A BUSINESS continuity plan is like life insurance. You hope you never have to use it, but if you do, it's invaluable. For small or mid-market enterprises, the stakes at risk could well be the entire outfit. We say, don't tempt fate. Smaller companies tend to avoid planning for disaster. It's human nature. But stop and think about what it would cost your small or mid-size business to be without power or IT systems for 24 hours.
Yes, it makes good business sense to plan for the worst. And to keep your business up and running if disaster strikes, you need to avoid the following common mistakes.
1. Put it off until tomorrow
With the amount of day-to-day 'fire-fighting' that most growing businesses do, it's easy to procrastinate on 'less urgent' projects like disaster recovery and security planning.
A recent study by IBM of more than 1,200 mid-size companies confirms this. Almost 70 per cent said IT disaster recovery capabilities are essential, but less than 25 per cent are confident that what they have today is complete.
The good news is that today's affordable and feature- rich software, server and storage technologies mean that businesses can start small, establish a base level of disaster recovery, and build on it over time.
2. Only big companies can afford it
Not true. Business continuity planning is not a luxury that only mega-businesses can afford. Without any business continuity structure in place, a small or mid-size business risks losing revenue it really can't afford to lose. One area often overlooked is continuous data access. Without it you can't serve your customers or partners.
Backup storage at your primary place of business is a good place to start. But if there's a power outage, you can still ensure continuous availability as long as you have replicated information in an off-site location, ideally far away from where you do business. Today's new hosting models and cost-effective off-site backup and recovery systems mean peace of mind is available for companies of any size.
3. It's an IT problem
Protecting your data and getting your systems on line again is crucial. But don't forget about the people who use those systems. If a tornado strikes or a blackout shuts down the city, employees need to know what to do.
Make sure your plans address employee communications, working remotely and prioritising the employees that need access to your core business systems first.
4. Plan only for natural disasters
People often picture big, headline-making events like floods or hurricanes when they think of disaster recovery. But a complete business continuity plan also anticipates malicious disasters and productivity killers like spam, computer viruses or data theft.
A regional manufacturer found itself inundated with spam and e-mail viruses that took each employee an average of 20 minutes a day to remove. With only minor modifications to its e-mail servers and firewalls, the manufacturer took advantage of an e-mail filtering solution hosted off-site.
Now spam and virus e-mail no longer reach the company's network, giving the company back an estimated 2,500 hours of labour per year.
5. You have to do it yourself
Only if you want to. You can start by carrying out a basic risk assessment and appointing an employee to write a simple, common sense policy. However, if you find the whole subject too overwhelming or time-consuming, get help.
Bring in a local service provider such as your IBM business partner to help you develop and implement a plan and any processes or IT capabilities you need.
Stop for a minute and think about how your business would fare in a disaster. At IBM General Business, we can't emphasise enough that you should be prepared, not sorry.
Nicholas Tan is general manager of IBM Singapore's general business division.
This article was first published in The Business Times on January 06, 2009.
