NEW YORK — The small and medium business market is risky enough that owners can’t afford to leave their IT systems unprotected, according to the founder and president of a Wall Street financial services company.
Donna Childs, who launched Childs Capital, spoke to a group of international
journalists during a panel discussion at the recent launch of Hewlett-Packard Co.’s portfolio of business protection solutions aimed at SMBs on Thursday. An additional roster of offerings designed specifically for Canadian SMBs was also announced.
It’s not simply that the integrity of computer systems can be compromised. SMBs have to consider the possibility of system and data loss as “collateral damage” in the event of fire, flood or other disaster, said William Raisch, executive director of the International Centre for Enterprise Preparedness and advisor to the 9/11 commission.
Raisch said SMBs should take an “all-hazards” approach to business protection. “Look at the cumulative risk” of system exploits and disaster impact, he said.
According to Andy Bose, CEO of consulting firm AMI-Partners, North American SMBs are significantly less concerned about system and data loss than their counterparts in Western Europe. A quarter of SMBs feel they’re too small to be affected by virus attacks and intrusions, and a similar number are considered Tier 4 in terms of system protection, with no network or antivirus protection.
HP breaks down its business protection strategy into three elements: security protection against viruses and other exploits, data protection to capture and recover data and business-critical availability.
Childs’ office was located in the World Trade Centre when hijackers flew two jetliners into the buildings on Sept. 11, 2001. Technology is critical to her business – “I use technology like I use a toothbrush,” she said – so business continuity is front and centre in her preparedness plan, which is reviewed quarterly. Priority No. 1 is the ability to work remotely, she said.
Different businesses have different priorities, though.
Charles Ostrowski is director of information technology at Weston, Benshoof, Rochefort, Rubalcava & MacCuish LLP, an L.A. law firm. E-mail has become the priority for the firm; in the event of a system failure, “they have to be able to access that immediately,” he said. Restoring documents is second on the list, and the entire system has to be up and running again within a couple of days.
Panelists were unanimous that every SMB would experience some kind of system disruption, though under repeated questioning, they couldn’t attach specific numbers to various risks, except that of network attacks (13.6 per office per day, according to panelist Stefan Osthaus, senior marketing director for consumer and small business for Symantec in Europe).
With a less robust technology infrastructure, SMBs can be vulnerable to small-scale catastrophes that don’t make the evening news, but are still crises for the business, Raisch said.
Co-op Atlantic had just such a catastrophe. The Moncton-based wholesaler, with about $500 million in annual revenue, supplies food and agricultural products to 135 member stores located in Atlantic Canada and Quebec’s Magdalen Islands, as well as some resorts in the Caribbean.
Co-op’s storage was built on a RAID array of nine 18GB drives. A RAID 5 system, one drive was designated as a failover. One of the drives failed, and the failover drive took over seamlessly. But before the burned-out unit could be replaced, a second drive failed.
“That blew the whole redundancy thing out the window,” Bernard Savoie, manager of computer operations and telecommunication, said in a telephone interview. Co-op managed to recover the data, but the back-end of the business and about a third of Co-op’s 600 employees were idled for almost 18 hours. “We weren’t able to process an order” – pick, pack and inventory functions were down.
“Everybody that we’ve talked to said those things really don’t happen,” Savoie said. “Murphy was everpresent with us that day.”
Co-op has since installed a RAID with hot spares that swap in automatically when another drive fails as part of a data protection package.
Childs said that SMBs that put off data protection investments for cost reasons are missing the point. After 9/11, her company faced a spike in insurance rates. But by demonstrating what she spent on infrastructure and business protection planning, she was able to cut the new rate by 30 per cent – an immediate return on investment.