When a crisis hits, how safe is your IT?

Security, back up and disaster recovery issues must be addressed as IT infrastructure gains importance for SMEs, writes Bob Tarzey

Increasingly, SMEs are becoming more reliant on their IT infrastructure. This is not just because it is used to drive important internal applications, but because the majority of SMEs now use IT to automate interaction with external organisations. This means that an IT failure does not just affect SMEs, but also the businesses with which they interact on a regular basis.
IT failure is no longer an internal inconvenience, but can have a significant impact on the ability to trade, can damage reputations and lead to loss of competitive advantage. Why then do so many SMEs put their business at risk by leaving themselves vulnerable to IT failure?
The two most important assets for many firms are employees and information, the latter being mostly managed using IT these days. About 40 per cent of SMEs have just one location and about 90 per cent of these use that one location to house both their employees and IT department.
Consequently, if that building becomes unavailable because of a fire or flood, for example, the SME has nowhere to house either of its key assets. However, if the two are separated and linked electronically, the problem would be halved.
But while there is abundant network capacity and third-party data centre facilities to support safe separation of users and core IT facilities, the majority of SMEs do not make use of them.
Co-location providers that lease third-party data centre facilities offer service level agreements that promise to considerably lessen the likelihood of losing access for core IT infrastructure.
And even in the event of employees being unable to get to their
normal place of work, if the IT was still up and running many could access it remotely and get on with their jobs from home.
Some 20 per cent of SME employees are now issued with laptops for accessing the company’s IT and a smaller but growing number are using handheld devices.
The fact that SMEs increasingly understand the benefits of and allow such remote working means that many are able to carry on working even when their normal place of work is closed.
But it also means that in a time of crisis SMEs have the means to provide support to other users who do not normally work remotely, for example, by allowing them to access IT from home over secure sockets layer virtual private networks using home computers.
For most SMEs, managing end user devices, security and network access is a daily headache. Having good management tools in place and automating tasks where ever possible is essential for keeping overheads to a minimum.
And this is where confidence levels need to be improved. Quocirca research shows the SMEs that are most nervous about mobile device security are the ones most reticent to allow their use.
However, this means that not only are they missing out on the flexibility and business efficiency offered by remote access, but they are also not putting in place the foundations
for business continuity in the face
of disaster.
Nearly all SMEs can do more to ensure better information security and improve their ability to survive a crisis, but some have a lot further to travel than others.
Quocirca’s report, Information Security for SMEs, is free to CRN readers at: www.tinyurl.com/2gltgfBob Tarzey is service director at Quocirca.