Data is one of today’s most valuable commodities, yet [21% of small and medium-sized businesses (SMBs)](https://www.helpnetsecurity.com/2020/03/31/data-backup/) still don’t have a backup or disaster recovery plan. Needless to say, there are many ways you can lose data – and end up with a host of troubles to boot. That's why every business has to come up with a smart solution that meets its needs.
Whether caused by a hard drive crash on a company laptop or because an unencrypted phone gets stolen, data loss almost always comes at a cost. When malware or phishing appear on the stage, the cost often gets steeper because these frequently steal, encrypt or delete valuable work and information.
According to Help Net Security, 42% of companies experienced a data loss event in 2019 that caused business downtime. While nearly 90% of businesses were backing up data on the IT infrastructure they were responsible for protecting, only 41% did it daily – meaning that many might not be ready for unplanned outages.
These outages are something to avoid. While the cost of downtime may vary from business to business, an hour of inactivity can cost small and medium businesses thousands to tens of thousands of dollars.
Backing up data seems obvious today, but many companies still underestimate it. Often, they look for a way to back up data with the least possible time investment and financial burden. The truth is that there’s no one-size-fits-all solution because every business is a little different. But there are a few basic rules that will help you stay out of trouble.
1) Decide which business data is critical to you
Losing even just a few business-critical files can be a big deal. Imagine that all of a sudden you don’t have access to customer data or that your order data is compromised or deleted by mistake. How long would these events prevent you from continuing with your business operations?
Therefore, the very first step is to identify which data is critical to your business and needs to be backed up. Also, ask yourself if you need a long-term archive. If you are a small creative agency doing marketing campaigns and you lose some photos from a two-year-old event with no people in them, it will likely cost you less than losing photos from an active campaign using paid models. CEOs and IT admins should always think this through and try to prioritize the most valuable files or use image-based backups to protect an entire system. Also, your backup solutions must comply with the rules set by the CCPA or the GDPR.
2) Think about how often you need to back up your data, and check it regularly
Did you know that some solutions for SMBs can perform backups every five minutes? You may be thinking now that you are not likely to even create so much data in such a short time. Employees often don’t realize how much data they generate per day as part of their work activities. So it’s up to IT admins to evaluate how often different types of data need to be backed up.
How should you do that? It depends on how often the data changes. Let’s say you need to create backups from Exchange servers used to send emails and share resources. These are often used throughout the organization and experience constant data changes. It is therefore a good idea to back them up every hour. In some other cases, when data change doesn’t happen so often, it may be sufficient to back them up only a few times a week. It also depends on how much data you can afford to lose.
3) Do the 3-2-1 rule right
Even one disgruntled employee exacting revenge could wash all your data away. There’s a rule that aims to reduce this risk: having one backup isn’t enough, especially when stored on the same premises as the primary data and on the same type of media. Data replicated according to this rule prevents a situation in which multiple systems are compromised at once and in one place.
To follow this rule, create three copies of each piece of data you want to protect. Then store these copies on at least two types of storage media. If you keep your primary data on an internal hard drive, store your backup copies a different way. Use an external hard drive, a NAS device or the cloud.
The final copy should be stored off-site or in the cloud to protect you from a local (only) disaster. While storing one backup copy off-site strengthens your data security, having another backup copy on-site lets you conduct a faster and simpler recovery in case of failure.
4) Use cloud backup storage wisely
This method is becoming more and more important due to the ongoing rise of remote work. It allows users to send a copy of a file or database to a secondary, off-site location for preservation, such as a cloud server or data storage system hosted by a third-party provider. The provider then charges the company a fee in exchange for the storage of data.
Cloud storage can help remote workers be productive via the use of a secure and accessible platform to host files, individual assignments and shared work projects. At a time when many employees are working remotely, having greater control over the online work environment is another advantage of cloud services. This approach can also ease your business operations because files in the cloud can be accessed from anywhere with an internet connection. On the other hand, some cloud services can be vulnerable to data loss via hacking or employee sabotage if they are not well secured.
Read more on cloud backup solutions, and learn how to safeguard your data with reliable backup and recovery.
5) Create your own data recovery plan, and think of business continuity
Creating such a plan should be the result of everything you have read above. The word disaster can stand for pretty much everything – power outages, data storage corruption, distributed denial-of-service (DDoS) attacks or anything else that disrupts IT workflows. The goal of this plan is to be able to overcome a data disaster and restore normal operations quickly.
Think of recovery point objectives (RPO) that tell you how much data you can afford to lose and the corresponding frequency of making backups. Then define your recovery time objectives (RTO) – an estimate of how long it will take for normal operations to resume following a disastrous event. Choose a well-protected secondary off-site backup of your most important data, and assign roles and responsibilities in an accountability chart so that everyone will know what to do in case of a disaster.
Last but not least, think of business continuity. Business continuity planning is primarily focused on keeping operations running despite interruptions, which should lead you to devise plans that will enable you to continue working while recovering from a data incident.