Small Biz Puts Protection Before Continuity In Survey

Despite a recent history that includes terrorist attacks on American soil, the resulting war against terror, and a flurry of virus activity, most small businesses aren't concerned enough to develop specific plans to keep their businesses up and running in the event of a disaster. However, they do recognize the need to protect their data and computer systems from natural disaster and hacker attacks.

A survey of 237 small business conducted by Small Business Pipeline in April found that 73% have no written plan that defines a strategy for responding to disaster. Of the 27% that do have such a plan, about 80% actually review the plan on an annual basis with their employees.

Six of 10 have done no formal quantification of how much it would cost their business if it was interrupted for any extended period of time. Of that small percentage that have performed this financial analysis, 56% say they'd lose less than $10,000 per day. That result is perhaps not too surprising, given that more than half of the survey respondents have less than 10 employees. Another 27% have less than 50 employees and 16% have less than 100.

In a somewhat contradictory finding, the highest number of respondents, 35%, ranked disaster recovery as about equally important as other business functions such as customer service, technology operations, finance and accounting, and so on. A full 34% said disaster recovery is more important while 31% said it's less important. Despite these findings, there's no apparent sense or urgency to plan for disaster.

There was some good news: 56% of survey respondents do have a defined sequence of steps to be followed if their physical location becomes unavailable.Z Technology, a manufacturer of test and measurement equipment for the radio and television broadcast industry, appears to be fairly typical of the survey respondents. The 10-person company has no formal disaster-recovery plan, operations manager Dan Nicholas said. "I don't think it's ever been thought about a whole lot," Nicholas added. "It's not a conscious decision to not have one."

However, the survey found a strong, clear emphasis on data and systems protection among small businesses. Those businesses are acutely aware of the threat posed by viruses, hackers and system incursions. Of the 237 survey respondents, 88 or 37% say technology-driven threats "viruses, hackers, security breaches" pose the greatest danger that could interrupt the functioning of their business.

Other threats identified as the biggest concerns included disasters such as fires or explosions, selected by 27% of respondents; natural disasters such as weather and earthquakes, 26%; theft or loss of intellectual property, 7%; and other areas such as terrorism and a national emergency, 3%

FMSI Actuarial Concepts and Systems Inc. is indicative of the focus on protecting data and systems among small business. The Deerfield, Ill., company's three employees hold themselves accountable for backing up data from their workstations on a regular basis. Data gets backed up to two separate Web-based systems maintained by different outsourcing firms for an additional layer of protection. "If one is down, the other is not down at the same time," explains Gerry Kopelman, a partner.

While these backup procedures aren't explicitly defined, they are a part of the company's way of doing business. "There are no formal policies. It's just become our habit to do that. It's common sense," Kopelman says.Like FMSI, respondents to the Small Business Pipeline survey appear well-prepared to deal with threats that could impact their corporate data. Three quarters of respondents say they have a specific medium or plan for protecting data in the event of a business or technology interruption. In a related finding, 62% of respondents say they have defined policies to secure the data on individual employees' computers.

Asked to identify their primary means of protecting data, 43% said they back up data to an off-site facility they own or manage; 28% said they back up data to servers or systems in the same office as primary systems; 20% said they back up data to a third-party facility, and 9% use another means.

Asked to rank technologies that are most important in preventing business interruptions, the most respondents 40%, selected network security products such as firewalls. Another 34% selected data backup and management.