Business interruptions -what is the best way to avoid them?

To a small and medium business and not for profit organisation, (SME / SMB) an interruption to the business at hand can have drastic effects on a number of levels.

Interruptions can come in many forms but really there are two basic types.   There are the man-made interruptions and they range from a virus infection on a single computer through to the total loss of power to the area through an accident and then there is the natural disaster type.

So what can a SME / SMB do to protect themselves from this sort of problem.   There is no magic bullet that is going to totally protect all businesses all of the time.   There is, however, a process of risk analysis that can be applied that will take all problems into consideration and come up with a level of protection for an SME that can protect against most things.

This is a list of four things that can be used in your risk analysis to ensure that your business will not be one of the first to go down in an outage.

1. Disaster recovery plan (DR) – the number of SME / SMB organisations that do not have some type of a disaster recovery plan is alarming.   A DR plan focuses on what will you do in the event of a disaster.  It includes who to call, who will make decisions and what the business will do in the event of a disaster.

2. Business continuity plan (BC) – this is the next step up from a DR plan.   This actually maps out what is vital for the business, what systems need to be up and running ASAP and how this process will be achieved.  it also documents how it will be achieved and what critical components will be available at what time.   The BC combined with a DR and a good backup system will keep your business available as long as possible.

3.  System backup – no matter what if you do not have some level of data backup your business could be out of business in a very short time.    A backup will allow a SME / SMB to recover and restore data in the event of a physical problem – hard drive failure or loss of a computer, but it will also help in the problems associated with a virus infection.   There are a number of ways to protect yourself, they are system restore, full or partial backup to an onside location and a backup to an offsite location including an Internet or cloud based backup system.   The backup needs to be able to restore from the last backup but it also needs to be able to restore to a point in time or to a single piece of data.

4. Uninterruptible power supply (UPS) – all of your critical systems should be on some level of battery support.   This has two functions.   One is it keeps critical systems running when the power fails and can keep it going till the power comes back on.   The second is that if the power does not come back on it starts to shut down the critical systems, gracefully.   There is nothing worse for a server than to have the power turned off with no chance of data recovery.   In the event of just being turned off there is a chance of data loss and also corruption.

As an added extra and one better that a UPS, invest in an external Generator.   When the power goes off and you need 24/7 business capability then this is the only way to go.   The power goes off, the UPS kicks in and the generator starts.  This is the best of all worlds for business who have their own web servers, payment gateways and business who need full access to the Internet.

So keeping your business available has to have a plan and this can be achieved with a little thought and working out the business risks and how you are going to mitigate against them.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.