Data Security Best Practices

Small businesses may think the cost of protecting data is high, but doing nothing can be far more expensive.

Continue Reading Below

No matter the size or scope of the business, everyone is reliant on data to get the job done. That is why every business –big or small-- needs a data-security-best-practices plan. If your company’s data is lost, the cost to recover or recreate it can be insurmountable for small operations.

“It doesn’t really cost a lot” for companies to protect their data, says David Zimmerman, chief executive of LC Technology International. “It could be thousands of dollars to recover the data if the recovery is successful at all.”

Small businesses owners have seen enough news about data breaches to know they need to keep sensitive information secure from hackers. But many don’t take time to put IT security best practices in place, and fail to protect their data from a hard drive crash or computer meltdown. If the data isn’t backed up it can take days or even weeks to be up and running, which could mean the demise of many small businesses.  That’s why experts say you need a good data protection plan in place that combines both on-site and off-site backups.

One way to do that, says Nick Pegley, vice president of marketing at All Covered IT Services from Konica Minolta, is to back up your data locally on a server dedicated to storage and also back it up on the cloud so there’s essentially a backup of the backup. Cloud backup services can be cheap, costing $10 or less a month per user, say experts.

“This can allow simple recoveries as well as providing a way to keep the business running even if the local infrastructure is completely lost, by accessing the cloud backups,” says Pegley. “In fact, moving all of the company’s data storage to cloud as the primary location can make all of this a lot easier, as the files will already be housed in secure data centers.”

If you’re small business can’t afford a server than Zimmerman says copying to a flash drive is another option for the local backup part of the plan. Either way you go, you want to make sure you are backing up on a regular basis. “Be prepared to back up your data at least weekly on your network and use cloud storage,” says Zimmerman. “Even create three or four different accounts” in the cloud.  What’s more, Zimmerman says you should be archiving regularly by putting data on flash drives so it can be accessed anywhere at any time in the event of a crisis.

These days it’s not enough to back up your data on a tape drive or cloud. Small business owners have to think about testing the safeguards they have in place. According to Chuck Fried, president and chief executive of TxMQ, an IT services company, large companies test their backup systems on an annual or semiannual basis to make sure they can get their data back in the predetermined amount of time. Unfortunately small business owners barely back up their data let alone test their safeguards once a year.

“A lot of folks do various backups, but they never take the time to put together a disaster recovery plan,” says Fried.

A disaster recovery plan or DR is basically a trial run of a full outage and recovery of the data. While it may be a requirement for large businesses that have to answer to regulators, auditors and Wall Street -- for small businesses it should be considered a data security best practice. By doing a test you can not only determine if your plan is working, but also determine if you are spending too much or too little to make sure the data is protected.

“If you lose a dollar every minute you are down and it costs $2 per minute to improve the backup it doesn’t make sense,” says Fried. “If you lose a dollar and it costs 50 cents the improvement does makes sense.”

The cost benefit analysis should also take into the account the impact the outage will have on your business. For instance, if being down for 24 hours mean customers are likely to cancel their service or go to a competitor, than you have to make sure the systems can be recovered in a shorter time period. But if an outage of 24 to 48 hours means you’ll have to work around the clock a few nights to get everything done, then it may not be necessary to pay for super quick recovery plan. You have to figure out the “point of diminishing return,” says Fried.