Protecting Your Financial Information Against Disasters

November 2005

Hackers, disgruntled employees, natural disasters, and even human error can wipe out critical financial data, customer records and potentially thousands of hours of irreplaceable work. Would your firm be able to re-create work product if your financial systems were unavailable for a few hours, days, weeks, or months? Statistics show that over 75% of all small and family owned businesses do not have a disaster recovery plan in place.

There is a high probability that at some point your computer systems are going to experience a small annoying disaster like a power outage or hacker attack. Worse yet, many businesses have suffered major disasters, like a fire, major flood or earthquake. Here are some issues to consider when planning for the protection of your critical financial information.

The most important step is to have a plan and then practice it. Begin by determining what is vital to protect. Ask yourself, "What does our company do, and what information will we need to stay in business in the event of a disaster?"  Does it include documents and e-mail, accounting records, customer lists, technical drawings, vendor records, and legal documents? Once you've figured out which information is vital to your business, make sure you know what form it's in. Is everything saved on a hard disk, paper forms or tapes? Do you know where critical documents are stored and how to access them in an emergency?  

Once you've determined what needs to be safeguarded, what form it is in, and where it is located it's now time to protect your information. It is critical to perform non obtrusive but routine backups. Find somewhere other than your office to store the backups and copies. Catalog the locations and files that have been stored and set a review date for each depending upon the nature and importance of the files. Some data may be backed up daily or weekly, other information may be checked annually or only periodically depending upon certain events.  

Even company's that have adequate back-up plans and processes often fall short because they do not practice the plan. The best way to test you plan is to periodically simulate a disaster. At least once a year assemble your rental computers and employees at your recovery site and simulate a disaster recovery. Secure your backups from offsite storage and try to restore your business and see how well you do. Keep a detailed list of what goes wrong and find ways to fix those problems. Then practice it again. The objective is to find out whether your plan works under test conditions versus the hard way by actually having to deal with a disaster in real time. Granted, it is impractical to plan for every possible contingency; however you can reduce your risk of exposure if you have a well tested recovery plan.

Of course, don't forget to annually review your property damage and business continuity insurance. It can help mitigate some risks of a catastrophe, but insurance coverage is just one part of an overall disaster recovery strategy. Many people incorrectly assume that their company's insurance coverage will somehow magically recover their lost data. An insurance policy cannot recreate destroyed work product, rebuild your time and billing system, or reimburse you for lost client confidence.  

The best time to prepare for a disaster is obviously before it happens. If carefully planned and practiced, when a disaster strikes, your ability to quickly recover will help ensure your firm's survival. Don't wait. If you are unsure of your businesses ability to recover from an interruption, do something about it today.


Back