Data Protection: A Vital Part of Business Protection

Information and information technology (IT) are the lifeblood of most businesses and must be included in any business continuity plan. Failing to take the necessary steps to protect data and data equipment from weather and other causes of loss leaves your business vulnerable. Take time now to review systems you have in place to protect your data and the equipment your employees use to create, receive, transmit and store information.

Even though most businesses cannot operate without vital records and critical information, much of which is created and recorded electronically, many business owners may not know where this information is digitally located and stored. Some businesses also may have important current and historical documents that are only available in paper form. Without proper planning, these vital records may be damaged or lost in the event a weather event or other disaster strikes. All too often, the loss of critical data and information brings commerce activity to a standstill and ultimately can cause the business to fail. This reinforces the need to have systems in place to protect and retrieve your data as part of your business continuity plan.

THE NEED FOR PLANNING

Many situations can wreak havoc on IT systems, often resulting in time consuming and difficult attempts to re-create the stored information. Even if the inability to access data is temporary, it could reduce your competitive edge, damage your reputation and result in the loss of new and existing customers.

WHY YOUR SYSTEM IS AT RISK

Your business continuity plan should include steps to protect and/or back up all aspects of the IT system, including hardware, software, data and connectivity. Different hazards may target different parts of an IT system; it is important to consider everything from a brief power interruption to the physical destruction of the facility.

HELPFUL DEFINITIONS

Hardware: peripheral devices such as monitors, printers, scanners, external hard drives, and keyboards.

Software: programs that enable applications to run or operate on your computer systems.

Data: information stored and saved on your computer such as files, folders, and multimedia.

Connectivity: movement of data from one source to another including wireless computing, network or cable lines and modems.

POWER DISRUPTIONS

The interruption of the power supply can take on many forms: surges, spikes, brownouts and blackouts. The briefest and most common disturbances such as power or voltage surges are virtually inevitable and can be damaging. While often lasting only a millisecond, these surges can raise the voltage in electronic circuits from a few hundred to as much as several thousand volts, potentially damaging sensitive IT and other electronic equipment. For information about the use and maintenance of surge protectors, see IBHS’ article on protecting commercial properties from power surges at http://disastersafety.org/commercial_maintenance/ protecting-commercial-properties-from-power-surges.

Back-up power plays a critical role in the protection of IT systems. In the short-term, and as a complement to a surge protector, an uninterruptible power supply (UPS) provides near-instantaneous protection from power interruptions for a relatively short period. The typical period of 10-20 minutes is enough time to properly shut down protected equipment or bring an auxiliary power source online. This will provide a bridge to save data and issue shutdown commands to the operating system until power resumes normally or a secondary power source is provided.

Over the long-term, an emergency power generator allows for the operation of some or all electronic equipment and lights and can greatly reduce business disruption when normal power is interrupted. The use of a generator poses certain risks that must be addressed for safe operation, including fire, damage to electrical equipment and even injury or death to people operating the generator or in the building where it is being used. For information on the safe operation and maintenance of generators, see the IBHS article at http://disastersafety.org/ commercial_maintenance/commercial-generators.

If you are aware of an upcoming power disruption, make time to turn off and unplug computer hardware and other sensitive electrical equipment in advance to avoid the risk of serious damage due to power fluctuations.

BOUNDLESS INTERNET CONNECTIVITY CHOICES

Large businesses no longer have a monopoly on the best Internet connection solutions. There is a variety of options available and connections that are capable of keeping up with everyday tasks. However, choosing the right solution means evaluating the needs of your business:

  • How critical is connectivity?
  • Is it important to have connectivity that is always online?
  • Do you have Web hosting requirements?
  • Do you send and receive large files?
  • How much security do you need?

Once you determine basic usage criteria, choosing a dependable connection service will help you grow and adapt to your business needs. Evaluate and consider all of the Internet service options available in your area and what is most affordable.

HELPFUL DEFINITIONS

ISDN (integrated services digital network): runs over digital telephone lines or normal telephone wires

DSL (digital subscriber line): runs over a business phone line and connects to your computer network using a modem or router

Cable: same as DSL but runs over a coaxial cable

ADSL (Asymmetric Digital Subscribers Line): connection works by splitting your phone line into two separate channels, one for data (Internet) and one for voice (phone calls)

Satellite: requires a satellite dish with a clear line of sight

Dedicated Leased Lines: T-carriers (T-1 and T-3) lines Fixed wireless: long range wireless connectivity BPL (broadband over power lines): Internet over power lines

BACKUP AND RECOVERY PROCEDURES

Every business owner should have data backup and recovery procedures to reduce the economic impact of data and service interruptions. Consider the various risks facing your business:

  • Hardware failure
  • Software failure (failed application patches or upgrades, viruses and malware)
  • Human error (accidental deletion of data, theft, sabotage, etc)
  • Corrupt data
  • Power outages
  • Security
  • Disaster (natural or man-made)

What should be backed up? While this will vary, business owners should identify critical data that needs to be backed up and archived, such as electronic files, spreadsheets, documents, email, databases, notes, pictures, graphics, applications and their settings, servers and other irreplaceable customer data. Full physical backups of data should be done at least weekly, and even more often if your business generates large amounts of new data daily. Incremental data backups can be done on a daily basis.

