Is Your Business Safe? 4 Steps to Secure Your Business Data

I was recently in a meeting of business owners and the person sitting next to me admitted that his business had been severely affected by a loss of data, which took months to rebuild.

What had happened? Burglars had removed all electronic equipment from his office including the server that backed up all of his other machines. Unfortunately a second copy of the most recent backup was not safely offsite in a protected storage location – and it was taken too!

In this day of IT maturity with all of the “built in” safeguards it is still common to come across businesses that have experienced a serious data loss or security breach. Recently this situation even extended to web applications where a major provider of cloud computing did not have backups that were sufficient to recover lost data.

What is the answer to this business critical issue? I suggest the following 4 steps that every business (and its CEO) adopts in order to insure that in the event of a disaster – burglars, tornado, tsunami, intrusion, and vendor failure – that the business is able to restore operations due to taking adequate measures to protect its business data.

1. Exercise the Backup Plan
I rarely come across a business that does not have some type of back up plan – on paper – for its core data (computers and servers connect to the business network) where either full or incremental backups are performed on a regular basis. However, when asked as to what disaster scenarios the plan will handle or has been tested to I get a shrug of the shoulders and a comment that they are confident the back up plan will work. 

Like anything else – your golf swing, playing an instrument, sailing a boat – you need to practice and try different conditions to make sure your skill will perform properly in various situations. Your backup plan should also be exercised which means doing it in a planned and, on occasion, at an unexpected /unplanned time. True this will cost money but add up what it costs to not have customer history or pending orders and having to ask your customer in order to learn what you committed to them.

Unless you submit your plan to stress you will not how reliable it is until it is too late – and the data is gone! Businesses have become complex and unfortunately those things that do not occur frequently receive less and less attention.

People can also take the process for granted and not examine it to see if it has been adjusted to accommodate recent changes in the IT/system environment and to determine if staffing schedules always result in having a trained person in backup operations onsite.

I recall one company that was very diligent in doing their backup but never tried it. They had a situation where they had to go to the backup and found it was completely empty. The backup process had been producing blank backups from the beginning. This was a soft warning for them and they then instituted a monthly test of their data tapes to make sure they had the data that they expected.

2. Store Your Backup Data Off Site in a Secure Location
It used to be that all you had to worry about was to make sure the back up was not located at your business site. Typical locations were the owner’s car, home, safety deposit box, etc. In today’s connected world it is possible to do it over the Internet or private corporate network.

Removing the data from the primary business location is the first step but the second is to make sure that it is in a location that is also safe and secure. Corporations such as those in the cell phone industry have significant resources committed to just handling the backup of call and account records so that in the event of a major interruption of computer service in the primary location that backup location (possibly 1,000 miles or more away) is available to support the recovery of the business system at an alternate location.

Your backup strategy may not require this sophistication but the location should be geographically separate from you so that if your area experiences a catastrophe the backup site is far enough away it would still be operational. How many businesses in Japan affected by the tsunami had their data stored “safely” at a location across town that was also taken out by the disaster.

3. Make Sure you have Backed up Everything you Need
When you think about backing up your business data you first think of customer data. The list of what you need to have backed up is often far greater than that if you have to completely restore your business environment.

Backing up customer data certainly protects an important part of your business but you must also make sure all of the proprietary data infrastructure that will be difficult to recreate in a short time is also backed up.

If your “catastrophe” is large enough and you have to rebuild a complete IT environment then you will want all of the technical libraries of scripts and application development data that is need to support your business environment.

In addition, make sure that your environment is protected from intrusion to avoid not only data loss but data corruption which is more insidious since you will not know it is bad until you access it. Make sure you have good firewalls in your network connections and regularly use Security Audits (preferably by outside third party security firms) to make sure that your IT security has not been breached.

4. Backup Distributed Data
In today’s world of high performance low cost computing platforms it is often difficult to get your hands on where your data is. Despite the sophistication of integrated enterprise systems – even for small businesses – many professionals and departments establish islands of automation that include spreadsheets, word documents, contact lists, and small database systems that contain important information about your business. This data also needs to be addressed by your backup plan to make sure that regular backup processes protect it.

Establishing a policy where all departments PC’s (desktop and laptops) are backed up to the central servers on a regular basis or when they are connected (locally or remotely) to reduce the loss of data due to theft, damage, or disaster.

Summary
As the senior decision maker you face big decisions and crises that need solving every day and the last thing you want to worry about is a backup plan. However, as the owner or CEO, you have a responsibility to protect the assets of the company – no matter how big or how small. Take the time to examine your IT plan for back up and understand how often it is exercised and stressed (for a variety of disaster scenarios).

This is so important I would advise you to engage a third party to audit what you are now doing to see if it is sufficient to meet your business needs. The last thing you want to have to explain to your board, your employees, or worse, your wife, is that the backup plan did not work.

Leave a Reply