Protecting My Data II
PROTECTING MY DATA: PART II
As we discussed in our last posting, a very large percentage of small to mid-sized businesses do not take adequate steps to protect the data they retain. That data being everything from their own internal processes and procedures to customer data, employee data, sales data, etc.
In fact, when most of the businesses are asked about the topic, they usually only think in terms of customer/client data. They do not think in terms of protecting their own data or employee data.
A good example of this was shown during another recent potential client visit by our staff. During this visit, the conversation with this business’s office manager was very detailed. In this specific case, they really had taken additional measures to at least think about the liability of lost or damaged data.
The two key factors overlooked by this business are a couple of things we mentioned during our last posting; As a business, have you thought through the types of backups you are utilizing?
- Data backup or full application backup?
- What type of data backup am I managing?
Those two questions should really be the foundation of your disaster and business continuity planning. So, what is the difference between those two topics you ask? Well, one should outline in full detail; “what your business would do in a complete catastrophe?” Flood, fire, and hurricane are the obvious occurrences often thought of, but what about extended power outages, loss of internet, forced vacancy for health code issues?
The second item, business continuity is an entirely separate process. Once you have been impacted by one of these events, how will you resume your daily business activities?
Here is a real-world example of what I am speaking to; the local business has set up for themselves a “resident” backup. This external hard drive is connected to their server in a safe and secure location within their office. This backup is run every night like clockwork, they have set up automatic backups of all data folders and any activity for each day. All have been done in preparation for that unforeseen emergency. They have a disaster plan and have practiced this plan from building evacuation through employee notification, client notification, etc. A pretty good plan all in all.
This business is in a shared office space and, unfortunately, one night the adjoining business had a fire. That fire started in the adjoining office space where they had their servers. This room was heavily damaged by fire, smoke, and water. The remaining areas of their office were fine, truth be known, other than a smell of smoke, nothing else with their office would show the damage of any sort. So, was this business ready to roll the next morning? What was missing from this scenario?
Well, several things;
That “resident” backup hard drive melted – the result was all the nightly backup was lost
The servers were heavily damaged by water and heat – the result was servers being non-functional and non-accessible. Hard drives were recoverable but would take days for cleaning and data removal.
Nothing was in place for business resumption/continuity – the result was an office, while physically functional, was not operational as a result of the primary server damage. Employees were sent home and business closed for two weeks.
Business software – in that the servers and external hard drive backup were only backing up data. While the primary servers did have licensed software loaded, those in and of themselves had not been backup or stored offsite in any form. i.e. this business utilized software that the original copies could not be located and as mentioned were not being backed up themselves. As a result, new purchases of software licenses were required.
What could have been done in this example?
The “resident” hard drive back up is actually a really good practice, one we recommend as part of the “hybrid” approach to data protection. Additionally, however, there should have been some form of off-site cloud backup in place. This would have allowed for a full restoration of the data environments; all be it slower than a local backup. It would have provided a full restore and could have included a full restore of all operational software. This would have also provided an opportunity for remote access by the employees; thus no one would have been “down” or unable to work and the business could have stayed open while another equipment restore was being completed.
A complete business resumption plan would have contemplated “how” this business would continue to operate and not suffer any downtime. Be it within their office relative to the available systems etc., or from a remote standpoint where workers could have worked from home.
As you can tell from the aforementioned example, the thoughts and planning around disasters of all types large and small, as well as having a documented plan of action for business resumption/continuity are essential in minimizing impact to your business and profitability.
To touch on the other topics of today’s information, how often should I back up my data? This depends on how often your data is changing among other issues, how much data you are attempting to back up, your bandwidth, the criticality of the data, how quickly archived data needs to be retrieved and in what format. The short answer is if your business is a transactional-based business, then shorter backup periods are important. i.e. how many transactions can you lose without impacting your business? If your business is more service-based and does not change a great deal throughout the day, then a nightly or weekly backup may be all you need.
The bottom line here is back up your data. This is the best protection against loss, theft, hacking, damage, etc. Have a complete disaster plan as well as a detailed business resumption plan.
Call or email for additional conversation, or if you would like to complete a free network assessment by Venture Pointe to ensure you are taking the adequate steps to protect your business.
Jim Satterwhite
CEO, Venture Pointe, Inc.
Jim.satterwhite@venturepointe.com