Data Protection Tips for SMBs
Five Tips for Protecting Your Data
When you consider that the word 'data' in a business context can mean client details, email and file archives, databases, sensitive accounts information, payroll systems, administration systems, confidential HR files, sharepoint sites, passwords and usernames, and personal email records from Directors to Dogsbodies you suddenly understand just how much the modern workplace depends on its bits, bytes and boffins!
Now imagine losing all of the above, your business would certainly be damaged if not permanently crippled. So how can we, as small businesses, protect our data?
Tip One - Laying the Foundations
Employing the right people, creating and distributing the right policies and following the correct procedures are the basic strategic foundations onto which the rest of your data protection strategy will be built. One individual should be designated as the 'Data Manager'. This person becomes responsible for promoting data protection to the management, researching viable investment options, testing the solution and training your staff.
More responsibilities for the Data Manager could include; identifying and applying the relevant regulations regarding the Data Protection Act and the company's responsibilities there, group based discussions which include key decision makers and their input and defining the most critical data that needs to be protected.
Tip Two - Offsite Data Storage
If your office is near to a river, in an area prone to subsidence, at a low point in the water table, in an area vulnerable to theft or trespass, or suffering from intermittent local power cuts, you are at risk from data loss. Consider the threats to your workplace for a moment. The purpose of offsite storage is to remove this element of risk from your operating environment. Your data back up should be stored at a place which is geographically distant from your main office.
One common solution is to designate a member of staff who's responsible for taking the data home with them. Also, increasingly in recent times SMBs choose to back up their information to a remote server via the internet. A service mentioned elsewhere in this blog and provided by Wytech.
Tip Three - Calculate the Cost of Data Loss
Sometimes it is useful to quantify risk. In the case of a small business, putting the impact of a server failure into financial terms can bring the importance of data protection home to the Directors. Although only approximate, the following method allows businesses to estimate the average cost of data loss or a server crash. Why not give it a go?
Cost Per Occurrence = (To + Td) x (Hr + Lr)
To = Time/Length of Outage
Td = Time since last Data backup
Hr = Hourly Rate of Personnel (Calculate by monthly expenditure per department divided by the
number of work hours.)
Lr = Lost Revenue per Hour (Applies if the department generates profit. A good rule is to look at profitability over three months and dividing by the number of work hours.)
Tip Four - Consider all of the Backup Options
Once you have calculated the amount of data you would like to protect by backup, and the budget you can dedicate to this, you can begin to consider the most appropriate solution for your business. For example, if your critical applications run at multiple locations which are far apart you may struggle to maintain consistency and proper control over the various backup regimes. Few SMBs could afford a dedicated IT technician resident at all branches to maintain and regulate your backup system and be able to perform a fast backup when required.
Many businesses are also faced with a cost benefit conundrum; tape backup which has a high initial outlay and has relatively high ongoing costs (replacement tapes etc.) but which provides excellent data fidelity and fast recovery (a member of staff can physically bring the tapes to a replacement server when needed); versus online backup which offers low initial costs but involves a monthly charge based on the amount of data you are backing up. Online backup is automated and remote, which reduces administration and gives peace of mind, but it is also dependent on an internet connection which can fail and can also struggle with large quantities of data transfer. Most online backup occurs overnight when the internet connection is idle for this reason.
You need to talk to you IT solutions provider and match you needs with your budget to find a solution that suits your business.
Tip Five - Make sure you actually can restore your data!
A common mistake we find with SMBs is a blind faith in backup solutions. Once the strategy is agreed, managers don't want to spend any more time away from their core business on something that feels like an insurance policy at best. However, a Disaster Recovery plan cannot exist on paper alone, it must be tested. Despite the disruption this may cause, it is worth checking that your plan for data recovery actually works, because if it doesn't when/if a disaster does happen, you will experience far more disruption or even lose your business.
Here are some important questions worth asking about your Disaster Recovery plan;
Written by R.G.L. Birkbeck
When you consider that the word 'data' in a business context can mean client details, email and file archives, databases, sensitive accounts information, payroll systems, administration systems, confidential HR files, sharepoint sites, passwords and usernames, and personal email records from Directors to Dogsbodies you suddenly understand just how much the modern workplace depends on its bits, bytes and boffins!
