It Wasn’t a Tornado or an Earthquake; it was an Email. Managing the growing risk of critical data loss.

With spring upon us, summer just a few weeks away, and a new season of severe weather swirling into motion, now is the perfect time for a business to consider what a natural catastrophe such as a tornado or flood would do to its operation.

Oh, and emails too! It is hard to fathom mentioning “malicious emails” as one of the catastrophes to consider when designing a Disaster Recovery Plan, but it is the truth.

It doesn’t have to be an F5 Tornado or the Flood of ‘93 to be considered a major disaster anymore. Businesses can officially include “malicious emails” that show up disguised from “grandma” as one of the top threats on the list. With the growing number of computer viruses, as well as the number of cases where data has been damaged as a result of unauthorized access, never before has a company’s health been so at risk.

For example, on June 14th, 1999, eBay executives, employees, traders, investors, the media, and the world watched as eBay stock value plummeted by $4 billion dollars. The devaluation occurred because of an all-day (22-hour) outage on its auction site. Executives at eBay estimated that the impact included a drop of $3 to $5 million in sales. Every hour that eBay was down resulted in an estimated $200,000 in lost sales.

In December of 2002 five Wall Street brokerages, including Morgan Stanley, Goldman Sachs and Salomon Smith Barney Holdings Inc., agreed to pay a total of $8.25 million in fines for improperly storing e-mail during a three-year period. While some firms relied on employees to preserve copies of the e-mail communications on the hard drives of their individual computers, there were no systems in place to ensure that employees did so. The failure to comply in at least four of the brokerages was the result of not being able to retrieve the data they thought they had backed up -- not because it hadn't been stored but because they didn’t have a good backup.

Not all businesses will have quite the same exposure as the eBay example or the brokerage firms, but the level of risk is growing each day whether businesses like it or not. With each day that goes by organizations are becoming more dependant on technology and more vulnerable to disasters, law suits and events that can take down the organization for weeks at a time. The protection of critical data stored on personal computers, laptops and remote servers has never been more important. Ask any professional if they would rather be without their phone service for a week or their email and the dependence on technology will be evident.

Is it time for a checkup

Data is becoming increasingly more valuable and exponentially more vulnerable. A businesses effort to protect these assets should grow at the same rate as its vulnerability. This combination can become dangerous very quickly. What used to be calculated by paper and pen is now being processed online. With every new software program bought, new critical data is produced and one more element of day to day business is being left to the mercy of that cylinder called “the hard drive”.

Data is becoming more vulnerable. In one quick swoop an entire system can be wiped out from an employee opening a single attachment from a family member. Even the best anti-virus software can’t protect a business from opening the wrong email. The answer isn’t prohibiting employees from opening email. The answer is educating them on the potential hazards, how to avoid them and planning for the worst. Disaster Planning and Backup measures need to improve to manage this growing risk.

A serious question most businesses need to ask themselves is, “When is the last time we improved our backup procedure Or tested a restore or simply kept up with technology Am I being penny wise and pound foolish” The bottom line is that businesses efforts to plan for disasters needs to grow with the times.

If a business doesn’t already have a Disaster Recovery Plan, creating one should be right next to waking up in the morning on the owner’s to do list. If one already exists, has the plan improved to adequately protect against the growing vulnerabilities and changes in technology

Backup Process or Restore Plan - Which do you have

Whether it is new legislation that is forcing a business to comply or recent data loss that is bringing a new awareness, it is time to understand that this ritual called “backups” is really about restoring data. The fact remains that the simplest restore process that works is better than the most elaborate backup procedure that doesn’t. For most businesses, this can be done quite easily. How do they turn a backup plan into a restore process Test it. Many users back up their data only to find their backups useless in that crucial moment when they need to restore from them. They fail because the systems are designed with a set of requirements that rely too heavily on human intervention for success. All it takes is one misplaced tape to produce a disastrous result.

