bizEDGE NZ - How to protect your data

Warning: This story was published more than a year ago.

How to protect your data

Studies show small and midsized businesses aren't doing much to protect themselves from data loss. In a recent article, Gartner reported, "SMB management is not typically focused on what might be viewed as 'hypothetical' disaster scenarios."

Smaller businesses face the same risks as larger enterprises if they lose access to their data or worse still, lose the data altogether. Today's competitive environment means if customers can't get served because the business can't access its data, they'll go elsewhere and chances are they won't be back.

Small and midsize businesses often don't have the staff or budget for acceptable disaster recovery and there is often no recovery plan, no recovery site, or the recovery site is not far enough away to protect the primary site in case of a natural disaster. SMBs typically have their critical data all on one server. If the server goes down, most offices have to get that server running and fully restored right away, or face costly consequences.

Small Business Server may not be enough

Microsoft Windows Small Business Server (SBS) has many of the features used by large companies – email, internet connection, websites, remote access, support for mobile devices, file and printer sharing, backup and restore. SBS also provides a native utility for performing basic periodic backup. However, relying on native backup to cover all of the bases in an emergency or disaster may leave a business vulnerable to potentially crippling gaps in protection. Tape and disk-based backup can only restore data to the point of the last good backup, which was most likely the night before; any data created since the last good backup will be lost. If the most recent backup was incomplete or corrupted, then you're forced to use the next most recent backup and lose even more data. Backup recovery time can also be too slow, as the data must be restored from the proprietary backup medium to disk before it can be utilised.

Do you have a recovery plan?

In New Zealand, SMBs account for 97% of the country’s business activity. Yet, small to medium businesses are the most vulnerable in the event of an emergency because most have not taken the necessary steps to prepare. A recent survey of more than 200 IT decision-makers in SMEs, conducted by Maclean Computing, the New Zealand Employers and Manufacturers’ Association (EMA) and Symantec, revealed that 49% of New Zealand respondents have no documented IT process of how to recover from an IT outage. Getting back to work after a disaster depends on how well you prepare today.

Some questions small businesses should ask themselves are:

  • Are we prepared to relocate temporarily?

  • Do we have copies of, and access to, vital business records? (Backup data should be stored at an offsite location at least 50km away from the main site.)

  • Do we have access to vital business applications? (emergency payroll, accounting, access to suppliers and resources)

  • How much data would we lose in a disaster between backups?

  • How quickly can we recover from a disaster?

  • How long would we be without a connection to our customers? 

What can a small or midsize business do to minimise the potentially crippling impact of lost data and

downtime? The following six tips can help SMBs more effectively protect their critical data and recover faster from downtime.




Tip One – Designing a plan


Put one person in the company in charge of data protection: documenting the processes, investigating the options, and directing testing and training. That person should form a group to determine what the most critical information to the business is. This small group should include those whose input will ensure that the most critical business information is protected. In a small business, this may be just the owner or the executive staff. In a midsize business, a manager from each function is probably most appropriate. The data protection owner should identify any relevant regulations that affect the company's data protection priorities. Next, the group should define the critical applications where an inability to access key information can quickly start to cost you money, such as your e-commerce site, customer database or email system. By focusing on protecting just one or two critical applications, your data protection goals will be more attainable.

Tip Two – Put your data elsewhere


It is extremely important to get your data out of the building and out of harm's way. The ideal offsite location is distant geographically so it remains unaffected by large-scale disasters, such as earthquakes and hurricanes. Consider what the most likely threats are to your place of business. Is it local power outages? How far away would you need to store the data to be on a different power grid? Is it earthquakes or hurricanes? Keep the backup data in another province. Is it most likely to be server failures? Think about what could be done for more rapid recovery of the production machine. Think creatively about how you can cost-effectively back up the data remotely. For example, if your office is in Auckland City and your IT administrator lives on the North Shore, you might be able to set up a
backup server in their home that is connected to the main server by DSL or cable.

Tip Three – Calculate the costs of downtime


To drive the message home to everyone in the business, you may need to estimate the downtime costs for employees, suppliers and customers if they can't access critical information. Factors to consider include the likely cost per incident, the length of the outage, the hourly bill for wages you'll still have to pay while your system is down, and the amount of revenue you'll lose in the same period. Next, calculate how quickly you'll need to have an application restored, and how much data you can afford to lose since the last backup. Can you get away without that data for a few minutes, half an hour or a couple of hours?

You can set a data protection plan and budget once everyone has agreed on the cost of downtime and the recovery goals.

Tip Four – Choose the right technology


Traditional backup technology may not be good enough because of the risk of failure and the amount of time it'll take to get your data back.

Tape is cheap and generally reliable, but it may let you down when disaster strikes and you need to recover your data quickly from a remote location. Asynchronous software-based replication may be the quickest and most cost-effective solution for smaller businesses.

Tip Five – Make self-restoration easy

Microsoft's Windows Storage Server 2003 can take regular 'snapshots' of the data on a server. Should a user delete or make unwanted permanent changes to a document, they can simply select the file from any snapshot by right- clicking on the file, selecting 'Properties', viewing all the versions of the file and selecting the one they want.

Tip Six – Test your backup & restore procedure


Once you've drawn up your recovery plan and everyone concerned has approved it, you should put it to the test. Be sure you know how to access your backup data, and that you've actually got quick access to the crucial components. Practise the procedure to restore the server if it fails, and have a plan ready to shift yuour base of operations completely if, for example, the office is flooded or burns down. Run a dummy disaster exercise at least once a year, and don't forget to update your strategy if major changes occur in the business.

For more about disaster recovery, see the cover feature in the September issue of Start-Up, on sale now.

Are you keen to hear from an expert in this field?

Follow Us


next-story-thumb Scroll down to read: