More than half of small and medium-sized businesses (SMBs) in North America do not have a disaster recovery plan despite being located in disaster prone locations, according to a recent survey released by software security firm Symantec.
Over 58 per cent of 299 SMB surveyed in August and September in Canada and the U.S. reported that they do not have a plan to deal with major disruptions. The companies surveyed had 10 to 99 employees. The study is part of a larger worldwide survey involving 1,425 SMBs in 17 countries. The company also released an earlier DR survey in June this year.
Misplaced optimism
“Despite understanding the security risks they face, a surprising number of SMBs are neglecting basic safeguards, says Kevin Murray, senior director, product marketing, Symantec.
He said 81 per cent of respondents in Canada and the U.S. indicated they are “somewhat to very satisfied” with existing DR plans why a further 82 per cent said their computer and technology systems are “somewhat to vey protected.”
Yet, when asked what their clients reactions would be should their systems fail two thirds (62 per cent) believed their customers would either “wait patiently until our systems were back in place” or “would call us to get what they could but wait patiently for the rest until the systems were back in place.”
“SMBs may be optimistic about their disaster preparedness but out study shows that optimism is misplaced,” said Murray.
Digging further, Symantec found that 77 per cent of the companies have facilities located in areas susceptible to natural disasters such as hurricanes, tornadoes and earthquakes. The security firm also said the average SMB experienced two outages within the past 12 months, with the leading causes being virus or hacker attacks, natural disasters and power outages. About 39 per cent of the outages lasted eight hours or more.
Many operations also fail in the core activity of data backup.
The average SMB backs up only 60 per cent of its company and customer data. Overwhelmingly these backups are done infrequently as well. Only one in five (20 per cent) back up on a daily basis and 48 per cent backup monthly or less frequently. And yet, 63 per cent of SMBs feel they would lose 40 per cent of their data if their computing system were wiped out in a fire.
Customer response
Failure to deploy adequate disaster protection has a negative effect on customer relations, according to Murray.
Two in five (39 per cent of SMB customers have actually switched vendors in the past because they “felt their vendor’s computers or technology system were unreliable.”
Twenty four per cent of customers surveyed said they have seen one or more SMB vendors shut down due to computer failure. Twelve per cent of customers reported losing important data because of their vendor suffered an outage.
Customers estimate these outages cost them around $16,000 per day on average. Fifty nine per cent of the customers reported that downtime damaged their perception of the SMB vendor.
Staffing problems and budgets are driving the SMB security gap, according to Murray.
Some 42 per cent of respondents do not have a dedicated IT staff – they either have one person managing all their computers or use a staff member who also has another job within the organization. SMBs also cited lack of security skills (44 per cent), lack of awareness of security threats (33 per cent) and lack of time (28 per cent) as chief barriers.
Many also cited insufficient budgets, said Murray. The median IT security budget among the group was just $4,500 a year.
Despite the sever lack of DR planning, Murray remains hopeful.
The Symantec survey found that 91 per cent of SMBs intend to create a DR plan within the next six months.
He has the following recommendations to SMBs looking to develop or improve existing DR plans:
10 DR tool kit essentials
1) Have a plan – A disaster recovery plan is critical in ensuring quick response and recover. The plan must include a step-by-step process of reaction that considers various issues that could occur during a disaster. The plan must be printed out and be accessible to employees as well as at the offsite DR war room. The plan must also be available to your IT consultant and solution providers. The plan must be updated on an ongoing basis.
2) Have a trusted partner – Nearly all of SMBs find it difficult to maintain a dedicated IT department. Enlist the help of a solutions provider to give you some DR help
3) Establish regular backup – One of the biggest mistakes of SMBs is to neglect nightly and weekly backups
4) Create a disaster recovery committee – Your DR committee should include the entire IT staff, executives responsible for IT, Human Resources and the appropriate business managers. The team should review the DR plan during executive meetings
5) Have a communications plan – Have a plan covering how to communicate necessary information to employees during a crisis. Have backup methods of communications
6) Deploy backup and recovery software – Backup software will ensure data is safely backed up. Recovery software will enable you to quickly restore complete systems and retrieve data
7) Have remote access capability – Your IT staff or IT consultants should have access to a Web-based console to manage servers and other assets remotely
8) Access to archive backup – Store archives and backups at an offsite location to keep them safe from on-site disasters. Have direct physical and Internet access to the data
9) Commitment to the plan – Make sure everyone is committed to following the DR plan
10) Test, test, test- In 2007 Forrester Research found that 50 per cent of companies test their DR plans just once a year while 14 per cent never test at all. DR plans should be frequently and regularly tested and revisited