Very Simple Tips for a Successful Small Business Backup Strategy
This is just one of many important questions that organizations must consider when creating a small business backup strategy. And since each business is unique, every organization will have their own specific recovery needs and objectives.
Simply having a small business backup system is not enough. Without the right backup strategy, you could still risk losing a ton of critical data.
Here are some simple tips for determining the right strategy for your company.
What goes into a small business backup strategy?
Backup frequency is indeed a key aspect of your overall strategy. But there are many other things to consider as well:
· How often should data backups occur?
· Do certain types of data need to be backed up more frequently?
· Where will the backups be stored?
· How quickly will the data need to be recovered to prevent a disruption?
· What about SaaS data—can that be backed up too?
· Who will manage the backup and recovery processes?
· How can the backup strategy be improved with company policy?
A 360-degree strategy is essential. Inadequate planning in any of these areas will come back to bite you when data loss inevitably occurs.
How data loss destroys small businesses
Let’s take a moment to address why it’s important to have a small business backup strategy in the first place.
· Data loss happens all the time: Roughly 7 out of 10 businesses experience data loss due to a multitude of reasons: accidental file deletion, hardware failure, malware, cyberattacks, natural disasters and others.
· It’s extremely costly: Data loss from ransomware costs small businesses an average of $100,000 per incident due to the downtime alone.
· Recovery is challenging: Some research has shown that 60% of small companies that experience data loss shut down within 6 months. Even in cases where the data can eventually be recovered, the operational disruption is so great that many businesses do not survive in the long term.
A good business continuity and disaster recovery (BC/DR) solution is only a first step. With the right backup strategy, businesses can significantly reduce the risk of both data loss and downtime.
Determining your strategy
Creating a good backup strategy is almost impossible without knowing the unique risks to your business. So the very first step should be developing a disaster recovery plan, consisting of a thorough risk assessment and business impact analysis. (If you need helping creating one, use this disaster recovery plan template.)
Once you’ve identified your risks, you’ll be able to set two very important objectives that will guide your backup strategy: a recovery point objective (RPO) and a recovery time objective (RTO). Both objectives pertain to how you can recover data from a backup, but there are important distinctions between them:
· RPO: Your RPO answers the question: How old can our last backup be to avoid a disruptive data loss event? Setting this objective ensures that you are performing backups frequently enough to minimize loss when restoring from a recovery point. For example, if you can’t afford to lose more than an hour of data, then your RPO would be 1 hour.
· RTO: Your RTO answers the question: How quickly do we need to recover data to avoid an undesirable outcome from data loss? Setting this objective ensures that your systems and protocols can produce a rapid recovery that minimizes downtime. For example, if you can’t afford more than 2 hours of downtime after a data-loss event, then your RTO would be 2 hours.
You need to make sure that your data backup solution is capable of meeting these objectives. Setting an RPO and RTO will help you identify the right technologies for a successful backup strategy.
Best practices for backup frequency
There are no hard and fast rules for how often your data should be backed up. Businesses that handle large volumes of extremely sensitive data need to perform backups every few minutes. Smaller businesses that rely less on data may only need to perform backups once a day.
A good backup solution will allow you to customize the frequency for different types of data. This ensures that your most valuable datasets are backed up more frequently, while more static data can go longer without replication, reducing the load on your systems.
As a general rule of thumb, Datto recommends the following backup frequencies for various server roles:
· Exchange servers: hourly backups
· Terminal servers: daily backups
· Auxiliary domain controllers: multiple backups per week
Where to keep your backups
The location(s) where you store your backups are an important part of your overall backup strategy. It affects how well your data is protected against various disaster scenarios and also how fast you’ll be able to recover data.
For the majority of businesses, your three basic options will be:
· On-site: This setup typically relies on a server or backup appliance kept on-premise at the business. One advantage of keeping backups onsite is that it provides the fastest possible access to your data, which is especially valuable if you need to do a full restore. However, a key disadvantage is that the backups remain vulnerable to disasters that occur onsite, such as a building fire, severe flooding and so on.
· Cloud (private or public): Storing backups in the cloud involves keeping your data on servers and/or backup appliances inside a private datacenter or a shared public cloud. By keeping the backups off-site, this setup provides extra protection against the risk of on-site disasters. One disadvantage of cloud backups is that a full data restore, if needed, could take a long time to transfer over the internet, depending on the size. (For large datasets, it may be faster to mail the backups on physical drives.) But newer features like cloud backup virtualization can enable businesses to boot their backups as virtual machines in the cloud, for instant access to data and applications while the larger recovery is still underway.
· Hybrid: This setup provides a mixture of both options: on-site and cloud. Backups are stored on an on-site server or dedicated backup appliance and also replicated to the cloud. A hybrid backup strategy ensures the fastest possible access to data while also providing protection against on-site disasters.
In recent years, hybrid backups have become the preferred strategy for businesses that are looking for greater data protection.
The rise of SaaS applications has increased the need for cloud-to-cloud backup within your overall backup strategy.
To be clear, cloud-to-cloud backup is not the same as the traditional cloud backups mentioned above. Cloud-to-cloud backups are backups of the data stored within cloud-based SaaS applications, like Office 365.
Data loss within these applications is extremely common, usually caused by accidental deletion, overwrites and misconfigured integrations. As businesses increasingly depend on these apps as part of their critical operations, it has become more vital to back up this data. SaaS backup services like Datto’s Backupify can automatically backup data in applications like O365 and G Suite, copying it from the provider’s cloud to Datto’s cloud.
Deciding who manages your backup strategy
Many businesses, small and large, do not have enough in-house resources (or time) to manage their entire continuity strategy. In many cases, it makes more financial sense to depend on a skilled managed service provider (MSP) that can bring even more expertise to the backup strategy.
In fact, some DRaaS solutions (disaster recovery as a service) can provide a higher level of data protection and service than a company can achieve in-house, while also being more affordable than expanding internal IT teams.
Businesses need to weigh these benefits carefully when determining their backup strategy, ideally before investing in a new BC/DR deployment.
Supporting the strategy (beyond technology)
A small business backup strategy should not consist of technology alone. Businesses must address the root causes of data loss, separate from the recovery systems.
Consider that most data loss occurs from accidental deletion and hardware failure. Also, most ransomware infections arise from malicious emails and attachments being opened by unsuspecting employees.
This is where good policy and preventative strategies can go a long way.
What to consider:
· Internet/email/data policy: Set policies that help prevent the most common data-loss events from occurring. For example, you can set policies for how users should deal with emails from unknown senders. In IT, you can set policies that dictate network configurations and access controls that limit users to only the folders they need (which can help prevent the spread of some malware infections).
· Employee training programs: Continually educate personnel on those policies. Use training programs to remind users of the risks of data loss, ransomware and cyberattacks. Demonstrate how these events typically occur and best practices for preventing them.
· Ongoing continuity planning and testing: Assess the success of your backup strategy on an ongoing basis (especially after a data-loss event has occurred. Set policies for how often this planning should be reviewed and tested.
Always remember that a good backup strategy is only as good as the technology and planning behind it. Even after deploying a new BC/DR solution, businesses must continue to reassess their overall readiness to ensure that the backup strategy remains successful.
Request a Free Demo
Request a free demo to see how hybrid-cloud backup and disaster recovery solutions from Datto can protect your business from data loss. Call our business continuity experts today at (646) 395-1170 or email [email protected].