Small businesses lack disaster recovery plans

It is not surprising because of short staffing, but when it comes to planning for the worst, small businesses don’t even come close to being able to tackle a serious dilemma.

By Gregory Hale, ISSSource January 27, 2012

It is not surprising because of short staffing, but when it comes to planning for the worst, small businesses don’t even come close to being able to tackle a serious dilemma.

Nearly 90% of small and mid-size businesses have inadequate or outdated disaster recovery plans, according to a study from automated security and compliance auditing solutions firm nCircle.

On the positive side, the survey shows 51% of small and mid-size businesses have a disaster recovery plan, but the problem is they are not even sure if it is current. Of those surveyed, 13% said they didn’t have a plan at all.

Nearly 40% of businesses that did report having a plan said it went no further than backing up data.

“The number of small businesses that have no written security or disaster recovery plan is a significant concern,” said Elizabeth Ireland, vice president of marketing for nCircle. “It seems counterintuitive, but even though smaller businesses have fewer resources, they need to pay more attention to security rather than less.”

The study also shows that a lack of proper security policies is leaving many companies vulnerable to a potential disaster.

Nearly 20% of the surveyed businesses lack a security policy and simply expect employees to use good computer judgment; 26% have a security policy they don’t enforce.

“Security needs to be more than a written document that you file and forget,” Ireland said. “It should be a crucial safeguard that’s integrated into every aspect of your business.”

Researchers surveyed 145 professionals responsible for IT security in small to mid-size businesses.