A Small Business Disaster Survival Guide: Avoiding the Five Most Common Business Continuity Mistakes
By: Stacy Griggs, Vice President – Sales Engineering and Cloud Enablement, Cbeyond
The natural anomaly that became Superstorm Sandy in October 2012 left behind more than $70 billion in damages in New York and New Jersey alone. In its wake, small business owners and employees faced (and in some cases, continue to face) challenges picking up where they left off, ranging from communication, transportation and electricity disruption, to – in the worst cases – recovering physical equipment and records scattered by the storm.
Sandy follows a 2011 that, according to Discover magazine, saw at least 10 major weather disasters strike the U.S. alone, resulting in more than $45 billion of destruction. What these recent events reinforced is just how vulnerable small businesses are in the face of disaster.
Would your business know how to secure critical data and resume operations should another Sandy take place? Think about what is at risk without foresight – years of tax records, confidential employee information (including Social Security numbers), customer contracts and records…and that’s just a start.
In 2008, an eight-person Miami law firm was forced to close its doors after a decade of operations following Hurricane Ike. Everything the business had was destroyed and irretrievable. Although natural events are difficult to forecast, the firm’s owner could have taken some relatively easy, inexpensive precautions to safeguard critical records and applications in case an unforeseen natural disaster like Ike happened.
As the small business community plans for 2013, the beginning of the year is a great time for owners and employees to evaluate and refine their disaster recovery plans, or build a first-time strategy should none exist.
For those businesses just getting started on continuity plans, and as a refresher to help teams solidify their current strategies, here are the five most common mistakes businesses make around their continuity plans, and the fundamental steps you can take now to ensure continuous, secure operations should a disaster occur.
Mistake #1 – “I don’t need to invest time or resources on disaster planning – that will never happen to me”
Understandably, the businesses that encounter the most trouble following a significant event are those of the “not here, not me” mentality. According to Cbeyond’s Winter 2012 Business Leader Snapshot™ Survey, only 63 percent of SMBs have a business continuity plan in place.
How many businesses in particular now wish they had viewed a disaster recovery plan as “better to have it and not need it, than need it and not have it?”
A basic continuity plan begins with evaluating your technology and operating systems, defining your most mission-critical data and applications, and determining what steps are necessary to protect them. Next, identify a chain of communication should the physical office become unavailable, and what would be required to contact essential stakeholders and workers. More specific steps on how to address these areas are listed below, but getting your team thinking about these topics will identify high-level operational gaps.
Business continuity planning also includes ensuring day-to-day cyber services, such as anti-virus software and firewall protection, are up to date in order to guard against the very latest network threats. Teams that assume, rather than ensure, their software updates automatically are more likely to spend days cleaning out viruses or recapturing lost data – Cbeyond’s survey found that nearly one-third of small businesses battled cyber-security issues or breaches within the last year alone.
Disaster threats take different shapes over time, and your original plans may not be applicable or strong enough to withstand new challenges. Set a schedule now with your team to revisit and update your plans periodically, perhaps on a quarterly schedule, to determine areas to improve, new technologies to plan for and, in the worst cases, lessons learned from recent disasters.
Mistake #2 – “Our data is backed up on-premise, and thus secure”
The biggest disaster recovery threat businesses face may be the one under a lock and key in a storage room.
Amazingly, Cbeyond’s Business Leader Snapshot found that more than half of SMBs still back up data only on-site, with another 28 percent using a combination of on- and off-site services. However, backing up files on-premise, and on a pre-defined, regular interval, exposes your business to elevated risk and data loss should a flood, fire or theft occur.
It is crucial for small businesses to have a secure backup solution in place to enable off-site data storage. This way, critical information can be recovered and accessed online – through secure authentication and passwords of course! Had the Miami firm stored its files in a hosted data-center before Ike struck, its employees could have accessed, saved and reinstated data with minimal interruption.
While not as secure an option as the cloud, where data is backed up off-site, businesses should also duplicate as much information as possible from paper files onto a hard drive or NAS device, and store it remotely. In the rare instance that a cloud outage also occurs while regular operations are interrupted, businesses can still load these files to an off-site network and continue working.
Mistake #3 – “Storing information in the cloud is expensive, and will confuse my team”
Among off-site data storage strategies, transitioning information and processes to the cloud has emerged as a popular avenue for businesses of all sizes. As the cloud becomes more the norm than an exception, more business owners are relieved of the double burden of complex cost and cumbersome usage that prevented them from taking these steps – in fact, most teams may be using cloud processes to access email and manage documents without even knowing they are “cloud processes”.
