Data Disasters: In the Eye of the Storm
In an era of sophisticated storage, disaster takes on a whole new meaning
When we think of disaster recovery, natural weather events most often come to mind. Such events can have devastating effects on a business. A hurricane, tornado, or lightning strike can fry a small business’ power supply and cause a disruption that lasts weeks or even months. Laboratories that have expensive machinery, such as 3D printers, scanners, and milling systems, can take a major financial hit if a piece of equipment is severely damaged or destroyed. Even if computers are less expensive to replace than some larger capital equipment may be, the loss of data can be equally devastating. Of additional concern in this age of digital data transfer and storage is the devastating and debilitating invasion of the hacker. So how can you mitigate the impact of a cyber disaster? Exercise disaster preparedness. Laboratories can take several actions to protect important information and equipment from being destroyed or lost should a disaster strike.
Physical Plant: Invest in surge protection for all outlets in your laboratory. Use an uninterrupted power supply (UPS) for servers, telephone systems, milling machines, 3D printers, and CAD workstations. This simple process can save hours of lost productivity, data, and materials.
Keep Operating Systems Updated: Updates usually provide security patches and new protective features for known threats. Install updates when prompted and set your antivirus software to update automatically.
Cloud-Based Software: Explore software solutions for email, production, invoicing, CRM, and accounting that give you the flexibility of using such services from any web browser. Be sure to investigate the cost of cloud-based applications versus purchasing software and related hardware. From a security standpoint, check if your data is AES 256 encrypted (government-level encryption) and how your data set is backed up. More importantly, ask how you can retrieve your data if you change providers or discontinue the service.
Backups and Redundancy: Always back up computer files. This includes customer profiles, employee data, tax information, accounting records, payroll records, production records, case invoices and statements, email, and electronic documents. Online backup services are all the rage, but be careful about the frequency of your backups, encryption of data, the timeliness of access when you need to restore data, and testing of your backups to validate that they work. The alternative backup solution is to use an external drive and backup software. Keep in mind that best practices indicate that you should have at least two drives and rotate them—one for a nightly backup while the second is off-site. Many laboratories have a drive for each business day and rotate them weekly. Many small and midsize businesses today use both in-house and online backups for redundancy. In addition, store hard copies of all critical information offsite.
Virtualization: In the event of a server failure, you can take a backed-up image of your server(s)—not just data, but the entire operating system—and run applications until your server can be repaired or replaced. A virtual machine is created from backups of your server on a robust network storage device, which can be used to replace a server when it fails. It allows you to connect all devices on your network, map drives, and run applications so downtime will be minutes rather than days. This also can be accomplished through backed-up images of your server(s) that are stored in the cloud in the event the laboratory is destroyed in a natural disaster. The other benefit of virtualization is the ability to perform a bare-metal restore. This feature allows you to take a server image and install it on a new server—even one that has dissimilar hardware—which saves the time of building a server from scratch.
Firewall: Periodically check the software and firmware settings on your router and/or adaptive security device. Your firewall is the primary barrier between your trusted, secure internal network and the Internet.
Map Your Environment: Be sure that you have someone who understands all the important systems in your network. Keep an updated copy of all program login names, passwords, and answers to security questions. Also, maintain a record of passwords to files, computers, and other offline accounts. Be sure to document the model and serial numbers of all devices on the network. Make plans with IT specialists who can install new software or replace damaged hardware quickly. Find specialists who can set up equipment at an alternate location, if necessary.
BYDW (Bring Your Device to Work): Every laboratory has employees who bring plug-in devices to work. Do you have a policy about the use of these devices, especially one about attaching personal devices to the network? This type of connection could infect the network.
Insurance Coverage: Having adequate insurance is the key for a laboratory to survive a disaster, but be sure to review coverage for IT-related disasters. Many insurance companies have specific limits on IT or offer a detailed electronic data processing (EDP) rider. This is where your CAD/CAM equipment should be listed. Such riders usually do not necessarily increase your premium, but they do provide the insurance company with a breakdown of EDP equipment versus other contents. Another facet of your insurance should cover expenses from: 1) damage to third parties caused by a network security breach; 2) a breach of consumer protection laws, such as HIPAA or the Fair Credit Reporting Act; 3) costs of notifying customers of a breach; and 4) public relations expenses necessary to restore the laboratory’s reputation.
Brushing aside the need for disaster preparedness is easy when more pressing, immediate business demands clamor for attention. Yet, the fact is that disasters do happen and laboratories do suffer. The US Department of Labor estimates that 40% of businesses never reopen after a disaster—and at least 25% of the remaining businesses close within 2 years. By developing a disaster plan and implementing technologies that support business continuity, you can give your laboratory a strong defense in the wake of a disaster.
About the author
Robert Gitman is the company administrator at Thayer Dental Laboratory in Mechanicsburg, PA.