Business data is critical these days. Being without it can mean hundreds, thousands or even millions of dollars in lost revenue. Many malware and hacking attacks targeting businesses are aimed at stealing or preventing access to business data. This is why we back up our business data; to keep it safe. So what are you doing to back up your data? And is it really, truly, effective?
Yes. Your business data is more critical than you want to admit.
One of the most common things we hear from business owners is: "My data isn't that important." What these owners fail to realize is their data actually is far more important than they will admit. The biggest reason for this is due to not taking into account the hidden costs of data loss. Redoing inventory, customer lists, spreadsheet calculators or even forms and info sheets is a very time consuming process. Instead of owners or employees actually moving forward with business operations, they're forced to re-invent the wheel and do things they've already accomplished over again.
This stacks on top of the upfront costs of data recovery and system repair operations. When put together, these costs can reach into the $1000s without breaking a sweat, even for a small company. The attitude of losing data not being a big deal is a very dangerous way to run a business. And far too often we see companies desperate to recover the unrecoverable because they've realized too late how important their data really was.
Backing up business data is not just about computer crashes.
Why do we back up? In case our computers crash of course! That might be true when backing up your vacation photos on your home PC but with business data, it's only one of the reasons to back up your systems. There are far more ways than just computer crashes that can cause data to be lost. Things like ransomware, malicious deletion (think rouge employee) or even a physical disaster (fire/tornado/flood/etc) can cause loss of data.
Even accidental deletion or modification of a file or database can make for a bad day. A perfect example of this happened to one of our clients recently. They had just run a report out of their customer management tool and one of the employees had edited and cleaned up the report. This employee then went to run a second report but didn't remember to change the name and save path thereby overwriting their cleaned up file. Over an hours' worth of work suddenly went *poof*. Fortunately, they had our backup solution implemented which had already picked up the original report and the cleaned up version and within just a few minutes the issue was resolved.
An effective backup system can handle issues both large and small, minimizing the amount of wasted time and effort by you and your employees.
Flash drives are risky business.
One of the most common methods of backing up that we see is plugging in a USB flash drive and copying files to it. This drive then goes into a desk drawer or file cabinet where it sits until the next time somebody remembers to make a backup. Flash drives are great for their intended purpose of transporting files from one system to another. However, for backup, they're risky to say the least.
Keeping your sole backup of any data on a flash drive is a bad backup practice. Flash drives inherent faults are that they're easy to lose, easy to break and can leave you with a sinking feeling when you go to plug it in and it suddenly doesn't work. The entire point of a backup is reliability, and flash drives are simply not reliable enough to be trusted when it counts.
Business data is more than just QuickBooks.
Whenever we talk about backup with most smaller businesses owners, one of the first things they say is that they already do backup their data. When pressed a little further however we come to find out that by "data" they mean their QuickBooks file and only their QuickBooks file. Even small companies today rely on more than just QuickBooks to get the job done.
What if all of your email disappeared? How much of a bind would that put you in? Not only are you missing important conversations and leads but also past threads and other important information. How about call logs, customer documentation, contract templates, print-out sheets, work-orders the list goes on and on. This is data you can't afford to ignore.
An untested backup is no backup at all.
Say you needed to recover your data from your existing backup right now, could you? Are you sure? Has your backup been tested recently to ensure it's going to work when you do need it? If you confidently answered "yes" to all three of those questions great, you can close this page and continue on with your day. I'm guessing however that you answered "no" or "I don't know" to at least one of those questions.
A backup does your company no good if the data within it is corrupt or unusable. Unfortunately for a lot of places, this knowledge comes a little too late to be of any use. Having a backup is great but it needs to be regularly tested to ensure continuity and consistency. This goes for all types of backups including file, system, database, email, all of it. You'll be much better off finding out your backup isn't working during a test than during an emergency.
Backing up the cloud. Yes that's needed too.
"But everything that I use is in the cloud! That means I don't need backups right?" This is the scary one that we hear. Everything is in the cloud now days so you don't need to worry about backing anything up because hey, it's in the cloud right? It'll always be there… right?
By now you've probably figured out that the above line of thinking is mostly wrong. About the only thing that storing data in the cloud can help protect against is hardware failure. However you still have the myriad of other things to think and worry about. In addition to that, you're also now at the mercy of whoever owns the cloud your data resides in. If that company suddenly goes out of business or bans your account (it happens) your data can be permanently lost.
As a result, it is important to look at implementing either a cloud-to-cloud or cloud-to-ground backup. The former is typically more readily available and is the process of backing up from one cloud to another which is hosted/owned by another company. The latter involves pulling your data out of the cloud and placing it on a local storage system or server on your own premises. Either one will work and it is largely up to personal preference for which one you pick.
Finally, be wary of cloud providers that claim to back up your data for you. Most times you will find that they are backing up their own systems for the app to continue functioning but they are *not* backing up your actual data, leaving you still at risk.
Backing up the wrong way can lead to disastrous consequences.
Now if everything up to this point wasn't enough, it's time to talk about backup security. You can have your backup tested to the moon and back but it's all for naught when a ransomware infection works through your network and encrypts not only your data but also your backups. Unfortunately, modern malware is this sophisticated in that it will actively look for and destroy backup data before or while it damages your primary data. When backing up, data-flow should always be a "one way street" accessible only to the processes performing the backup.
The other thing that needs to be looked at are access and physical security. This is especially true for organizations that are required to adhere to a compliance standard such as HIPAA or PCI. For example, HIPAA compliance dictates that data at rest must be encrypted. This isn't necessarily a required thing for organizations that do not need to be HIPAA compliant but it's good practice nonetheless. In the event of any sort of theft or breach you'd much rather give an attacker something he'll never be able to use than an open book to your company.
How to get it done.
By now you should have a pretty good idea about what to do and what not to do when it comes to keeping your data safe. Now it's time to come up with a plan and execute. Doing so may seem overwhelming but it's simpler than you think. Here are the five important steps to consider:
- Take an inventory of all of your data and remember: all of it is more critical than you think.
- Pick a media and method for backing up with, stay away from unreliable media like flash drives (USB hard drives are okay).
- Don't put your backup in one basket, if at all possible keep one copy of backup data locally and a second copy off-site or in the cloud. The common "rule of thumb" here is the 3-2-1 rule: Have at least three copies of your data in two different locations with one of those locations being offsite or in the cloud.
- Secure backups with encryption and ensure the media access is not open to any applications or processes that don't belong to your backup.
- Set up a schedule for testing backups and then adhere to the schedule.
Follow these steps and you'll be well on your way to properly backing up all of your business data in a way that will keep it secure, available and usable in the event that you need it. If you feel that you need some help with getting a properly working backup in place for your data, give us a shout and we'd be happy to assist with getting you set up with what you need.