No one wants to get caught off guard when disaster strikes. And disasters are kind of inevitable, typically when you least expect them. Forewarned is forearmed. Here are five data storage disasters just waiting to happen to small and medium sized businesses (SMBs). We also offer some practical advice for how to avoid them.
Five Data Disasters SMBs Need to Avoid
1. Not Knowing Where Your Data Is.
Data scatter is a big problem even in small organizations. Some data may be stored in the cloud, some may be on local machines, some may be on servers. Two-thirds of all corporate data exists outside the traditional data center. Make sure you know where your data is and how to protect it.
Conduct a data assessment to find out where your data lives. That includes customer records, financial and compliance data, application and server software, and anything else necessary to keep your doors open. Know how data is used. Identify high priority and high value data to your organization.
Also understand that not everything is necessary to keep on hand. Having redundancy and systems in place to retrieve every single bit of data is costly. Be wary of implementation issues that can create headaches, like time to restore. Separate out what’s absolutely necessary from that which would be nice to have, and that which is redundant and rebuildable.
2. Not Protecting Against Malware.
Data breaches caused by malware infestations—especially ransomware—are on the rise. Ransomware encrypts an infected computer’s hard drive, locking you out. Unless you pay up using a cryptocurrency like Bitcoin, you’re locked out of your data with no way to restore it (with a backup).
Some organizations have paid hackers tens of thousands of dollars to unlock systems that have been taken down by ransomware. Even we at Backblaze have been affected by ransomware (having a recent backup got us out of that pickle). Even plain old malware which hijacks web browser search fields or injects advertisements causes problems that cost you time and money to fix.
Sure, you can disinfect individually affected machines, but when it happens to an entire organization it can be crippling. What’s more, any way you slice it, it wastes employee productivity, time, and resources.
Use a multi-point strategy to combat malware that combines user education with best security practices. Help users discriminate between legitimate inbound emails and phishing attempts, for example. Make them wary of connecting Wi-Fi enabled devices on unsecured networks (or disable that capability altogether). Force periodic password changes. Use mobile device management tools to update remote machines and disable them if they’re stolen or lost.
Installing good anti-malware software is crucial, but endpoint security on user computers shouldn’t be the only proactive defense. If you take care of more than a handful of computers, save time and resources by using apps that centralize anti-malware software updates and malware definition file distribution.
Besides users, servers also need to be protected from malware. Also, update network gear with firmware updates to help maintain security. Make sure that passwords on those devices are changed periodically, as well.
3. Not Having a Disaster Recovery Plan.
As we said at the outset, forewarned is forearmed. Create a written disaster recovery plan (stored safely if you need to retrieve it) that covers all possible contingencies. Think through the threats your business faces: human error, malfeasance, natural disasters, theft, fire, and device or component failure may be some of the things you should be thinking about.
Once you’ve assessed the threats, try to evaluate the actual risks. Being attacked by an angry grizzly bear is certainly a threat, but unless you’re in the Kodiak wilderness, it’s not a plausible risk. Conversely, if your business is located on a floodplain, it might be good to have a contingency in place for the next time the river nearby crests its banks.
Is your IT disaster recovery plan focused just specifically on one part of your business operations, like your server room or data center? What’s your plan for the laptop and desktop computers, handheld devices and other gear used by your employees? Do you have system images in place to quickly restore computers? Can you run some systems as virtual machines in a pinch?
Once you have plans in place, the important thing is to test them periodically. It’ll help you work out implementation problems beforehand, so when disaster strikes, your organization can still move like a well-oiled machine.
4. Not Using Encryption.
Data theft is such a pernicious problem these days, you need to use every safeguard you can manage to protect the integrity of your data and its safety.
Someone could hack into your systems and steal information, or a careless employee can leave an unguarded laptop on the table at Starbucks. Any time your data is exposed or could be exposed to outside threats, there should be some inherent safeguard to protect it. Encryption can help.
macOS, Windows, and modern Linux distributions support full-disk encryption. It’s FileVault on the Mac, and BitLocker in Windows. Traveling executives, salespeople with laptops, field technicians, or anyone else who takes sensitive data off-site are good encryption candidates. Anyone in-house who handles customer records or sensitive business intelligence should also use encryption wherever practical. Make sure that you keep a (secure) record of the encryption keys needed to decrypt any protected systems to avoid data recovery problems down the road.
Encrypting endpoint data is important, but so is encrypting data in transit. If you’re regularly backing up to the cloud or using online file sync services, make sure they support encryption to protect your data (all Backblaze products support encryption).
5. Not Having a Recent Backup.
Having a good backup strategy in place is crucial to being able to keep your business running. Develop a backup strategy that protects all of your critical data, and automates it as much as possible to run on a schedule.
The 3-2-1 backup strategy is a good place to start: Three copies of data—live, backup, and off-site. User systems with important data should be backed up, as should servers and any other computers needed to run the business. One backup should be stored locally for easy recovery, and one copy of the backup should be stored off-site. This is where a cloud service (like Backblaze Business Backup, or for server and NAS systems, Backblaze B2 Cloud Storage) can really come in handy. Just make sure to observe safe data handling procedures (like encryption, as mentioned above) to keep everything in your control.
This is a good starting point for a discussion within your organization about how to protect yourselves from data loss. If you have questions or comments, please let us know!