As the insurance cost of the recent flooding rises as the water falls, a study by a data storage company suggests that although 40 per cent of UK firms regard natural disaster as the top threat to information, few have taken action to protect their data from flood and fire risk.
A recent Iron Mountain study, which spoke to those responsible for information at European businesses, found that more than half (58 per cent) of firms store the majority of their paper records in a central storage repository on office premises. A further 49 per cent keep paper records in filing cabinets or desks and in many cases, information is archived in the basement, leaving sensitive customer-related and business-critical documents vulnerable to flooding.
“The recent flooding has made it difficult for many businesses to carry on as normal,” said Iron Mountain’s Head of Risk, Christian Toon. “As the waters begin to recede we hope that for most companies the information damage will be limited, and that this will be seen as a perfect opportunity to review business continuity plans.”
The firm has prepared a checklist to help firms minimise the impact of a natural disaster and protect their important information assets:
Ensure your employee and top customer contact lists are up to date.
Monitor the weather: check the national maps and flood warnings to find out how vulnerable you are.
Have a plan for communicating with employees in the event of a business disruption, bearing in mind that your phones or IT network could be down and your office inaccessible. Rehearse the plan, and have a back-up in case it doesn’t work on the day.
Have a plan for communicating with your top customers. You are unlikely to have time to call everyone so focus on those most critical to your business, with a website or voicemail update for the rest.
Store your information archives in secure facilities away from flood plains. Your office may not be the safest place to keep business critical records and data. Host your services and systems off-site or in the cloud, so that they are protected if the business is affected by natural disaster. Plans should also be made to relocate important paper documents as this format is sometimes forgotten from IT-centric business continuity plans, but is equally vulnerable should flooding occur.
Protect your historical archives – storing physical and digital data offsite ensures that business activity can continue in the event of a disaster. Information is the most important asset to any business and shouldn’t be under any unnecessary risk.
Equip employees to work from home – and aim to do this before a crisis so that you can get the necessary equipment, security and processes in place. If undertaken as an ad hoc emergency response, you run the risk of employees relying on insecure personal IT to handle confidential or sensitive information.
Data protection regulations are not changed by disaster scenarios. Ensure your business remains compliant. For example, it is essential to keep corporate email systems going, or to get them up and running again as soon as possible, so that employees are not communicating or transacting business via non-compliant personal email accounts.
A chain is only as strong as its weakest link. As you develop your own disaster recovery plan, it pays to conduct an audit of your suppliers’ and vendors’ plans.
Rehearse and test every aspect of your plan, understand what could disrupt it and create a back-up plan. Do that several times.
