Government Issues and Politics
Insurance and Employee Benefits
Business and Economic Info
Human Resources and Safety
Education Policies and Practicies
Training and Consulting Services
Welcome to CBIA's Training and Consulting site!
Small Business Human Resources Workforce Development Your Questions Answered Success Stories

From CBIA News, March 2003

Computer disaster planning: Protecting your data and equipment

By Chris Amorosino

Free-lance writer in Unionville

How dependent is your business on your computer system? Could you survive if disaster struck and shut down your computers for a day? Or a week? Nationwide, thousands of businesses lose millions of dollars of computers and data every year to fire, power outages, theft, floods, viruses and other occurrences. If losing or not having access to your computers would severely affect your business, consider computer disaster planning as part of your overall business continuity plan.

Computer disaster planning should include the following steps, according to Chuck Lasky, business development director at Hartford-based IT Resources:

Document your hardware and software. Tour your office and document the computers (all types, from laptops to desktops to servers). For completeness, also note the rest of your office equipment — printers, copiers, scanners, and so on — so you have a total hardware inventory. Be sure all documentation includes the make, model number, serial number, warranty status and other details so that if the equipment is damaged or destroyed, you can quickly describe it and get it replaced or repaired.

Also document how your computers are networked. Review the office’s physical layout and consider whether the equipment is secure. For example, is a server exposed unnecessarily to heavy traffic or potentially harmful elements such as heat? Do you have a large network that should be in its own space with restricted access?

Lasky says most businesses with a sizable computer network store it in its own cubicle-sized room with emergency power, adequate ventilation, backup systems for temperature control, and limited employee access. “You want only people who need access to the equipment to have that access so people don’t do anything unintentionally or intentionally to harm the system,” he says.

Document your software applications and the version of each application you’re running, too. Include the operating system, business applications and office applications. For example, you might use the Windows XP operating system, have Quicken 2003 for your accounting needs, and use office applications such as PowerPoint 2000.

Note where software disks and CDs are stored so you can reinstall them easily.

Develop an emergency contact list. Who will you call if you have to replace a part or computer immediately? Who can best get you up and running again in case disaster strikes? Make a list. You’ll probably have several different vendors on your list. Include any account numbers along with full contact information (vendor company’s name, service rep’s name, phone numbers, pagers, after-business-hours contacting instructions, and so on). Also put your computer maintenance contact on this list.

Be sure your documentation contains how to contact each person any time, any day, anywhere, since disasters don’t keep regular business hours.

“If you’re not comfortable with your computer maintenance firm now, when everything’s running smoothly, you’ll probably be very unhappy with them if a catastrophe occurs,” Lasky says. “It’s best to have on call a firm you can trust to react quickly and with expertise. And have them on board before you really need them.”

Back up and store all data files off-site. Failing to back up applications data, or not backing them up frequently enough, may be the most grievous error most companies make. You know best how often your business files should be backed up. If your business would suffer great harm by losing a day’s worth of data, back up daily. If your applications data doesn’t change significantly over the course of a typical business day, weekly backups may make more sense. But Lasky believes it’s rare for any company to not require backing up data at least once a week.

Add the backup procedure to your documentation. If you back up with tapes, include the make and model of the tape and the backup software to your computer disaster plan document. Note where the backups are stored and who needs to be contacted to retrieve them.

It’s ideal to store your backup files off-site. If a fire, flood or other disaster makes your office inaccessible, you will still be able to stay in business by using the off-site files in a temporary office. Some small-business owners simply take their backup files home in a briefcase each evening. If you can’t store files off-site, keep them in a fireproof safe.

Proactively monitor your equipment and data. This step includes scheduling and monitoring your backups to make sure they’re being done, and done correctly. It means acting to protect your computers and equipment before anything happens. Surge-protect all computers and phone equipment. Keep updating your firewall protection, network security and operating system software. Install any patches (fixes) that the manufacturer makes available.

Install and update antivirus software on both your computers and your servers. “If you’re not updating your antivirus software every day, you’re vulnerable, because every day new viruses or worms are released,” Lasky says.

Develop recovery scenarios. Permanently losing your entire computer network demands a different course of action than replacing a broken hard drive in your file server. Think about the most likely disasters and develop the best strategy for handling each. Then plan the most effective way to get your business up and running efficiently in the least costly, most timely way.

Communicate and monitor the plan. Once your plan is complete, review it with any key employees who will be monitoring or implementing it. Lasky says it’s important to step away from authorship of the plan at this point and try to “poke holes in it.” Critically examine the document to make sure it will work and to add any improvements. Some companies run trial disasters to test their plans.
Have everyone responsible for any aspect of the plan keep a copy of the final revised version. Keep the plan on a secure Web site to assure that you can always get to a copy. You might also want to keep a copy of it off-site.

Lasky recommends reviewing the computer disaster plan at least twice a year. If you’ve bought new equipment, you’ll want to add it to the plan. If your backup procedure has changed, include the change. Always keep the plan updated.

“Remember, this isn’t just about equipment,” Lasky says. “It’s about making sure your business can survive if a catastrophe occurs.”

[back to top]