- expansion of email as the predominant form of intra- and inter-company communication;
- growth of online data mobility project management tools using smartphones and tablets to access and transmit data;
- increased adoption of document imaging to replace paper recordkeeping files;
- growth of enterprise resource planning (ERP) platform systems and integration with best-in-class specialty software programs;
- estimators’ use of the same database to work from multiple locations on complex projects;
- increased adoption of, and massive data files generated by, BIM;
- emergence of hosted and cloud-based data recovery systems;
- expansion of e-discovery in litigation, which raises expectations for (and increases the risks of ) record retention; and
- proliferation of social media networks combined with bring-your-own-device policies, which creates new portals for hacking, malware and viruses.
- failure to initiate or maintain regular data backups;
- hardware failure;
- human error resulting in accidental deletion, overwriting of data or forgetting to add new IT systems/devices to backup protocols;
- failure to test the backup and data recovery restoration process to determine adequacy;
- software or application corruption;
- power surges, brownouts and outages;
- computer viruses, malware or hacking;
- theft of IT equipment; and
- hardware damage or destruction from vandalism, fire and water (rain, flood or sprinkler system discharge).
- Laptop motherboard failure. A project estimator was working offline when the motherboard crashed. Because of a tight deadline, he had to restart the estimate from scratch. Although the bid was successfully submitted on time, the estimator fell behind on pricing other jobs that the company failed to win.
- Lost iPhone. Pictures of a project safety incident with documentation of a mismarked “one-call system” utility spot were lost. The photo documentation had not been transmitted to the office, and the contractor lost the request for damages against the utility locating service. Moreover, the smartphone was not properly password-secured, allowing unauthorized access to contacts, client information and company data.
- Desktop computer backup location not properly mapped to server. When a workstation was upgraded with a new desktop computer, it was not mapped to the server for automatic backup. The computer hard drive crashed, and no files were backed up. Recovery using the old desktop computer was slow, and data created on the new computer was lost.
- New database not added to the nightly backup protocol. A company purchased a new customer relationship management database and, after a power outage, realized it had not been added to the nightly data backup protocol.
- Onsite data backup location destroyed. The building housing an onsite backup server was struck by lightning, which started a fire and resulted in a total loss of all current and historical data.
- Disaster recovery software not properly configured. While conducting a test of a company’s disaster recovery plan, it was discovered that some critical data was not being captured in the backup files.
- Laptop and tablet stolen from a jobsite trailer. The field equipment had not been backed up for several weeks, resulting in the loss of key project documentation.
- Determine the company’s recovery-time objectives, and plan and budget accordingly. Identify which functions and systems must remain operational at the time of a disruption or disaster. This requires advance planning and budgeting for necessary systems and technical support services. It also helps prioritize risk-reduction strategies, including investments in data management backup system and security upgrades.
- Develop a written business continuity plan that outlines specific responsibilities for protecting vital information and mission-critical data. The business continuity plan should include protocols for backup and synchronization of all office systems and virtual/mobile devices. It also should address the frequency and format for testing data management integrity and security, as well as how gaps will be identified and addressed.
- Inventory the company’s vital information and mission-critical data, and verify it is being backed up. Key considerations include how the data is being backed up, by whom and how frequently, as well as where the backup data is stored. It is important to ensure the data backup and restoration process work as designed.
- Initiate automatic scheduled backups, ensure the backup data is stored offsite, and test the adequacy of the data backup and restoration methods. Consider the added benefits of imaging the company’s servers to achieve a complete restoration of the data management system
- Develop a comprehensive diagram of the company’s integrated data management network, including all physical and virtual/mobile subsystems. Ideally, this will be an “as built” blueprint of the company’s configuration consisting of the hardware, operating systems, software and applications that make up the data management network.
- Institute policies regarding the use of the company’s Internet, including security protocols. Implement policies for user authentication, password verification, unacceptable personal devices and reporting of lost equipment. It is essential to communicate these policies and security protocols to all users and to train new employees.
- Establish proactive management of the company’s data and IT network. Ensure the company’s network administrator has state-of-the-art tools, including remote access, help desk diagnostics and anti-spam and malware protection. Request periodic updates on all software licensing audits and verification that all security patch updates have been installed on a timely basis. Establish a fixed replacement schedule for hardware and software.