It was the week before Christmas and one of my longtime friends called our consulting firm asking for assistance. Their IT staff overwrote the configuration on the RAID array wiping out all of the company’s data. To make matters worse, they had never tested the backup tapes and when they pulled them in to recover the files, most of the tapes were empty. 4 days and 60 hours later, we were able to get them back up and functioning – though with significant data loss.
Unfortunately, this wasn’t the only time I ran into this problem when I was consulting. A number of small to medium size businesses either did not have a good backup strategy in place, or the one they had failed them. Don’t be part of the statistics about data loss – create a strategy to have your small business data backed up. In this tutorial, you will learn 7 steps to securing your company’s data and backing up the important files in case disaster strikes you.
7 Steps to Securing Your Company’s Data
1. Determine What Needs Backed Up
The first step in creating a well executed backup strategy is to determine what actually needs to be backed up. You may think this is an easy step, but if you have employees, you’ll be amazed to find out how they store data. In a small business network, it isn’t uncommon to find data in:
- File server. If you have a file server and it is backed up, you hope your employees save their files here. Frequently though, machines aren’t configured properly, people aren’t well educated, the file server runs out of space and no one will pony up the cash to expand it, or other things happen and you end up with files all over the place.
- Local hard drives. Generally, I believe people are pretty optimistic about their chances when it comes to a hard drive crash or laptop getting stolen – they just don’t believe it will happen to them. If you investigate, you’ll be amazed at how much company data is being stored locally on employee’s local computers. If you’re using Windows, you can force My Documents to use the file server, but many individuals will still find ways to save documents to their desktop, or a local folder on the local hard drive.
- Local USB hard drives. I’ve worked with a number of companies who run out of disk space and then are unwilling to spend money to expand network storage. Data always grows, so employees find unique work arounds. One of the most devastating is the local USB hard drive. It holds a lot of data, is mobile, and is prone to crashing. If you walk around the office and see a lot of local USB hard drives, you need to rethink your network storage policies.
- USB Thumb Drives. USB thumb drives come in so many shapes and sizes, there are many you don’t even know are drives – pens, watches, and other items become storage devices quickly. Though the hold data fairly well, they are prone to getting lost.
- CDs/DVDs. Some employees will copy old files to CD or DVD intending to archive them. Unfortunately, the shelf life for a DVD is only counted in years, so the long term viability of CDs and DVDs as backup material is not good. I worked with one firm which had this as their archiving strategy – they were very limited in network disk space, so older files were copied to DVD and the IT staff was constantly restoring files as new projects required old files.
- Laptops. Laptops deserve special consideration because they have a tendency to get lost or stolen which could cost your company more than just your own lost data – you could lose customer data. This could be very damaging to a small business and backing up, and also securing your laptops should be a consideration as you examine data backup options.
The best way to discover where all of the data is stored is through hands-on examination and interviewing. Speak to each employee about where they store the data, then confirm through checks of their workstation and office area.
2. What Happens in Case of Disaster?
Many firms don’t know how to answer this question. If you haven’t taken the time to develop a disaster recovery plan, you should make it a New Year’s resolution and create one right now. A disaster recovery plan outlines the steps required in case a disaster strikes. As you’re developing your plan, you’ll find weaknesses in your current infrastructure, here’s a few examples:
- Data is only locally hosted. What happens if the building burns down?
- Backup tapes aren’t moved off-site on a regular basis.
- Laptops aren’t secured and a lost one could mean loss of all company data.
- Everyone’s a network administrator – your network security policies are too lax and people have too much ability to cause damage.
- Your antivirus software isn’t being updated on a regular basis.
These aren’t just made up items – I’ve seen dozens of companies with these – and many other – problems that get discovered during a review of disaster recovery procedures.
NIST, a federal government agency, has create a contingency planning template you can download and use to define your disaster recovery plan.