If the data your business relies on isn't protected from malware and natural disasters, you should be lying awake at night. And because you're not alone (small consolation), you're also one of the targets of a new initiative by HP.
Last week, the company announced its Business Protection portfolio, a program it hopes will help SMBs protect their data from a variety of threats — everything from a basic hard drive crash to virus infections and malware attacks to natural and man-made disasters.
As part of its announcement, HP gathered a group of seven leading IT industry and small-business experts for a roundtable discussion about business protection plans and their importance to small businesses. The panelists included:
Andy Bose, CEO of AMI-Partners, Donna Childs. CEO of Childs Capital and co-author of the book, Contingency Planning and Disaster Recovery: A Small Business Guide, Kevin Gilroy, HP's senior vice-president and general manager, Stefan Osthaus, senior marketing director for Symantec, Charles Ostrowski, IT director for Los Angeles-based law firm Weston, Benshoof, Rochefort, Rubalcava and MacCuish, Bill Raisch, executive director for the International Center for Enterprise Preparedness (InterCEP) and Brian Wiser, senior vice-president at Ingram Micro.
These experts agree: whether your small business consists of one person or hundreds of people, instituting a business protection plan can mean the difference between surviving a data disaster and losing your business.
What is Business Protection?
Business protection means having systems in place that protect your vital business data — software to protect your PCs and networks from viruses, spam and other malware; backup and recovery capability to prevent data loss; and products and services that keep your crucial hardware and applications up, running and available no matter what.
The type of protection plan you need depends on the size of your company and the type of business you own, but the key elements remain the same. According to Bill Raisch, "Business protection equals readiness, response and recovery. It should be scalable to protect a one-person shop right on up to a thousand employees." Stefan Osthaus agrees, adding, "The key components include a security assessment, creating and monitoring a security policy and ongoing analysis of the plan's effectiveness."
Noting the dynamic nature of a small business' security needs, Donna Childs suggests that SMBs make data protection assessment a routine part of their business practice. "We revise our protection plan every quarter. Complacency can creep in," she said.
Creating a plan starts with prioritizing your data. What files and applications are vital to your operation? "Things happen," said Raisch. "Hurricanes, data attacks, floods; but remember, even though a major crisis for an SMB may not make the six o'clock news, it can still be devastating. Determine the key elements your business must have and then triage. Ask yourself: if the building was on fire, what would I save first?"
Why Do SMBS Need a Plan?
Your data is your business. HP cites a recent study by the University of Texas that said 43 percent of companies that experienced a catastrophic data loss never recovered — and 51 percent went out of business within two years. "It's easy to think, 'This can't happen to me,'" said Kevin Gilroy, "but it can. Don't put off planning."
Andy Bose's company, AMI-Partners, spends its time tracking and surveying small businesses. The company's 2004 SMB Annual Tracking Survey looked at the technology habits of 1300 small businesses — one to 99 employees — in the U.S. "The survey showed that one out of four — a full 25 percent — of small businesses think they're too small to be affected by a security issue," he said.
Bose added, "When we looked at the number of small businesses using antivirus software, we found that 63 percent have it. That remaining 37 percent translates into more than 2.4 million small businesses that don't use antivirus protection."
While Bose said the numbers are trending downward, and that more business owners are more aware of security issues, "SMBs often assume once they've adopted security measures, they're done. You have to renew antivirus and spam programs."
Small business is often seen as a fragmented demographic due to the wide range of business that fall under the category. But whether you own a two-person business with two computers and dial-up Internet access or a company with 300 employees, 20 servers and a T1 line, it's vital to secure your data.
A simple hard drive failure can put that two-person shop out of business just as permanently as a server attack on the company with 300 employees. According to Osthaus, "Security risks don't discriminate by company size. They're very democratic that way."
Andy Bose points to what AMI has identified as the three waves of IT adoption. Knowing where your business ranks can help you understand how much and what kind of protection you need.
- Building the Infrastructure: "Smaller companies fall into this category. It's where you're choosing the computing platform, selecting which productivity applications to use. You have Internet access and possibly a Web site. The focus is on protecting individual PCs."
- Connectivity "At this stage, you have a LAN, maybe you've added e-commerce, broadband Internet, and you're running collaborative applications, meaning your employees access the applications from a server instead of from their individual PCs. You run server-based antivirus and firewall. The focus shifts from protecting the individual PC to protecting the server."
- Extend the Enterprise "At this point, you're reaching beyond the scope of your office. You have remote access, intranets and/or extranets. This is where VPN can come in — or managed security services. The focus is on multidimensional security layers with a firewall on the network but also on mobile workers laptops. There's a lot more to protect. Increased technological sophistication equals an increased need for protection."
Cost and ROI
The two main disadvantages SMBs have compared to big business, when it comes to recovering from a data disaster, are budget and IT resources. "SMBs suffer from a lack of recourse and an inability to diversify risk," said Childs. "But don't be scared, be prudent."
The question to consider when determining how much to spend on protecting your data is how much it would cost to replace it. Raisch urges SMB owners to spend time thinking about what could happen. "Ask your self, 'What if I lost 'X' amount of data?'" he said. "'What would it cost me?' Running different scenarios helps you see how much you should invest to recover rapidly."
Referring back to that University of Texas study, Childs noted it costs $50,000 per MB to recover lost data. "That's a national average — the cost in urban areas is higher," she said "And that's if it can be recovered at all. Don't take that chance. In my experience, it's a statistical certainty that an SMB will get hit. I spend 15 percent of my budget on IT infrastructure."
In terms of a return on investment, Osthaus said that in productivity alone, a protection plan pays off. "Spam is a big productivity issue when you have each employee spending 20 minutes a day deleting it. Plus, malware is often embedded in spam — even in those funny e-mails we get and forward on to friends."
Childs pointed out a benefit to implementing a solid business protection plan that most people don't even consider. "Investing in security pays even if nothing happens. I negotiated a 30 percent decrease in my insurance premiums because I had a good contingency plan in place. I could demonstrate that I was a better risk."
Finding the Right Partner
All of the panelists agree that finding the right IT partner — i.e., an expert advisor who can help you decide what technology you need, install it and support it — can make all the difference for a small business owner.
In real estate, the old adage is location, location, location. When it comes to technology, Micro Ingram's Brian Wiser said the most important step a small business owner can take is, "Partner, partner, partner. Find a good one to help with your initial assessment and to get you what you need."
Considering the time, money and sweat equity small business owners put into their companies, it's important to find a partner with expertise and a good reputation. "Get real-life examples from other customers. Make sure to choose a partner who can provide references — you want someone with a serious practice, not a hobby," said Bose. "Ask potential IT partners, 'Are you the kind of partner that sees the big picture, and do you have the capability to take my business all the way?'"
Childs said, "Look for a partner with an integrated portfolio, a breadth of offerings and a good relationship with the channel. Once you've put a business protection plan in place, you can go to sleep knowing that you've done everything you can to protect your investment."
Lauren Simonds is the managing editor of SmallBusinessComputing.com
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|