How to Protect Your Data with Small Business Backup
A sudden loss of data can derail the operations of any business. But the impact can be especially devastating for smaller companies and startups, which often can’t recover from the high costs of extended downtime.
Roughly 40% to 60% of small companies go out of business after a disaster, according to FEMA, and that includes data-loss events. Even more alarming, statistics show that businesses without a disaster recovery plan will fail roughly 90% of the time.
Small business backup is a vital layer of protection, ensuring that lost data can be restored back to normal after a disaster.
In this post, we look at how to evaluate your small business backup options – and why it’s more important than ever to protect your data.
A Costly Data Threat
On a Friday morning in March 2019, government officials in a small Georgia county were alerted to a problem with their computer systems. Critical files and applications were suddenly inaccessible, and soon after, nearly all the computers across the network became unusable.
It was a ransomware attack — the nasty form of malware that encrypts your data and demands a ransom payment to restore it.
For rural Jackson County, GA, with a population of only 63,000, the attack immediately disrupted nearly all government operations. Almost all the county’s IT systems were forced offline. Some government services, like arrest bookings, had to be completed on paper.
Officials contacted the FBI and hired a cybersecurity consultant. But ultimately, the county took the risk of actually paying the ransom – to the tune of $400,000. Officials told reporters, “We had to make a determination on whether to pay … we could have literally been down months and months and spent as much or more money trying to get our system rebuilt.”
Common Causes of Data Loss
Unlike local governments, small businesses typically don’t report ransomware attacks to the press. But a 2017 study found that 1 in 5 small and medium-size businesses (1,000 employees or less) had been forced to halt operations due to ransomware attacks, causing an average of $100,000 in downtime-related losses per incident.
Ransomware isn’t the only threat to your data, however. Other causes, like human error, are actually much more common. Every day, businesses of all sizes lose critical data for numerous reasons:
· Accidental deletion of files and folders
· Data migration errors
· Hardware / software failure
· Viruses and malware
· Infrastructure damage from fire and natural disasters
Accidental data deletion can be just as disruptive (and costly) to a business as ransomware can.
IT administrators are well-acquainted with the frustration of users accidentally deleting important files, folders, emails and other data. Recovering that data can be tedious and time-intensive. Even the loss of a single important file can hurt productivity and drain IT resources—both of which hurt the business’s bottom line.
Starting your small business backup strategy
Which data should a small business back up?
All of it. Any data stored on company servers (or on employees’ work computers) plays a role in the company’s operations. If it doesn’t (i.e. user’s personal files) then it probably shouldn’t be stored on company machines in the first place.
What to backup:
· All company files, folders and servers
· Email / email servers
· Application data
· Network configuration data
· SaaS data
When a major data loss occurs, you’ll want to be able to restore the entire infrastructure as quickly as possible. This is why it is equally important to back up folder structures, network configuration data terminal servers, and so on. An ideal recovery is one that not only restores the data but also restores everything back to its original place.
Some data will of course be more critical in nature. That’s where you get into the question of backup frequency. More important data should be backed up more frequently, to help minimize the size of the data loss if a backup needs to be restored.
For example, patient data at a doctor’s office will naturally be a higher priority than the static data on a terminal server. The patient data is confidential and sensitive, and it must be stored properly to comply with federal regulations like HIPAA. Also, the patient data is constantly changing and growing. The terminal server data, while still important, doesn’t change as frequently, so it generally doesn’t need to be backed up as frequently.
Here’s an example of recommended backup frequency for various types of data:
· Exchange & production servers: hourly
· Terminal servers: daily
· Domain controllers: 2-3 times per week
Small businesses should determine their backup frequency as part of their overall disaster recovery planning, which will include setting an ideal recovery point objective (RPO).
The problem with most ‘small business backup software’
Smaller organizations who are new to data backup will usually start by looking into “small business backup software.” The problem here is that there are numerous types of software available, offering vastly different levels of protection. So it can be difficult to know which solution is the right fit.
The software that powers your backup process is very important, but even more critical is the technology and hardware behind it. Software gives you control over the backup process. But the underlying technology is what will determine the key capabilities of your backups:
· How data is backed up
· How much data (and what types) can be backed up
· Where the data is stored
· How frequently the data can be backed up
· How quickly the data can be recovered
As a very basic example, applications such as Google’s “Backup and Share” are not intended to be used as small business backup software. Even online backup services, like IDrive, can be limited in their ability to achieve true business continuity.
For the greatest protection against data loss and downtime, businesses require a more robust backup infrastructure – not just lightweight software.
More comprehensive small business backup solutions
Today’s best small business backup solutions use a combination of software, on-site hardware and off-site datacenters to provide a more dependable and resilient backup process.
With an on-site backup and disaster recovery (BDR) appliance, backups are first stored on-premise for the fastest recovery possible. These appliances are separate from other server hardware, so that protected data is stored on its own drives, independent of server drives.
For an added layer of protection, backups are then replicated offsite as well. This allows for data to be recovered from the cloud, which is ideal for when on-site infrastructure has been damaged. This multilayer backup strategy is often referred to as “hybrid cloud backup.”
What to look for
Keep in mind that not all small business backup solutions offer the same protection or benefits, even if they use the “hybrid” approach mentioned above. Data backup for SMB can take many forms, depending on the provider, so it’s important to evaluate your options carefully.
Here are features to look for:
– Fully constructed incremental backups: How your data is backed up, in relation to previous backups, will affect 1) how quickly your backups are completed, 2) how much computing resources are used, and 3) how resilient the backups are. We like Datto’s Inverse Chain Technology, because each recovery point is stored in an independent, fully constructed state, which means it’s not dependent on previous snapshots.
– Virtualization: Virtualized backups enable a faster recovery that just isn’t possible with lightweight backup software. Backups are stored as fully bootable virtual machines. This means you regain access not only to the data, but also the OS and applications, pretty much instantly. That’s a major advantage when you’re trying to maintain continuity during a disaster.
– Automatic backup testing & mock recoveries: You want to be sure that your backups can be successfully recovered when needed. Look for solutions that can automatically monitor the backup process and even perform mock recoveries, alerting administrators when there are any issues.
– SaaS backup: As businesses increasingly store data in cloud-based SaaS suites, like Office 365 and G Suite, it’s vital that this data is backed up too. Accidental data deletion and misconfigured migrations are common causes of SaaS data loss. This is why a SaaS small business backup solution, such as Backupify, should be integrated into the company’s continuity strategy, alongside a traditional backup system. This ensures that data entered into one cloud-based SaaS is safely backed up to another cloud.
– Backup frequency, recovery options and speeds: Regardless of the technology behind your backup solution, you need to be sure your system meets the business’s recovery objectives. Solutions like the Datto SIRIS enable backups as often as every five minutes, but not every small business will require that frequency. As a rule of thumb: more frequent backups, combined with faster recoveries and multiple recovery methods will greatly reduce the impact of a disruption.
Don’t forget the business continuity plan
Choosing a small business backup solution should never be based on guesswork. Business stakeholders and their IT teams need to evaluate their backup needs according to the recommendations set forth in a comprehensive business continuity plan (BCP).
Risk assessments and business impact analyses, completed as part of the BCP, will identify specific threats to your data and the impact from such events. Those analyses will in turn help you determine the right backup solution for your small business.
For more information on small business backup, request a free demo of hybrid-cloud backup solutions from Datto. If you have any questions, call our business continuity experts at (646) 395-1170 or email [email protected].