Should an event occur that keeps employees from a physical office, they can access data and continue operations from the cloud, regardless of their location. Teams can also rest assured that their information will be secure in the cloud, as typical cloud facilities are surrounded by hardened infrastructures and intense levels of human and cyber protection.
Chances are, the businesses that best transitioned following Sandy are those that properly established, and then leveraged, the cloud as an impromptu resource center.
Mistake #4 – “My network is strong enough to withstand anything”
Both natural and man-made incidents have the potential to disrupt connectivity within a physical office. With internet and phone service necessities for business communication, teams must prepare alternate plans or transition to new IT environments to restore their network quickly and securely.
To do so, businesses should evaluate which redundant network connectivity services would be the best match for their day-to-day operations. Also, consider installing a wireless backup system to get the network running again should your normal lines become disrupted.
If your team is debating, or already in the process of, moving data to the cloud, you should also evaluate connecting your piece of the cloud to a secure, private network to provide even tighter security and easier access to your unique processes and applications.
Unpredictable issues with power failure and faulty battery backup can also prompt small businesses to seek a more robust and dependable data center solution.
“It took just a couple of days to move our own racks into a business-class data center which provided guaranteed network connectivity,” said Carl West, vice president of Managed Technology Solutions with LeapFrog Interactive (LFI), a digital agency with offices in Louisville, Boston and Cincinnati..
Mistake #5 – “There’s no way we’ll go silent should something happen”
While advancements in smart phone and tablet technology have enhanced how employees communicate on- and off-site, and made workers more “disaster-ready,” business leaders should not automatically assume that every employee is remotely connected.
Team leaders should build and evaluate employee capabilities against a “communication checklist” – this list ranges from the highly technical, such as ensuring all teammates can access email remotely (either on their computers or smart phones) and forward their office numbers to cell or home phones, to secretarial action items, such as ensuring a list of employee and colleague phone numbers and email addresses is updated and stored either in the cloud or another off-site location.
Communication is essential to working through a catastrophic event, and businesses should double-check now that they are able to stay in touch and contact necessary parties both in and outside the physical office.
It follows that companies on the front lines of responding to natural disasters need to be proactive about business continuity in particular. Communities, businesses and families rely on these companies to rebuild their lives and livelihoods after havoc caused wildfires, mudslides, floods, hurricanes, tornadoes, and other suspected outcomes of global warming, to name a few.
One such company is ServusXchange, which created MyOnlineToolbox.com, an Internet-based contractor software platform that connects almost 3,000 contractors, subcontractors, suppliers and homeowners.
Users rely on this cloud-based platform to organize the daily operations of their business: maintain a contact database, schedule work, create estimates and invoices, as well as track payments.
“I wanted to be proactive and protect myself in advance. With an Internet-based solution I never have to worry that certain things don’t work. I go to bed at night knowing I don’t have to think about outages and so forth because I have the confidence that the Cbeyond team is dealing with any issues, regardless of the specifics,” said Brian Javeline, president and CEO of ServusXchange, which has fewer than 10 employees.
“Our slogan is “Your business goes with you, no matter where you are!’ and we mean it,” he continued. “My entire customer base of roofers, painters and plumbers across all 50 states is mobile itself. Their business is perfect for internet-based computing and since our users rely on workstations accessing the Internet, portable PCs and tablets, I can’t afford to not be up and running 24/7.”
While a disruption at the magnitude of Superstorm Sandy is a rarity, it is inevitable that your business will at some point in time face an unpredictable event – whether natural or man-made – that impedes your traditional workflow.
Planning for such events does not have to be an elaborate process, as we all understand how valuable time and resources are to small businesses. However, those that leverage the latest technologies and strategies to protect their most vital assets, and learn from the mistakes of others, will be best prepared to resume operations should that time come.
Stacy Griggs serves as vice president of Sales Engineering and Cloud Enablement at Cbeyond. Cbeyond, a cloud and communications service provider, is the technology ally for small and mid-sized business. Stacy joined Cbeyond in 2010 as part of the acquisition of MaximumASP, where he was vice president of Sales and Marketing. Prior to MaximumASP, he held a series of positions at Hosting.com, including Chief Sales Officer, Chief Service Officer and General Manager. He can be reached by phone at (502)-213-7738 or by email at firstname.lastname@example.org. For more information, visit www.cbeyond.com.