While the maxim that those who cannot remember the past are condemned to repeat it was uttered long before the rise of the high-tech sector, two speakers at Business Security World + eBusiness World 2002 said it is equally true today.
Gary Mohr, the director of the Canadian Centre for Emergency Preparedness, told an audience of IT professionals that while the events of Sept. 11 changed the face of disaster management in North America, there is still some questions as to whether anything was actually learned.
While the scale of the damage was record setting, the attacks — and the damaged inflicted — themselves were nothing new. Mohr cited the Oklahoma City Bombing and the previous World Trade Center bombing as examples as well as natural disasters. He said companies have contingency plans to varying degrees of preparedness to deal with such situations, but they are for the most part inadequate and untested. Most companies, he said, plan to use cellular phones if land line service is interrupted. In the case of a widespread disaster, however, he said the cellular network will become overloaded, making communication difficult if not impossible.
Another example was restoring system data. Again, Mohr said most companies do regular backups and have some kind of restoration plan, but its effectiveness at a time of crisis is unknown.
“”When was the last time you did a full system restore, and was it successful?”” he asked the audience. He also asked if anyone has tried a full system restore off site.
Getting your data up and running is only part of the equation. Mohr said business continuity must be restored as well. “”Where do your application people go? If someone calls your company are they going to get, “”Sorry this number is no longer in service,”” or have you made arrangements to re-route your lines?”” Mohr said.
While it’s a delicate topic, Mohr said few companies ever plan for the deaths of a significant number of employees.
“”In reality, after an initial flurry of concern about all aspect of disaster management, senior management is becoming complacent again. In the weeks after Sept. 11 we were getting calls from all over,”” Mohr said, “”but complacency is setting in again.””
Former RCMP commissioner and current president of KPMG Forensic Norm Inkster agreed with Mohr’s assessment calling complacency “”our biggest enemy.””
Mohr said financial institutions, IT organizations and enterprises are in the best shape to deal with a disaster and called the readiness of small and medium-size businesses “”abysmal.””
As a final tip, Mohr said no detail becomes too small when construction your contingency blueprint, and used World Trade Center businesses as an example.
“”Nobody had documented passwords. They went to put in application software, (but) they didn’t have the licence codes to reactivate the applications,”” he said.