I cannot think of a RAID configuration that would protect them from what happened to them. RAID is to be used for redundancy in case of drive error or failure. It is a good thing that the backups are on an exterior drive since now data can be recovered (at least up until the day of the last backup) and business can go about steps to getting back up and running properly. It is understandable that some organizations must resolve to open their doors in areas that are high(er) in crime than other areas.
This could be a matter of cost or a matter of geography. However, there should be measures taken to safeguard not only your commodities (i. e. employees, tools, hardware) but also your computer systems. If money is a major factor then I would recommend a few basic necessities. First I would recommend tamper proof windows. The kind that you see in some store fronts. It is clear just like glass but is much harder to break. I would also recommend more secure locks on the doors and windows. During business hours it may be necessary to keep some windows and some doors open.
But after hours, each window and door should be locked securely so that intruders cannot get in. Alarm systems are widely found on doors. I would also have them installed on windows and have them set to be armed with the rest of the security system. The server itself should not be in an area where it is so easily accessible. The scenario isn’t all that in depth, so assuming the server is a stand-alone PC of sorts, it should be kept in an area that is away from the work area. For this situation a closet space that can be placed under lock and key would be a viable option.
If the server is a larger unit that is (or should be) in a rack then I would recommend placing it in a room designated as a server room that is still under lock and key. The budget for the IT infrastructure is a concern, but regardless, core network components (such a server) should be protected and have that protection figured into budget figures. As for the earthquake issue, a company can go ways to protect their server hardware by reinforcing the area in which they place their server(s). Hardware servers, in racks, are (or should be) bolted to the ground. This will stop the server rack from rocking back and forth.
The structure of the rack will offer a little bit more stability. If possible, reinforcing the ceiling above and the walls around the server should prevent from cave-ins. For the purpose of data retrieval I would recommend that on top of backing up the data once a month to an external source that the data be either sent off-site or that it be replicated to another location, possibly a cloud based solution. In the event that there is an earthquake and all of the hardware in-house, including the backup solution, are damaged or destroyed it can be retrieved from an offsite location.
I know that this assignment called for disaster plan to protect the company’s technical assets, however I am not really seeing how RAID can be incorporated for that given that, for the most part, is used for redundancy. If the monthly backup solution is another computer or set of drives then I could recommend using RAID6 if the budget allows. RAID6 offers the same capability as RAID5 but allows for two hard disks to fail as opposed to one. If the company has a 10 hard drive solution, RAID6 would allow for 8 usable drives.