Seventy per cent of businesses which suffer a major data loss are out of business within 18 months. Trojans, worms and other viruses pose massive risks and spyware can slow or crash systems. Most problems come from authorised users who inadvertently put systems at risk, or from disaffected employees or partners who screw up more businesses than hackers ever do. Denial of service attacks (which stop authorised website users getting access) and theft of sensitive data such as price lists are also on the rise. Computers are also vulnerable to fire, theft, flooding, power cuts and technical malfunctions.
Your business could lose money, market share, image, status, security and a whole lot more if you do not secure your systems and back-ups. Whether damage is malicious or accidental even the loss of even small amounts of data can be prohibitively expensive. It can take almost three weeks to retrieve and re-enter just 20 megabytes worth data at a cost of around £4,000 a week. And it is not just replacement costs – some data, such as payroll and personnel files are fiendishly difficult to replace and loss of customer databases can devastate sales. back-ups allow you to continue trading even when computer data is lost.
Using a back up company
Back-up companies can be inexpensive to use and take the pressure off, but standards vary so shop around, get recommendations and check credentials. Take advantage of free trials – especially those that do not ask for your credit details or expect you to be proactive in cancelling the trial. Ensure the trial is long enough for you to make an informed decision and don’t be pressurized into signing up (see article on what to expect from a back up company for the best questions to ask).
Advantages of using an outside source to back up your data include:
- no lost productivity in case of data loss – as client files, project data and sales records can be recovered within minutes
- reassurance that your professional reputation will not be damaged by accidental loss of client data
- reduced professional liability insurance fees because of the additional protection in place and the reduced risk of litigation
- peace of mind. Knowing your data is always backed up and recoverable in a fast, secure and hassle-free way takes at least one pressure away from starting a new business
- don’t need expensive back up software or tapes
- don’t need to timetable a daily back-up schedule
- no storage considerations
- can be very cost effective.
Do it yourself back up
Some small businesses back up on CDs or ZIP drives as a matter of course and don’t feel the need for outside back-up. If you are organized it can work, but many initial good intentions fall by the wayside when a business takes off. If you decide to do it yourself, you must be systematic. Make sure you protect your computer with the ‘SAFE’ checklist.
S = spyware. You should run an anti spyware programme
A = anti-virus protection
F = firewall
E = ensure your operating system is updated.
In addition to the above make sure you strictly enforce a systematic, regular back-up routine (every single day) as part of your IT security policy. Ideally you should:
- give one other person the main responsibility for back-ups and designate a second to cover for absence (if you are not doing it yourself). Staff involved must be trained and secure in their knowledge, and you must trust them completely to do the job
- use a different tape or disk to back-up each day of the week and have a schedule for rotating them
- keep back-ups secure – ideally off site in a bank box or fire/flood proof facility
- train staff in business continuity methods in case of disaster recovery. Staff who regularly use and process data must be aware of data security and protection principles and what actions may infringe security or confidentiality and put your business at risk (see article on complying with data protection legislation)
- if procedures do fail you and your staff need to know what to do. Talk it through and put a simple system in place which will allow work to be done manually
- install firewalls and anti-virus software to detect viruses
- consider subscribing to a hosted anti-virus solution to save you the time and effort of installing updated and software.
Security controls
Whether you decide to back-up yourself or use an outside company you will still need an acceptable use policy for staff (include details on blogging, the use of instant messaging, webmail and community sites such as Facebook) and refer to it in staff handbooks and employment contracts.
You will also need security controls including user name and password combinations (which should be changed regularly) and may decide to restrict control for certain individuals (network restrictions, application controls, restrictions on what can be copied and stored on memory sticks CDs etc, limits on certain types of email attachments). You may wish to use an encryption technique to scramble data and consider firewalls to filter information, or intrusion detection. Anti-virus software or Heuristic software can trap viruses both entering and leaving your IP systems, and run virus checks to trap viruses that get through. But no matter what protection you use, your systems can still become infected and you need regular back-ups and software to cope.
Your chances of surviving a computer disaster are only around 30% without a comprehensive back-up system in place. Even with a robust back-up system in place it is essential to train all staff in IT security essentials to lower risk of loss and damage to data and systems.
