[ISN] Small Biz Puts Protection Before Continuity In Survey

From: InfoSec News (isn@private)
Date: Fri May 07 2004 - 06:51:04 PDT

  • Next message: InfoSec News: "[ISN] Arrest could crack open PC virus ring"

    http://nwc.serverpipeline.com/showArticle.jhtml?articleID=19502258
    
    By Tom Smith
    Small Business Pipeline  
    May 05, 2004 
    
    Despite a recent history that includes terrorist attacks on American 
    soil, the resulting war against terror, and a flurry of virus 
    activity, most small businesses aren't concerned enough to develop 
    specific plans to keep their businesses up and running in the event of 
    a disaster. However, they do recognize the need to protect their data 
    and computer systems from natural disaster and hacker attacks. 
    A survey of 237 small business conducted by Small Business Pipeline in 
    April found that 73% have no written plan that defines a strategy for 
    responding to disaster. Of the 27% that do have such a plan, about 80% 
    actually review the plan on an annual basis with their employees. 
    
    Six of 10 have done no formal quantification of how much it would cost 
    their business if it was interrupted for any extended period of time. 
    Of that small percentage that have performed this financial analysis, 
    56% say they'd lose less than $10,000 per day. That result is perhaps 
    not too surprising, given that more than half of the survey 
    respondents have less than 10 employees. Another 27% have less than 50 
    employees and 16% have less than 100. 
    
    In a somewhat contradictory finding, the highest number of 
    respondents, 35%, ranked disaster recovery as about equally important 
    as other business functions such as customer service, technology 
    operations, finance and accounting, and so on. A full 34% said 
    disaster recovery is more important while 31% said it's less 
    important. Despite these findings, there's no apparent sense or 
    urgency to plan for disaster. 
    
    There was some good news: 56% of survey respondents do have a defined 
    sequence of steps to be followed if their physical location becomes 
    unavailable. 
    
    Z Technology, a manufacturer of test and measurement equipment for the 
    radio and television broadcast industry, appears to be fairly typical 
    of the survey respondents. The 10-person company has no formal 
    disaster-recovery plan, operations manager Dan Nicholas said. "I don't 
    think it's ever been thought about a whole lot," Nicholas added. "It's 
    not a conscious decision to not have one." 
    
    However, the survey found a strong, clear emphasis on data and systems 
    protection among small businesses. Those businesses are acutely aware 
    of the threat posed by viruses, hackers and system incursions. Of the 
    237 survey respondents, 88 or 37% say technology-driven threats 
    "viruses, hackers, security breaches" pose the greatest danger that 
    could interrupt the functioning of their business. 
    
    Other threats identified as the biggest concerns included disasters 
    such as fires or explosions, selected by 27% of respondents; natural 
    disasters such as weather and earthquakes, 26%; theft or loss of 
    intellectual property, 7%; and other areas such as terrorism and a 
    national emergency, 3% 
    
    FMSI Actuarial Concepts and Systems Inc. is indicative of the focus on 
    protecting data and systems among small business. The Deerfield, Ill., 
    company's three employees hold themselves accountable for backing up 
    data from their workstations on a regular basis. Data gets backed up 
    to two separate Web-based systems maintained by different outsourcing 
    firms for an additional layer of protection. "If one is down, the 
    other is not down at the same time," explains Gerry Kopelman, a 
    partner. 
    
    While these backup procedures aren't explicitly defined, they are a 
    part of the company's way of doing business. "There are no formal 
    policies. It's just become our habit to do that. It's common sense," 
    Kopelman says. 
    
    Like FMSI, respondents to the Small Business Pipeline survey appear 
    well-prepared to deal with threats that could impact their corporate 
    data. Three quarters of respondents say they have a specific medium or 
    plan for protecting data in the event of a business or technology 
    interruption. In a related finding, 62% of respondents say they have 
    defined policies to secure the data on individual employees' 
    computers. 
    
    Asked to identify their primary means of protecting data, 43% said 
    they back up data to an off-site facility they own or manage; 28% said 
    they back up data to servers or systems in the same office as primary 
    systems; 20% said they back up data to a third-party facility, and 9% 
    use another means. 
    
    Asked to rank technologies that are most important in preventing 
    business interruptions, the most respondents 40%, selected network 
    security products such as firewalls. Another 34% selected data backup 
    and management. 
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Fri May 07 2004 - 09:03:43 PDT