There is a wide range of options when it comes to choosing a backup strategy for your business. Determine the most effective method for your company based on how much data you have to store, how vital specific types of data are to the continuation of your business, and how quickly you need to retrieve it. There are several backup methods to consider. Mix and match the options below for different types of data, beginning with very basic to more complex.

Find the Right Back-Up Option

Method

Pros

Cons

Hard copy

Can be read by anyone, at anytime

Not subject to the failure of an electronic system

Requires staff to store, retrieve & process

Subject to loss from fire, flood damage or event

Needs to be stored outside of the same geographical region as you

Not as portable as electronic media (harder to get the copies at the site you are located/re-located)

 

CDs or DVDs

Inexpensive

Little technical expertise required

Drive failure not an issue

Can store easily & safely in a 2nd location

 

Can only hold small amounts of data; large amounts of data can get pricey

Time consuming; completely manual process

UBS Flash Drive

Inexpensive

Portable

Little technical experience required

Easy to misplace

Not always durable

Capacity limitations

Completely manual

 

Magnetic Tapes

Can backup operating system, applications & data

Small enough to be stored off-site

Subject to degradation

Uncertainty of data integrity

Cumbersome for non-full restores

 


External / Portable Hard Drive

Easy to use

With software, can “set & forget”

Connect to one computer at a time

Hard disk drives run the risk of failure

Can be expensive for large-capacity drives

 

Network Attached Storage (NAS – server
dedicated for saving data)

Can back up several computers at once

Can “set & forget” for automatic backup

Cost

Data not transported off-site

May be difficult to recover without technical expertise

 

“Hot Site”

(Requires a contract with a disaster recovery company that has a full functioning computer site in a location outside of your disaster zone where a business can perform data processing functions and network operations)

Useful to a business with multiple locations with interdependent operations that are linked by a computer network

Appropriate for data centers

Maintain business operations with minimal business interruption to customers

Fast recovery time

 

Expensive

Recommended exercising of plan

Must ensure that in time of a large disaster, they are not over booked and your needs are guaranteed


“Cold Site”

(Similar to “Hot site” except the client provides their own computer hardware to continue operations at the disaster recovery company’s location)

Useful to a business with multiple locations with interdependent operations that are linked by a computer network

Appropriate for data centers

Maintain business operations with greatly reduced business interruption to customers

Fast, but not as fast as a Hot Site’s recovery time.

Expensive, but less expensive than a “Hot Site”

Requires physical transferring of computer equipment to the “Cold Site”

Must ensure that in time of a large disaster, they are not over booked and your needs are guaranteed

Recovery plan exercises are more difficult than a Hot Site’s

 


Online/Virtual Backup Services (“in the cloud”)

Can be inexpensive

Available anywhere there is an Internet connection

Third party takes care of the hardware

Data secured in a remote location

Run the risk of site closing

Can be expensive

Fast Internet connection required

Dependent on a third party

 

Regardless of the solution you choose, limit access to backed up data and consider the security of the environment where it is housed. The important thing is to have access to what you need, when you need it, while preventing unauthorized access and use that can compromise the integrity of your data and your bottom line.

TEST WHEN THE SUN SHINES

Like evacuation and fire drills, test your backup recovery strategies. From time to time, restore a file from your backup drive or tape. If you use an outside service provider, ask them to run through a disaster scenario with you. In addition, be sure to inquire as to their business continuity plans. You want to make sure their backup not only is secure, but also that it and/or its backup servers are located outside the same region as you, so they are not affected by the same storm or other disaster that may damage your facility or IT system.

For any business function, be sure to document the recovery steps. For testing your backup recovery strategies, there should be documentation on how to retrieve the data in a step by step process in the event someone else other than the primary person is not available after a disaster. The documentation should include the pre-, during and postbackup steps. By keeping good records, you can restore your backups with the least amount of downtime. If downtime does occur, having a social media strategy can keep the lines of communication open with your customers and suppliers. For example, using Twitter to announce that you are offline for “maintenance” will fill the void if you are unable to respond quickly due to a power disruption. Twitter and Facebook posts can be made using smartphones, which will limit the hardware that needs to be functioning while you restore data or power sources.

INFORMATION TECHNOLOGY AS PART OF YOUR BROADER BUSINESS CONTINUITY PLAN

The Insurance Institute for Business & Home Safety’s (IBHS) OFB-EZ™ (Open for Business-EZ) program is a no-cost, comprehensive disaster planning tool to assist businesses in reducing the potential for loss and recovering quickly should a disaster strike. OFB-EZ covers many aspects of business operations; for data protection, the program will help you to determine the following:

  • What you need to backup,
  • How much disk space needs backed up,
  • Review of your Internet connection capacity (can it accommodate off-site file transfers),
  • How often should backups be performed (depends on how often your data changes),
  • How will you monitor your backup system(s), and
  • Test your ability to restore data (restore a portion of your data on a scheduled basis)

The goal is to make sure that your data and IT systems are available and ready when you are ready to resume operations, so that you can continue to offer your products and/or services to your customers in the event of any business disruption, keeping your business open without the loss of critical data that allows you to continue with little disruption even if your facility and its IT systems are not available for normal operations.