Data Security and Protection Checklist for Small Business
In a world where malware, hacks, and data breaches are becoming more advanced and common it's more important than ever to protect your business' lifeblood - its data.
Luckily modern technology gives even the smallest of businesses access to enterprise-level data backup and disaster recovery services.
These tips and assessment checklist from Techvera CEO Reese Ormand will help you decide what services are best for your company and how to get started with a robust data security plan.
FIRST AND FOREMOST – ASSESS YOUR COMPANY'S IT SECURITY STATUS
This is essential to protecting your data, ensuring you are not in a data loss or recovery situation.
- Do you have subscription based antivirus software installed and monitored across your network – on all workstations, laptops, and servers?
- Is your company’s network protected by a firewall appliance? This is a device that is installed on the front end of your network, monitoring all incoming and outgoing traffic.
- Is your company’s data subject to industry compliance? If you are in the medical field, and you are storing PHI (protected health information), that data is subject to HIPAA compliance and needs to be secured properly. This means your backups, and any mobile devices such as laptops, must be encrypted.
KNOW AND UNDERSTAND YOUR CURRENT BACKUP STATUS
This is a very common issue for many businesses – no one has any idea what is going on in terms of backup. It is essential that you know the answers to the following questions, so that you can ensure your data is protected.
- Do you know if you are currently backing up your data? If so, are you backing up your server/shared files on the network? If you are saving files locally to your machine, are you backing that machine up as well?
- Many backup solutions out there now will send you a daily email, or report, to verify that your backups have completed and are up-to-date. Do you have these reports setup? If so, is someone monitoring these reports so that if there is a failure, there is an action plan in place to resolve the failed backup?
- This point cannot be stressed enough – taking a USB drive offsite with just a few files on it is not an adequate backup solution for a small business. This solution is prone to so many issues:
- Flash drives are prone to failure and often get lost. I’ve seen many clients who think they have their data backed up and current only to find out that the flash drive was corrupt, or that the last backup did not complete properly. Also, if you are subject to industry compliance such as HIPAA, you could be setting yourself up to pay enormous fines for HIPAA violations.
- This process requires a human to backup files manually every single day to ensure you have current data offsite. A real backup/disaster recovery solution entails an automated process – software that backs up your data on a set schedule – like once every 1 hour, 4 hours, or every night at 2 am.
- Are you currently backing up your data offsite? Are you paying an IT provider, or a backup solution provider (such as Carbonite, Crashplan, etc) a monthly fee to ensure that your data is being backed up offsite? This is extremely important. Many small businesses have antiquated backup solutions – running a program that is backing up their data, however it is only a local backup – no data is being backed up offsite. Local only backups were the norm in the past, however this does NOTHING for your company in terms of protecting your data from catastrophes such as fire, flood, theft, hardware failure, etc. A true backup/disaster recovery solution entails local backups, offsite backup, and a recovery plan.
HAVE A DISASTER RECOVERY PLAN IN PLACE, DOCUMENTED AND TESTED, BEFORE YOU FIND YOURSELF IN A DATA LOSS SITUATION
This is perhaps the most important and overlooked part of having adequate data protection. If no one is watching your system for failed backups, you could be in serious trouble.
Having an action plan and a someone (or an IT provider like Techvera) monitoring this solution is essential to ensuring your backups are running, current, and your data recoverable.
Simulate a disaster to test readiness. At Techvera, we simulate disaster recovery with our clients annually. Simulating a mock disaster recovery is often overlooked.
What is the SOP for local hardware failure? Or data loss due to malware? What is the plan to recover data during a site-loss situation?
Your company’s IT department, or your IT provider should have the answers to all these questions. Be sure to establish your company’s estimated TTR (time to recover) with your IT support provider based on your current backup solution. This allows expectations to be managed on both ends, which can be very important during a stressful situation.
What is your company’s tolerance for downtime? The answer to this question will dictate the level of backup/disaster recovery your company needs.
Here in North Texas, we are always concerned about weather related outages – tornadoes, floods, etc. During our discovery process we often ask our clients to define what they deem as an acceptable level of downtime. “If your office was wiped off the face of the earth during a tornado, how long can you survive being down? Two hours? 12 hours? 2 days?” The answer to this question will determine how robust of solution your office will need to protect your data and minimize downtime.