Simple Ways To Protect Against Disasters

Chances are, you've watched video and seen photos of last year's disasters and thanked your deity of choice that it couldn't happen to you. A tsunami is probably never going to reach Denver or Phoenix, and a hurricane probably won't strike Chicago or Boise. But that doesn't mean that a disaster isn't lying in wait for you, and it doesn't mean that you can't do something to protect yourself and your business against an event that would shut your doors forever.

An event that can cost you your business doesn't need to be of Biblical proportions. It just needs to destroy the information that it takes to run your business or to keep your affairs in order. In other words, for you, a disaster can be something as simple as a power outage, a fire or a virus attack. The extent of the problem matters some " there's less of a problem if the power company restores your electrical service the same day than there is if your entire portion of the continent is dark " but ultimately, even if you're out for a couple of days, you can always come back if you have your data and a way to use it to serve your customers.

To do both of these things, you need to take a few easy, reasonably inexpensive, steps. But first you need to think things out. Companies that bounce back from unexpected events almost always have had a plan, and they've tested that plan to make sure it works. Here are some steps:

- Have a plan. Before you do anything, think about what you have to protect. What is it that your company does, and what information does your company need to stay in business? Depending on your company, this could include documents and e-mail, accounting records, customer lists, even engineering drawings and supplier records. Once you've figured out which information is vital to your business, make sure you know what form it's in. Is everything saved on a hard disk somewhere? Do you know where? If you don't, find out.- Take steps that don't require much planning. For example, keep a fire extinguisher in your office " not just somewhere in the building, but in the office. Make sure every computer has an uninterruptible power supply, and where possible, make sure that your UPS can communicate with its attached computer so that it will shut it down gracefully if you lose power. Make sure you use passwords on your computers, have locks on your doors, and if you're protecting a business, that your security system is operating and monitored " some disasters are man-made.

- Practice good security all the time. Make sure that you keep your anti-virus, anti-spyware and anti-spam software up and running and up to date, and make sure you have and use a firewall. Some man-made disasters are delivered electronically rather than in person.

- Protect your data. Find a way to perform routine backups. Yes, it's a pain, but if you think carefully about your office routine, you can find ways to fit it in. For example, if most of your company or personal information is on a PC, back up the computer regularly. And do it in a way that's not obtrusive. For example, a few months ago I discovered V-Com's AutoSave, a product that performs continuous real-time backups to another drive, in my case, a network drive. I also use Norton's Ghost to do nightly backups to a second hard disk in my computer. Both of these products operate completely in the background, so I never have to think about it. There are plenty of other automated solutions, and it doesn't matter which you use, as long as you use something. Incidentally, hard disk prices have dropped to the point that backing up to one can be safe and fast, as well as inexpensive.

- Find somewhere other than your office to store your backups, at least weekly. Chances are, you have to run to your bank at least weekly. Get a safe deposit box and drop a weekly copy of your backup tape, DVD or removable hard disk there. It's no problem to just swap one removable hard disk or tape for the one that's already there. But at least that way, if there's a fire in your office, your data won't be lost. Yes, it's true that bank vaults can be breached by disasters or their contents ruined, but those cases are rare.

- Figure out how you will keep operating if your office is destroyed or damaged beyond immediate use. You will need a place to relocate your business if something happens to your existing location, even if it's simply made inaccessible but not actually damaged. To a great extent, this will depend on what kind of business you run, and how many people you have. If it's a small office with just a few people, perhaps you can store copies of records at the home of a trusted employee or in a secure storage facility. If you run a larger business, you will need to scout out companies that rent temporary office space in your area, and make an arrangement with them so that you can support a quick move. And you may want to talk to a company that specializes in business continuity, such as Sungard, which can support any level of business continuity you wish for companies of any size. Services provided by companies like Sungard aren't cheap, but they're not unreasonable, and this choice is vastly better than losing your company.- Finally, practice your plan. Pick a day, assemble your rental computers at your recovery site, assemble your employees there, too. Then get your backups out of the bank vault and try to restore your business and see how well you do. Keep a detailed log of what goes wrong (something always goes wrong) and find ways to fix those problems. Then practice it again. Yes, these exercises will be inconvenient, and they will cost money in overtime, but the money will be well spent, because your other choice is to find out whether your plan works the hard way " by actually having to deal with a disaster in real time. And that choice might not lead to success.

In the long run, of course, that's the choice you're making. Would you rather spend the money now to ensure that your business will keep operating, or would you rather just go under even for something minor like a power outage or a fire? Of course, no disaster is minor for the people to whom it is happening, but that's exactly the point. Some of the most basic protections are very inexpensive and take little effort, but in the long run they can save your business.

Wayne Rash is a writer based near Washington, DC. He was one of the first to create secure networks for the military and for other government organizations, and he has written about security for over twenty years. You can reach him at [email protected]. Contact the editor of Security Pipeline at [email protected].