Now imagine losing all of the above, your business would certainly be damaged if not permanently crippled. So how can we, as small businesses, protect our data?
Tip One - Laying the Foundations
Employing the right people, creating and distributing the right policies and following the correct procedures are the basic strategic foundations onto which the rest of your data protection strategy will be built. One individual should be designated as the 'Data Manager'. This person becomes responsible for promoting data protection to the management, researching viable investment options, testing the solution and training your staff.
More responsibilities for the Data Manager could include; identifying and applying the relevant regulations regarding the Data Protection Act and the company's responsibilities there, group based discussions which include key decision makers and their input and defining the most critical data that needs to be protected.
Tip Two - Offsite Data Storage
If your office is near to a river, in an area prone to subsidence, at a low point in the water table, in an area vulnerable to theft or trespass, or suffering from intermittent local power cuts, you are at risk from data loss. Consider the threats to your workplace for a moment. The purpose of offsite storage is to remove this element of risk from your operating environment. Your data back up should be stored at a place which is geographically distant from your main office.
One common solution is to designate a member of staff who's responsible for taking the data home with them. Also, increasingly in recent times SMBs choose to back up their information to a remote server via the internet. A service mentioned elsewhere in this blog and provided by Wytech.
Tip Three - Calculate the Cost of Data Loss
Sometimes it is useful to quantify risk. In the case of a small business, putting the impact of a server failure into financial terms can bring the importance of data protection home to the Directors. Although only approximate, the following method allows businesses to estimate the average cost of data loss or a server crash. Why not give it a go?
Cost Per Occurrence = (To + Td) x (Hr + Lr)
To = Time/Length of Outage
Td = Time since last Data backup
Hr = Hourly Rate of Personnel (Calculate by monthly expenditure per department divided by the
number of work hours.)
Lr = Lost Revenue per Hour (Applies if the department generates profit. A good rule is to look at profitability over three months and dividing by the number of work hours.)
Tip Four - Consider all of the Backup Options
Once you have calculated the amount of data you would like to protect by backup, and the budget you can dedicate to this, you can begin to consider the most appropriate solution for your business. For example, if your critical applications run at multiple locations which are far apart you may struggle to maintain consistency and proper control over the various backup regimes. Few SMBs could afford a dedicated IT technician resident at all branches to maintain and regulate your backup system and be able to perform a fast backup when required.
Many businesses are also faced with a cost benefit conundrum; tape backup which has a high initial outlay and has relatively high ongoing costs (replacement tapes etc.) but which provides excellent data fidelity and fast recovery (a member of staff can physically bring the tapes to a replacement server when needed); versus online backup which offers low initial costs but involves a monthly charge based on the amount of data you are backing up. Online backup is automated and remote, which reduces administration and gives peace of mind, but it is also dependent on an internet connection which can fail and can also struggle with large quantities of data transfer. Most online backup occurs overnight when the internet connection is idle for this reason.
You need to talk to you IT solutions provider and match you needs with your budget to find a solution that suits your business.
Tip Five - Make sure you actually can restore your data!
A common mistake we find with SMBs is a blind faith in backup solutions. Once the strategy is agreed, managers don't want to spend any more time away from their core business on something that feels like an insurance policy at best. However, a Disaster Recovery plan cannot exist on paper alone, it must be tested. Despite the disruption this may cause, it is worth checking that your plan for data recovery actually works, because if it doesn't when/if a disaster does happen, you will experience far more disruption or even lose your business.
Here are some important questions worth asking about your Disaster Recovery plan;
- Have you identified the individuals responsible for recovery?
- Do they know what they have to do?
- Have you identified where you will start your recovery (the main office or a branch etc.)?
- Do you have a process in place if you have to relocate your business temporarily?
- Are all of your staff aware of the disaster recovery plan and do they understand their role in it?
- Have you identified the most critical applications which need to be restored first and an 'order of restoration' for the remaining data?
Written by R.G.L. Birkbeck
posted by Wytech Ltd at
10:58
0 Comments
