Disaster Recovery

03Sep08

With hurricanes hitting the US, and more on the way, this seems like a good time to talk about Disaster Recovery, and how it affects small businesses with very mobile employees.

First, the distinction needs to be made between disaster recovery (DR) and data backup.  DR is a full company solution, which involves not only data, but also communications, operations, client relationships, etc.  Backup is merely about data stored on computers.

It is also important to point out the a hurricane is not the only disaster to consider.  In addition to natural disasters, there are fires and floods within buildings, computer viruses, key personnel loss, crashed hard drives, etc.  Many of these scenarios are much more likely than a natural disaster, and need to be planned for all year.

A full disaster recovery plan involves:

  • data backup AND restoration
  • Internal communication – if we can’t get to the office, or have to evacuate, how do we get in touch with each other.
  • External communication – if we can’t get to the office, or have to evacuate, how do we get in touch with our clients and vendors, and how can they reach us.
  • Operations – how are we going to pay bills, send invoices, receive money, provide services, deliver products in the even of some disaster
  • Business continuity – who keeps confidential passwords, files, bank accounts, etc.

Data Backup and restoration

A small business with very mobile employees is going to have a good amount of data on laptops.  This is obviously great for mobility, but a DR nightmare.  This adds a whole new “disaster” to plan for – loss and theft of laptops.

Laptops with vital information should be encrypted.  This will make it extremely difficult for anyone other than the user to see data on the laptop.  An application like TrueCrypt will work fine.  Encryption does slow the performance, so only vital folders and files should be encrypted, rather than the whole hard drive.

Laptops also need to be backed up daily.  For small businesses, a service like Mozy will work fine.  It is very inexpensive, and the backup and restore processes are pretty easy.  The initial seed backup can take quite a while, depending on the amount of data to backup, and the speed of the Internet connection.

Other data to backup includes email, databases of clients and products, accounting files, and other necessary applications.  If email is hosted elsewhere, it should be getting backed up.  Check with the email host to make sure the email is being backed up.  If email is vital to your business, you need to make sure you are with an email service provider that is backing up, and will restore quickly.  Other applications and files that might be hosted on a server onsite need to be backed up regularly also.  Mozy will work for most of these files.  However, some types of files and applications, such as AS/400 need to be backed up to service providers who can handle these more robust applications.  Some of these include EVault and AmeriVault.  In addition, local IT service providers might have solutions.  These are more expensive, but you are paying for the level of service.  The seed backup will be faster, and the companies will work with you to get your data restored asap after a disaster.  If you are using a bookkeeping service that is hosting your accounting files, you need to make certain they are being backed up.

All backup should be done nightly at the very least, and should be offsite.  This way your data is going to a Tier 1 data center, which has redundant power, redundant Internet connection, and even more redundant backup.

Internal Communications

In the case that employees can’t make it to an office (or you don’t have an office), everyone needs to have access to vital phne numbers for communications.  One option is to have a DR website which is only visible internally in the event of a disaster.  This way home and personal mobile numbers are visible to employees only in the event of an emergency.

External Communications

You need to make sure vendors, clients, and prospects can get a hold of you during a disaster.  This can be done via email and/or phones.  If your email is hosted by a service provider, and they have a DR plan in place, your email should still be working.  Now you just have to get access to it.  You should be able to access your email from any Internet connected computer, not just your own.  If you use Hosted Exchange email, make sure everyone knows how to access Outlook Web Access to check their email.  If you use some other form of email, make sure everyone knows how to access their email via the web.  One overlooked part of accessing this email is passwords.  We usually have our computers remember our passwords, so we sometimes forget them.  Make sure everyone knows their passwords.

As for phones…if you have a phone system in the office, it might not be accessible during or after some disaster.  In this instance, a DR website would be a great tool also.  You can have contact information for vendors and clients that are trying to get a hold of you.  You can use this to release mobile phone numbers to be used only in this event.

If your phone system is hosted, all you have to do is make the phone calls forward to some other number, such as a mobile or home phone.  You probably already have this enabled.  Voice mail should also be accessible.

If you only use mobile phones, there really isn’t a problem.  Just make sure you have plenty of battery power, and possibly a spare battery.

Operations

How will you continue your operations?  That question is too difficult to answer here, as it will change for every company.  My recommendation is to diagram your processes for receiving bills, paying bills, sending invoices, receiving payments, servicing clients, shipping products, and support, and determine how these processes can be performed without the office, without the server, without all personnel.

Business Continuity

Like Operations, business continuity is a company-specific solution.  The main thing to keep in mind during some disaster, is that you might not have access to everyone.  Therefore, if there is some process that relies on a single person, efforts need to be made to address the fulfillment of that project by someone else.  An example might be writing checks, or completing payroll.

With some forethought, and a very good understanding of your own processes and business, a great disaster recovery plan can be created.  This will not only help you sleep better at night, but also give you some very good insight into the strength, or potential weak links, in your business.

Advertisements


No Responses Yet to “Disaster Recovery”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: