Protecting your small business from data loss from cyberattacks, accidental file deletion, and other online threats requires a comprehensive continuity plan. Those not backing data properly will learn the hard way that recovering it after an event can be a lot more difficult and expensive. Small business owners need to consider how often they back up their data, where and how are the backups stored, necessary recovery methods, and best practices for records retention. Use the following best practices for small business backup to ensure that your data is adequately protected and quickly recoverable during a disaster.
- BCP Plans: The most significant best practice for data backup is developing a detailed business continuity plan (BCP) or disaster recovery plan (DRP). Although businesses without a disaster recovery plan are far less likely to survive a disaster, FEMA reports that 20% of SMBs still don’t have one.
- Strive for business continuity: Simply replicating data to an external drive or a cloud folder, such as cloud-based file-sharing applications like Google Backup & Sync, is not a reliable plan for business backup. Look for solutions that offer continuity of the entire business after a disaster – meaning that applications, and the operating systems they run on, must be protected as well. Business continuity and disaster recovery solutions (BC/DR) are designed to provide more comprehensive recovery options to ensure critical operations continue with minimal interruption.
- Back up data often: The more often data is backed up, the less can be lost in between recovery points. Some automatic applications can create backups as often as every 5 minutes, even though that is not necessary for most businesses. As a general rule, exchange servers may need hourly backups, terminal servers daily backups, and auxiliary domain controllers, several backups each week. Some industries, specifically financial services, and healthcare, may need to perform data backups more frequently to meet compliance and regulatory requirements.
- Remote storage usage: On-site backups are still the best for rapid backups, but if the on-premise infrastructure is destroyed, additional off-site backup is required. Remote backup storage is vital for business continuity. All companies should keep copies of their backups at a secondary location, such as in a private cloud/data center, public cloud, or a secondary business location. Today’s most effective SMB solutions provide hybrid backup protection, meaning some backups are kept on-site and some in the cloud.
- Backups should block inbound Internet access: While a backup server will need to be able to transmit data to the cloud, any inbound communication should be forbidden in order to protect against cyberattacks. The device should be deployed in a secure LAN environment and the only outbound communications allowed should be the ones required for the device to perform and transmit the cloud backups.
- Keep backups separate from the network: Backups must be protected against ransomware and other threats, which will attempt to affect every device possible – including backup devices if left unprotected. Ensure backups are not connected all the time to the networks and computers they are backing up. In a ransomware attack, backups will usually be the only remaining resource to retrieve data.
- Encrypt backups: If, despite best efforts, backups somehow end up in nefarious hands, companies want to ensure that the data is inaccessible to them. This is critical for every industry, but it’s especially critical for industry sectors like healthcare, where HIPAA regulations mandate added security measures to protect sensitive patient data.
These are just the beginning steps in strategizing a business continuity plan for your small business. If you are ready to take the next steps to ensure your company’s protection in the event of a disaster, call Alliance IT today for more information.