Marc Berthiaume

Don't Let Your Business Technology Catch You Off Guard

Just because your business is small doesn't mean that it should be at the mercy of technology. Whether technology is a strategic advantage for your company or your needs are technology dependent, your business can't afford not to be proactive when dealing with business technology issues.

Having a dedicated technology expert, Chief Information or Chief Technology Officer on staff is a luxury typically only afforded to large companies. Small business owners frequently have to relay on the advice of the people who install their software and profit when their systems are down, not business technology experts who can look at the big picture and offer preventative solutions before disaster strikes.

The U.S. Department of Labor estimates that over 40 percent of businesses never reopen following a disaster. Of the remaining companies, at least 25 percent will close within two years. It is imperative that business owners ask themselves, "Is my company prepared for disaster?"

Business disasters come in all shapes and sizes. It is important to remember that any event that disrupts your business can potentially lead to disaster. The computer equipment and information that is critical to your business is most vulnerable to disasters. You must take time to assess the potential risks to your company so that you are well prepared in advance of a disaster. Threats may include environmental disasters (floods, snowstorms, fire etc); equipment failure; security incidents and deliberate disruption. 

Developing a disaster recovery and business continuity plan is an important proactive step all business owners should take. To begin the process, business owners should ask themselves the following questions:

• Is my company prepared for a disaster?
• What are the risks that could disrupt my business and lead to disaster?
• Who declares a disaster?
• Who is in charge once a disaster is declared?
• Can information essential to running my company, such as staff, supplier and emergency contact information, insurance documents and copies of software be easily located?
• Is there a back-up copy of this information located off-site?

The answers to these questions will give you a jumping off point to begin the disaster recovery planning process. True to its name, this is an ongoing process that will need to be reviewed at regular intervals to ensure information is current and all potential risks are identified.

I look forward to answering your questions about business technology, disaster recovery and business continuity planning.

Marc Berthiaume founded MJB Technology Solutions, LLC to provide small and medium size businesses with the technology services that are typically only available in larger companies. By focusing on integrating people, technology and processes, MJB Technology Solutions works with clients to shift their thinking about Information Technology from a reactive, fire fighting approach to a proactive one that identifies and addresses issues before they negatively impact business.

Berthiaume has 25 years of business and technology experience in the financial services, manufacturing, hi-tech and construction industries. Marc's education, business acumen and technology expertise combine to ensure that clients make sound technology decisions that support their businesses.

Question:  Would you recommend including a disaster recovery and business continuity plan as part of the overall business plan or is the business best served if it is created as a separate document?

Answer:  Great question!  Business Plans are prepared for a myriad of purposes:  to obtain bank financing, to provide required information to angel investors, or for planning and projecting revenue, growth and associated costs.  Business Plans are most effective when treated as an actual living and breathing document reviewed and updated on a quarterly, semi-annual or annual basis. Business Plans are specific in purpose and typically do not address disaster planning and business continuity unless that is the nature of the business or if the group that has requested one to be prepared requires that business continuity and disaster planning is part of the document.

Disaster Recovery Planning, Business Recovery Planning and Business Continuity Planning are often used interchangeably, but require different levels of commitment of staff and resources by an organization.  Disaster Recovery Planning (DRP) includes the actions necessary to recover from a disaster, and includes steps to identify, avoid and mitigate risks or shift the risk to a 3rd party such as an insurance company.  DRP is applicable to all aspects of a business, but it is usually used in the context of IT Operations.  DR Plans are updated at least annually or as equipment changes and/or needs of an organization change substantially.

Business Recovery Planning (BRP) takes DRP one step further and includes the efforts required by the rest of the company's operations staff and typically includes provisions for restoring customer and supplier relations.  BRP plans are updated at least annually. Business Continuity Planning (BCP) includes planning on how a business will continue to function at a possibly reduced level during, and immediately after an emergency.

Whether an organization elects or is required to prepare a Business Plan, Disaster Plan, Recovery Plan or Continuity Plan it is imperative that the plans have Executive level support and the involvement of staff throughout the organization.  DRP, BRP and BCP must be tested at least annually to ensure that the plans are effective and that everyone understands their roles.  Testing should be documented and reviewed with changes made from lessons learned.  A documented, tested and well executed recovery plan may mean the difference between a business surviving or failing after a disaster.

QUESTION: What makes your services unique from larger companies that use a full-time CIO?

ANSWER: Our Virtual CIO services are similar to the role of Chief Information Officer (CIO) or Chief Technology Officer (CTO) typically found in medium to large organizations.  We provide these services for small and medium sized businesses that do not need a person full-time in this role on staff.  Larger companies with a full time CIO/CTO leverage these positions to ensure that the business strategy and technology strategy for an organization are in alignment. Their role is to look ahead, keep an eye on new technology and recommend solutions that address the needs of the business.  They use tools such as Total Cost of Ownership (TCO) and Return on Investment (ROI) to justify capital expenditures.  CIO's ensure that an organizations Disaster and Recovery Plans are maintained and tested and that an organization's technology policies and procedures are in place and effective.

What makes our services unique is that our Virtual CIO Services cost considerably less than a full time CIO/CTO and provide essentially the same services on a part time basis. Whether an organization has a staff of six or several hundred and they do not have someone on staff that operates in a technical strategic role, they can benefit from the services of a Virtual CIO provided by MJB.

QUESTION: Can you recommend any of the web-based computer hard-drive back-up solutions?  I use Vaultlogix which is very convenient (don't know it's even running) but it is expensive.  I know there are a lot of other less expensive services out there now but am leery of switching to something that is not highly recommended.

ANSWER: On-line backups or vaulting is an excellent solution for small and medium sized businesses.  There are dozens of choices that range from $50 per year for unlimited storage to several thousand dollars. The pricier solutions offer a storage device attached directly to your network that synchronizes with a storage device in a data center. This option gives you the ability to restore directly from the device or to restore over the Internet. Carbonite has a very affordable solution with unlimited data storage; Mozy Pro has a free offering with a 2 GB limit.  On the other end of the scale, Iron Mountain and SonicWall offer solutions with the network attached storage device.

When considering an on-line backup solution, net the benefits and cost savings against the cost of the solution.  Some of the items to include in the Return on Investment calculation include what would it cost to lose and have to recreate a document, how much time it takes to change the media and check the backup job each day, the cost of off-site tape storage, the cost of the backup tape and the cost of the tape drive.  There is another intangible cost to add - what is the cost to have peace of mind and know with relative confidence that your critical data is backed up and available in the case of an emergency? Magnetic tapes have a finite life.  Unfortunately most organizations do not realize that tapes are no longer functional until they have to recover a document.

Before choosing an on-line backup solution, remember the age old adage, "you get what you pay for".

QUESTION: Given the increasing prevalence of telecommuters has you come across any cost effective means of backing up remote workers data?

ANSWER:  There are several options available to protect remote workers' data. Depending on the frequency and method that the remote workstation/laptop connects to the company network, it might make sense to keep the files on the company's file server and synchronize to the remote workstation.  This will be effective if the connection is frequent and high speed.  Changes made on either end will synchronize on a predetermined schedule.  A VPN connection is recommended to ensure that the data file synchronization is secure.  If the connection to the company network is infrequent or made through a slow connection please see my previous answer regarding on-line backup solutions.