolerance. Make a thorough and honest of your businesses ability to tolerate downtime. Find out how long various aspects or departments of your operation can operate or serve customers during a disruption. Then develop a plan geared towards maintaining usual or acceptable levels of performance during a disruption, said Zwirek.”For some operation this could mean obtaining an additional server for others it could be a back-up laptop. The important thing is that your business is able to operate and survive the disaster,” he said.

2. With your current system, how long does it take you to get up and running after a disruption? Is this recovery time serving you and your customers well? You need to determine if recovery time needs to be boosted. Quadra uses a collection of UPS (uninterrupted power supply) units and back up generators to make sure that they hit their “five minute window”.

3. Back-up your data. Make sure you company data is backed up and protected sof that you don’t lose vital information in the event of an outage or attack. Also determine how far back you should back up your data.

When Zwirek joined Quadra 10 years ago, he found the company backed up data every two weeks. The data was stored on tapes that were taken home by the assigned personnel.

The system was not secure he said. “For one the tapes could be left in the worker’s vehicle and could be stolen damaged by extreme heat or cold. The worker is also not always available should there be an emergency.”

Quadra has since switched to a network attached storage (NAS) system that stores data in an offsite location but ensures that information can always be accessed or retrieved via Internet.

The company has also lengthened the back up duration to a 30-day period to ensure that enough data is backed up.

Related story –Data diet — five steps to trimming down your storage

However, budget constrained SMBs need not break the bank in order to protect their data, according to Zwirek.

For instance, there are numerous software-as-a-service or Internet-based toolsthat help companies store and protect data.

Google, Microsoft’s Azure and Amazon, offer some low-cost alternatives said Zwireck.

“You can scale your data storage and recovery system up or down according to the size of your operation,” he said.

Share on LinkedIn Share with Google+