Essentials Of A Back-Up Data System For Small Businesses

Though it is not always top-of-mind when you are trying to run a business, the prospect of data loss is real and potentially could bring your company to a halt with no warning. Not all data losses are due to malicious actors, but here is a breakdown of how important business data is typically corrupted or lost.

• Hardware Failures 43%
• Computer memory (RAM); Motherboard; Processor (CPU); or Power Supply
• Human Error 30%
• Accidental deletion; disc reformatting without backup; overwriting of files; uninformed attempts to recover lost information
• Software Corruption 12%
• Backup software; File editors; Antivirus software; Converters
• Computer Viruses 7%
• Downloads of pirated software; opening attachments to email; surfing unreliable web sites; no anti-virus protection to begin with
• Theft 5%
• Logic data theft; targeted attacks to steal data or corporate information
• Others 3%
• Natural disasters, physical damage

In simplest terms, a combination of regular back-ups of critical data coupled with education of the workforce to avoid human error will alleviate a significant amount of worry about data loss. But how does one go about the implementation of such a plan?

There are two concepts that play into a data back-up and recovery plan. The first is a recovery point objective (RPO). This is used to decide how much time should go by before the data should be backed up. If back-ups are done daily (which is fairly typical), in essence this is saying that the potential loss of up to 24 hours of data is acceptable. It is possible to assign different RPOs to different data. The other concept is RTO or Recovery Time Objective. This is a measure of how much time should it take to fix the lost data problem from the time that it is first reported. This can include a secondary operating mode or a workaround as a temporary fix until the issue can be solved. A manager in charge of data recovery should be designated and the RPO and RTO will need to be determined for your business by working with this person to determine what makes sense for these objectives. This gives a single point of contact for communication and implementation of the plan when you need launch the recovery plan. This person will also have the duty to educate and reinforce best practices within the organization.

The essence of protecting critical data is to copy it to a place that is external to the normal day-to-day working files. Depending on the size of the organization, the amount of data and how often you plan to back it up, there are several options to choose from. A good rule of thumb to follow is the 3-2-1 scheme.

Make sure you have 3 copies of your critical data (original + two copies). Use at least 2 different storage methods, and store at least 1 copy offsite.

• Cloud Storage
• Many companies offer fully encrypted storage as back-up to the cloud. There is a lot to recommend with this method. As an added safeguard, cloud storage when used as back-up usually will allow you to download the data to an external storage device, optical storage for example, which could then be kept offsite. Thus fulfilling the 3-2-1 method. Cloud storage is also easily scalable as your business grows.
• Software
• If all of the computers in your company are networked together, it could be convenient to designate a dedicated laptop computer that is used for back-up directly from the company server. The laptop can be kept offsite assuming daily back-ups.
• External Hard Drive
• Most operating systems have a built-in External hard drive that is designed to act as archival backup. Generally speaking, you would need one hard drive per computer and they would need to be kept in secure storage offsite in between backups.
• Hardware Appliances
• These are devices designed to act as archival storage and have much more storage than a single external hard drive. They would typically be connected to an off-site server.
• Removable Media
• This would be a thumb drive, or optical disc storage. These don’t store a large amount of data, but may be useful if specific critical information is to be protected. Examples might include things like a customer list, or maybe some Intellectual Property that is being developed.
• Network Attached Storage (NAS)
• NAS is reliable and secure. Data is stored on a dedicated server, isolating it from the risks that are common to a PC or laptop, making recovery very quick in most instances.

By now it should be clear that without a process to store critical data on a regular basis, along with a recovery plan, there is a significant potential business risk that is not being addressed. Fortunately, it is fairly straightforward to implement a back-up storage plan. Often it is best to have someone who is employed by your company to be in charge of that plan, but many companies are fine with hiring someone on a contract basis to provide for and implement a back-up and recover plan. The choice depends on the perceived risk of data loss in your particular business, and availability of contract services. Once you have everything set up, be sure to run a few disaster recovery drills to demonstrate the effectiveness of your system. Once proven, it will become one less thing to worry about knowing you have a secure and recoverable data system.