Small businesses have a well-known constraint: they often lack the finances for an IT budget substantial enough to pay significant attention to information security. They are not exempt from the vulnerabilities and risks that large organizations face, so the challenge becomes how to mitigate the risk and assure business continuity in a prudent and effective way.
As an example, recently a company server suddenly restarted in the middle of work. It was the first time that had happened in more than two years. The next morning, the server wouldn’t boot up. After going through every possible troubleshooting suggestion with no success, the vendor’s technical support prescribed replacing the system board. However, the spare part wouldn’t be available for six days. The server would be down for at least five business days!
Did the company back up its files? Yes, every month or so. There were backups on tape, but that hadn’t been done recently. Some files had also been copied to DVDs. The situation was such that employees needed some critical files to attend to an ongoing project, and those files had not been backed up or saved elsewhere. Most of the resources required were on the server. The company lost money and staff hours in trying to get the server online and recreating some of the documents—and the dent on the corporate image was salvaged only through many apologies.
Staff eventually opted for an external drive to take care of system backups. The cost of acquiring additional hardware and carrying out backups was far less than the impact the disruption caused. Would another business survive for five days if the server went down? The cost of planning for and acting proactively against unseen and seemingly unlikely events is justified when you consider the potential loss in time, revenue, labor and goodwill. Here are some simple steps to help other small businesses avoid similar situations:
- Consider likely and remote events that could disrupt your business. Think about what you can do to reduce their effects while you keep your business running. Write these down and store them in a safe place. I would call this a seed business continuity plan.
- Put in the resources to follow through with your plan (e.g., purchase the hardware, make alternate power arrangements, or subscribe to a service if need be).
- Create and stick to a backup schedule for your information assets. Arrange for daily, weekly and monthly backups. Consider using an external hard drive or backup to a cloud service. Tape might not your best option.
- Keep copies of your data and documents at an alternate location. You should also consider a separate physical location entirely.
- Revise your plan and your activities regularly to ensure that your enterprise stays prepared against future loss or disruptions. Consult guidance such as ISACA’s Business Continuity Management audit program.
Adewumi Olatunji, CCNP, CCNA, MCP
Technical Officer, FAGOSI Systems Ltd, Nigeria
We welcome your comments! Please log in using the Sign In link at the top right of this page and then leave your comment in the box at the end of the post.
To view all blog posts, please click on the ISACA Now link in the blue box on the left.
View full post on ISACA Now: Posts
View full post on National Cyber Security