Storage magazine, a leading technology publication conducted a poll of their readers titled “Do you test your backups” They found that although 66% of the respondents regularly test their backup tapes, another 77% discovered failed restores. Is it worth the effort for businesses to test these restores Yes, when you consider that over three quarters of those that have tested their tapes have unearthed failures. At the same time, consider the readership base producing these failed restores. This is Storage Magazine not Sports Illustrated.

Testing restores on a regular basis is only part of the story and is a step in the right direction. The other challenge that is becoming more and more difficult is keeping up with the growth of laptops and mobile computing.

Those Forgotten Laptops and Remote Workers

By longstanding IT practice, backups encompass data stored on servers, not workstations. “If you want your files backed up, the policy goes, don't store them on your desktop.”

And as for laptops Forget it. It's up to the user to back up anything vital. Unfortunately, this mindset runs into a problem with the explosive growth of mobile computing. By the end of this year, mobile users will have grown to as many as 60 million, according to International Data Corp (IDC). To compound the problem, about 7 million of those laptops will be badly damaged, lost, or stolen.

As more business professionals utilize laptops as their primary computers, more and more corporate information is being stored on those hard drives. According to Gartner research, 60 to 80 percent of corporate data resides on PC or laptop hard drives.

Laptops in the field are also exposed to extreme conditions from bouncing around on a plane to constant connectivity to the Internet. These laptops and critical data are far more vulnerable to theft, natural disaster, hardware failure, viruses and human error. However, in most organizations little attention is being paid to protecting these computers because it has been difficult up until now. New technologies are enabling laptop users to securely backup their data through the internet to a secure location managed by a service provider. This process is called “electronic vaulting” and is growing in popularity.

Protecting corporate data was a straightforward job when all data resided on the company server. This fell squarely into the hands of an internal IT person or outside computer consultant. Today, however, with laptops, home users and remote offices, the implementation of regular backup procedures is far more difficult. In order to effectively protect this data on a regular basis, the process must be automated. Electronic vaulting allows the user to select the critical data, setup a daily schedule and let the process run. After the service runs the business is emailed a report confirming the events.

Each day at a predetermined time the service wakes the computer, scans for any changed data, encrypts the files for complete security and backs up the data to a secure off-site location – all without any manual intervention.

Up until recently there have been many factors that typically prevented businesses from backing up these mobile devices – Internet connectivity, size of files, security, etc… The cost and complexity traditionally associated with a remote backup have prevented many companies from properly protecting this data on laptops.

It was always much easier to protect a dozen servers, for example, than 60 laptops. This reality, though, is being eased by new services that allow for secure backups through the Internet from any connection in the world. Availability of bandwidth, advances in data compression and new security measures have made this solution a reality. Now even the smallest business can afford a solution like this.

Particularly in companies that perform external audits, analyses, or evaluations of client sites, the value of laptop data rapidly becomes apparent. Firms that conduct offsite visits for expensive services like accounting and audits are in the forefront of the mobile computing arena and should make appropriate plans to protect this new level of data. Organizations must ensure the protection of mobile and remote workforce data as part of their basic IT plans.

The growing numbers of mobile users is just one example of how businesses need to evaluate their Disaster Planning and Data backup needs on a regular basis. All it takes is the CEO's machine experiencing a hard drive failure while on the road, or one poor HR staffer losing the entire corporate HR database that she kept on her own laptop, for mobile backup to become a greater priority.

Times are changing and so are risks. As technology grows, so should a disaster plan, even if this means guarding against “emails from grandma”.

The bottom line is that Data is becoming increasingly more valuable and exponentially more vulnerable.

Are you prepared

Dave Gambino is President and CEO of e-Backups.net, a leading provider of fully managed online data backup and recovery services. Mr. Gambino has over 10 years of experience delivering technology-based solutions and online services. For more information on protecting your critical data, please visit our web page at http://e-backups.siteforsuccess.com

Dave Gambino is President and CEO of e-Backups.net, a leading provider of fully managed online data backup and recovery services. Mr. Gambino has over 10 years of experience delivering technology-based solutions and online services.