Planning should be done from the business rather than the IT "gear" perspective. What does this business need to operate? Where can we operate from? What data is critical to continued operation? The answers to these questions will assist the creation of a risk management and business continuity plan. The actions from which will deal specifically with what to do with IT systems and processes.
What non-negotiables are there for SMEs when making sure their systems are protected in times of an emergency?
For any business that uses IT systems, you must have a robust backup and recovery process in place. That is, all critical business data should be backed up daily to media that can and should be stored offsite in a secure location. The "recovery" portion of this process should also be tested. On a monthly basis a test-restore should be performed to prove the data on the media is intact and usable. The offsite storage is critical too. In the event of fire, flood, or another natural disaster preventing access to your building and systems, backups must be accessible from another location. Providers of backup media management and security like Online Security can even offer storage out-of-town.
What did Christchurch SMEs learn from the earthquake about what could go wrong with their company's systems?
In Christchurch, many businesses learnt the hard way just how critical their investment in IT was to the continued operation of their business. Business found themselves without access to their office or warehouse, without power, with no data either paper or electronic, and little surety or timeline for recovering it. Some lost all data which likely included the entire trading history of that business. Access to business premises was a massive problem as the entire CBD was closed off. For those managing daily backups as an essential part of their IT management, they found that they were less useful if located in the same room as the stranded equipment.
Businesses using specialist IT hosting firms such as vBridge were able to access their business IT systems from their new premises or home offices quickly and easily. This enabled them to be up and running in a short period of time, i many cases much faster than their competitors.
What do companies have to invest in to protect their data and customer information?
The key investment required to protect a business's IT systems is time. Time to understand the business and its requirements from IT. Time to put in place a plan that clearly identifies what to do in the event of a disaster. And time to make that IT environment resilient to disaster. As-a-service providers such as vBridge can provide entire hosting solutions that inherently reduce up to 80 per cent of the IT risk that businesses face and do so in a cost effective manner. This is becoming a popular first step for businesses keen to reduce their risk.
Is there special insurance for IT protection?
Outside of actual material damage and business interruption insurances, it should be considered that any investment in a dedicated disaster recovery solution is insurance itself.
What other industry issues emerged during the earthquake which people hadn't thought about?
Traditionally enacting the restoration of business data requires new hardware to be available and purchased. Lead time on hardware delivery and a business's ability to fund hardware outside of an insurance settlement can slow down an attempt to recover.
We successfully restored a number of walk-in businesses from their backup media, turning what was a traditional on-premises solution into a hosted solution immediately. This enabled those businesses to start trading again in a short period of time and additionally reduced their on-going risk from aftershocks. vBridge's Christchurch based datacentres experienced no outages throughout the entire earthquake and aftershock sequence.
In the event of a major disaster the majority of available human resources will be focussed on critical infrastructure (Hospitals, emergency services, critical utilities). Therefore planning and having a disaster recovery solution that can be enacted or partly enacted by employees and trusted business partners is essential.
