THE WINNING EDGE BY Thomas Burdick and Charlene Mitchell Computer Disasters: Will Business Crash as Well? It happens all the time. You call the airlines and you can't get flight departure times because the system is down. The bank can't give you the balance on your account because its computers are offline. These problems are small annoyances with little consequence. Typically they are forgotten by both the company and the customer soon after the incident. Some computer problems, however, have more of an impact. A fire at the New York Stock Exchange shut down trading at a time when the market was highly volatile. Last year, a computer virus entered the system of several major corporations, causing millions of dollars in damage. One airline that had computer operations located on both the West Coast and in Australia experienced earthquake damage at both places within two months. These serious incidents receive little media attention because companies are reluctant to publicize their computer disasters. There is a serious threat, however, which is inherent in companies' computers operations and even to the very existence of some companies. Even so, many businesses continue to ignore the potential for such problems. It usually takes a major shutdown before a company considers investing in a disaster plan. In a recent international study conducted for the Amdahl Executive Institute, half of the organizations surveyed admitted that they had suffered some type of serious disruption to their computer operations. According to the study, natural disasters such as floods, earthquakes and explosions accounted for about 30 percent of the respondents' computer disasters; 25 percent were unintentional damage done by people; and deliberate or malicious acts accounted for 45 percent. People represent the biggest risk to computer operations. Damage can result from malicious tampering by hackers, bitter ex-employees, angry current employees and even terrorists. Some companies in the Middle East, for example, may find terrorists attempting to sabotage their computer operations due to the heightened tensions in that region. Computer viruses are also on the rise. These can be inserted into operations maliciously or unwittingly. A major software company discovered that an employee had put a computer virus into some copies of its most popular program and shipped them to customers. Employees may unknowingly insert a virus into the company operations by bringing a virus-contaminated computer game to the office. The following are measures that companies can take to preclude potential problems before implementing costly system protections: o Maintain strict quality control on programs used in company computers to avoid virus-contaminated software. As grinchlike as it may seem, not allowing employees to bring in software games can prevent computer disasters; o Tighten all access points to computers: physical, telephonic and network. This can cut down on problems generated by hackers as well as disgruntled personnel; and o Ensure good working standards for employees and promote positive employee relations programs. Workers who can vent their problems on a receptive ear within the company will be less inclined toward sabotage. For companies trying to decide whether to spend the money for a computer disaster contingency plan, there are several key questions that should be asked. How important is the operation of the computer system to the business? How essential is it that the operations be uninterrupted? How much can the company afford to pay for the restoration or replacement of the entire computer operation? Clearly, those companies that use computers frequently need backup systems. Banks, for example, often have at least two sites with identical computing facilities. The most sophisticated approach is to integrate the backup processing into daily operations so that contingency procedures are tested all the time. The data can be processed and transferred almost continuously. Some companies mitigate expenses by sharing backup resources with another company. There are also computer services that specialize in providing disaster recovery facilities and contingency planning. But such services can be costly. Some estimates are that disaster protection can range as high as 10 percent of a company's total information technology budget. It should be noted that the existence of a backup plan does not guarantee a smooth transition of operations. In the Amdahl study, 75 percent of those who had contingency plans found them to fail the first time they were tested. How should a company determine the value of contingency plans? The best way is to assess the value of the losses if a disaster were to occur. This includes the missed revenues and the cost of getting a new system up, but also the intangible effects, such as the loss of customer goodwill and the effect on the company's credibility and reputation. While the volume of mail prohibits individual responses, if you have a question that you would like to see considered, write to the "Winning Edge" at 5777 W. Century Blvd., Suite 700, Los Angeles, CA 90045. All letters will be treated confidentially. /* Was this article of value to you? If so, please let us know by circling Reader Service No 00. (c) 1990 Creators Syndicate, Inc.