Southern California Chapter

Reframing the Facts Regarding IT Security and Disaster Recovery

Published August 20, 2014
Disaster recovery, data backup, IT infrastructure security – what do all of these items have in common? Simple, they’re generally misunderstood, undefined due to avoidance for ‘more important action items’, they manage risk, and their complexities are far from static. In fact, for the most part, organizations generally lack the manpower, time, and discipline to tackle these moving targets.

However, it shouldn’t be that way, it should be simple. Remember, technology was created to make our lives simpler, not more complex.

It’s time to shed some light on this confusing, ever-changing, arena regarding technology security and recovery. So, let’s simplify this topic, lay down a good foundation of importance, and enable your business to move forward and thrive.

Let’s start with a few common misconceptions:

  • First - IT security is expensive
  • Second - Security is about your protecting computer
  • Third - Our information is in the cloud, or backed up somehow, we’re safe

Ok, let’s reframe this trifecta, laying these main IT issues to bed, instead of them keeping you up at night.

IT security is expensive – Reframe – IT security saves your company money

Everything you do from crossing the street to pouring a glass of hot tea encompasses risk. If you move forward, don’t move at all, or back up, there are risks. Focusing on what data your company needs to secure should not be a guessing game, or worse, a game of Russian roulette. Yes, there are a many options to choose from, but the goal is to not get more than you need or less than you should.

A good option for finding your ‘sweet spot’ is to join a group, online or in person, with your peers to discuss what they’ve learned, or implemented, to determine if it could be a direction for your organization. I frequent meetings designed to help CPA firm administrators, and others, responsible for the day-to-day operations. The ideas that flow through the group in a little over an hour is more knowledge than one could successfully acquire in a week of research, same goes for the online collaborative groups.

Then, once you have some ideas and options, find an IT consultant who can explain the pros and cons of protecting your information. The key is finding someone you trust and isn’t solely motivated by commissions – This is where the groups come in handy. That way you don’t just get a good sales pitch, you get a great solution that is cost effective and fits your needs. This approach will save time, and money. You’ll get what you need and in a timely manner because a disaster can happen at any time.

Security is about protecting your computer – Reframe – Security is a central focus for our organization

Protecting your computers is important. However, information is everywhere, not just on your computer. Important information lies on your receipts, copy machine’s memory, smart phones, sticky notes, covering your desks and shelves, in your employees’ head - it’s everywhere. If you just focus on your computers being secured, you’re missing the boat.

Choosing a consultant that implements a holistic approach is key to ensuring a secure environment. The person, and company, that you choose to secure your risk should be prepared to discuss all of your options and provide solutions to aid in your risk reduction, not just dealing with the threats when someone utilizes your network. You would not go to a Dr. that only checked your throat during an annual physical; you’d make sure they checked you from head to toe. Similarly, make sure your focus is not just on your IT, step back and consider the whole picture.

Our information is in the cloud, or backed up somehow, we’re safe – Reframe – My information is safe, but that doesn’t mean I still won’t go out of business when disaster strikes.

Disaster recovery, business continuity, continuity of operations – Whatever you want to call it, making sure your information is safe is only a piece of the puzzle, and a smaller one than you think. So, let’s say that you only have your IT backed up, that’s your plan, let’s run through a few situations to illustrate why it’s not a complete solution.

A pipe bursts in your office soaking everything, your server overheated and caught on fire, a computer virus swept through all of your computer systems, a tragic situation closes your doors for an unknown period of time due to a legal investigation, or a contractor digs up your T1 lines and leaves you without phone or internet for two weeks – You know, the mundane, typical stuff that can happen to anyone, anywhere. Or one of those CNN/Weather Channel scenarios happens and nothing, or little, is left and you have nowhere to work, or you just can’t operate because the power/internet/phone grid goes down, fire, flood, earthquake, hurricane, tornado, etc. occurs – Mother Nature happens.

Yes, your information will be safe, but if your employees are not able to access the data, and work efficiently in a productive manner that is safe, no amount of IT security will be able to help you. Not only can you be vulnerable to fines and regulatory penalties, 55% of businesses that attempt to recover themselves never reopen their doors again, or shut down within 2 years after the disaster (U.S. Dept. of Labor).We live in an era that requires instant gratification otherwise clients look for other options. If you cannot get the assets and recourses your business needs in a timely manner, your chances of giving into the disaster are pretty high. When disaster strikes everything is at risk including your reputation, livelihood, employees, and future.                                                                             

A company should not think they are immune to disasters solely because their information is secure. Every company needs power, space, communication, connectivity, and computer system solutions in addition to IT backup and security – Your people need a place to work in order to take care of your clients, taking this holistic approach is key.

To learn more regarding the ‘Human Element’ of Business Continuity and Disaster Recovery, CLICK HERE to download a robust report on preparing your most important assets during a disaster - your employees.

When you have questions regarding these topics, or anything else in this arena, please reach out to me. Every business is different, cost-effective solutions exist, I can help.

Trevor Mickelson, CPA Solution Specialist | 720.490.4531 | Trevor.Mickelson@AgilityRecovery.com