Part I

In the Information Age, the most valuable asset to the average business is not so much what they do, but what they have.  The Digital Age has been responsible for the transformation of many things in society, but one of the biggest changes that companies have dealt with in the last 50 years is the importance of their intangible assets:  their data.  Securing data is not an easy thing, as there is far more to worry about than a simple address book.  Society has become so dependent on computing that nearly everything that is important to a business is now stored primarily in electronic format.  As such, the most important task for most companies centers around how they protect their data, and sadly, due to the intangible nature of what they have, many owners fail to see it.  The next few sections will deal with some of the most common data mistakes that businesses make.

One of the most critical pieces to the success and failure of any company is disaster recovery planning. Having a disaster recovery plan to protect data involves more than simply having the plan but also validating those plans.   Wikipedia notes that it estimated that most large companies spend between 2% and 4% of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data. Of companies that had a major loss of business data, 43% never reopen, 51% close within two years, and only 6% will survive long-term. This results in a majority of failed businesses. In a recent training class, I was informed that the statistics are even more startling.  If a company is unable to open its doors within 2 weeks of a disaster, there is a 60% chance it will be bankrupt within the next two years.  Other studies have shown that 80% of companies that lose their data will shut down within 18 months of the disaster regardless of whether they open within 2 weeks of the disaster (Richard Fitzhugh, Director of Business Continuity Expo).  The reason for these stark decisions is that most companies tend to perform business continuity planning (i.e. disaster recovery planning) only after a major disaster hits.  Some get lucky in that the disaster is small and simply reveals the need for planning.  Others are not so lucky.

Approximately five years ago, I had the privilege of working in the IT department of a large fortune 100 company.  During this time frame we had no real disaster recovery plan, and as luck would have it, our entire network was taken down by a worm that exploited a known vulnerability in Windows 2000 and Windows XP.  At that time, we were not performing consistent patch management, and our lack of disaster recovery planning cost the company approximately 3 days of production.  While this mistake did not kill the company or cause a loss in data, it did cost millions in productivity losses that are not so easy to quantify.  It also underscored our need to not only have a disaster recovery plan, but to test it.  Larger companies, are more capable of recovering from these types of mistakes (although they have other concerns that can be far more costly), but for smaller businesses, it is not so easy.  Small businesses typically do not have the luxury of being spread out across the globe, or even across their state.  Often times, small businesses have not invested in any sort of back-up solution or disaster recovery plan, and do not always take the time to train their staff on the importance of these safeguards.  Consequently, seemingly mundane, yet critically important tasks such as back-up tape rotation and off-site storage can fall to the side.    As such, without an appropriate disaster recovery plan in place, a small office fire can have huge implications beyond the physical damages and loss of life.

Click here to read PART 2