How To Safeguard Small Business Data In 10 Steps


A data breach or loss of information can be devastating to any company, but at a small business it could mean the difference between opening up for business the next day, or shutting down for good. Here, Dave Hallmen, VP of Worldwide Sales and Marketing, EVault, offers advice on how to move your SMB clients from wishing they had reliable backup, to having a tried and true data recovery sytem in place.—Jennifer Bosavage, editor

When considering the most important business functions of your company, IT frequently lags behind sales and customer service. This is especially true for small-midsize businesses (SMBs) that, with limited resources at their disposal, often choose to outsource their IT. Even if a business manages IT internally, the business owner is likely paying more attention to productivity and administrative functions than to the backup and recovery of data.

Businesses both large and small hold critical data that needs protecting and can run into serious problems when they don’t choose the right vendor for outsourcing. To prevent the loss of the most vital information, here’s a list of 10 steps solution providers can put in place at their SMB customers to properly safeguard their data and avoid a disaster.

1. Make Sure Your Data Is Recoverable
When it comes to data, SMBs manage a lot of important information that needs to be properly protected and recoverable 24/7—just like Google and Apple. But with limited resources and small IT budgets, they often take a simplified approach to backup and recovery, which can lead to recovery issues.

For example, tape backup often entails periodic full backups and more frequent incremental backups. With a weekly full backup, the data you need to recover might be on the last backup tape. To access it, you’d need to restore the last full backup and then each of the incremental backups until you have found the data in question. If any of those incremental backups failed, your data is gone.

Avoid all of this by making sure your backup approach is failsafe and reliable.

2. Disaster-Proof Your Data

The past couple of years have shown us that natural disasters – hurricanes, earthquakes, floods and storms – can wreak havoc on businesses if data is not properly secured. So what is the best way to protect data from the elements? Backing up to a remote, off-site data center. Anything less is playing Russian roulette.

A recent survey of 414 organizations, conducted by InformationWeek, revealed that in 2011 only 17 percent of respondents were currently using cloud-based services for business continuity/disaster recovery. A whopping 49 percent said they are not.

The takeaway? The data center should be remote, far from your customers' main offices, and properly certified.

3. Determine Your Data Loss Tolerance Level
SMBs face millions of dollars in data loss each year. That much data loss can cripple some companies, especially small to medium sized ones. While some data loss is inevitable, determining the amount and what types of data you can lose without major consequences is key. It’s important to seriously consider a solution that automates backups according to your business’ schedule.

4. Determine How Long is Too Long Without Your Data
The next step is to determine how long you can operate without accessing lost data. Our recommended baseline is 24 to 48 hours.

Begin by sorting your data into three categories: 1) data you can live without; 2) data you need within 25 to 48 hours; 3) data you need within 24 hours. That will help organize and prioritize your data in the event of critical data loss.

5. Find a Backup Solution That Matches Resources

Be sure to describe the tools and implementation ypu'll use to manage the data appropriately. The customer' may tell you that as the company grows, it may want to bring data management back in-house; choose a solution would allow you to do so seamlessly. Flexible solutions let you and the customer decide how exactly to implement it for the best success.

6. Ensure Your Backups are Secure and Compliant
SAS 70, SOX, GLBA, HIPPA: To comply with these regulations, seek end-to-end encryption and certified data centers. Look for a solution that encrypts data during transmission and storage and one who moves backups to an offsite data center that’s SAS 70 certified. Make sure your vendor conforms to industry-specific requirements.

7. Make Sure Applications Can be Backed Up in Real-Time
That seems like a no-brainer but it’s often overlooked. Every vendor can back up all the standard files and databases SMBs use, but can they do so when those files are open? Most likely, the data you’ll want backed up will be in use when backups occur, and if your systems and applications don’t support this function, your data won’t be safeguarded. Additionally, applications such as Microsoft Exchange, Microsoft SQL Server and VMware require specialized support, so be sure your solution can support Microsoft Windows and other operating systems.

8. Protect Mobile Devices

The consumerization of IT has redefined how we work today, creating a new era for managers and CIOs alike. A recent study conducted by the Ponemon Institute found that of the 116 surveyed organizations, 62 percent of lost or stolen mobile devices contained sensitive data. Only 49 percent of respondents require employees’ mobile devices to be protected and a mere 39 percent said their organization has the necessary security controls to mitigate risk posed by insecure mobile devices.

That’s a lot of unprotected data on a lot of mobile devices, which puts an organization at great risk in the event of a disaster (or if that laptop, smartphone or tablet is lost or stolen). Your solution should secure on-site data as well as the information of employees who are using mobile devices on the go.

9. Identify and DIscuss Which Backup Technology is Best
Backup to CDs, DVDs, local hard drives and tapes were once the industry standard, but that was long ago. None of those technologies truly protect your data against a major disaster, as your data won’t be far enough offsite to withstand a massive hurricane or flood. These days, online and disk-to-disk backup and recovery are the technologies of choice due to their flexibility and reliability.

10. Pick a Good Vendor
When you’re buying a car, you don’t go to one dealership and buy the first car you see. The same method applies to choosing a backup and recovery vendor. Talk to many, make it clear what your customers want in a data protection system and ask to speak to existing or former customers.

And in the event you don’t even know where to start your vendor research, websites like CRN or trusted third-party sources — including analyst groups — are good places to start. Data loss can cost more than just the loss of information for your customers, so take the steps to ensure that business continuity is never in question.