So you run a small business and you have a nagging feeling that you don’t have an adequate business security plan in place – you know this – your staff know this and it’s been worrying you, but you put it off because the task is daunting and it simply isn’t your expertise. What do you do?
First – break down the elements… start from the worst case scenario – and cover those problems…
For most small businesses, the worst case scenario is total system loss, or failure – a flood, earthquake, the office being ransacked and all the PCs and/or servers being stolen or destroyed. But in this day and age, that might also be a ransomware infection that spreads to each machine and locks them down… it would be almost as bad.
So – the place we would suggest you start is NOT with anything we can sell you – but with… your insurance agent!
You need to make sure that you have coverage to replace your machines…. because you need to run your business on something…. do you have coverage to replace the PCs that might get destroyed or stolen?
We suggest that your insurance have coverage to get you servers/PCs either overnight, or to reimburse you if you go and grab a machine from the local big-box store (Frys or BestBuy etc).
So you have coverage for machines – but without data – these are worthless… What’s next?
Applications are step #2:
Next – your applications… if you run regular applications like Microsoft Office – put a backup of the installation CDs (if you have them) – or the credentials for the MS Office 365 login – into a very safe place. Take those home, or put them into a safe-deposit box. We suggest two backups of this – one would be on-site, the other off-site. That means you can access the on-site tools quickly, but the off-site version if you have say, a burglary or flood/fire.
Do you have specialist applications?
If you use specialist software, make sure you have a way to install those apps – and that means the EXACT version and patch level you are using. So if you’re using say, Quickbooks – make sure you can install the version you need, which might not be the very latest version.
Data is actually step #3:
You might think that we would place data as step #1 – and just because we put it as #3 does NOT mean we don’t value data more than hardware and apps, it’s just that data is USELESS without a way to access said data. Put simply, without a machine to run data on, and the correct application, your data is wonderful to have, but it is just fairly unhelpful to have JUST the data.
So – you data is next – and it’s important to understand that even the smallest business needs a backup. That backup might be a local hard drive, but we suggest that this is JUST the starting point… you need to have an off-site backup of your data. This is just essential these days and there are several ways to do this. The cheapest way might be an external hard-drive that you take off-site. However, this is the most prone to failure and the most likely to get forgotten. You have to be 100% effective at taking that backup off-site and we know from customer experience, that this route fails more often than it succeeds.
So how should we do backups?
You need a proper cloud backup – even a Carbonite plan will put your data in the cloud. Get your data off-site and have it able to be restored FAST. A home Carbonite plan will do the backup portion, but getting your data back is going to be slow.
How slow? Several hundred Gigs of data would be many days to restore. That simply won’t work for most businesses – so you need to have the BUSINESS GRADE version of whatever solution you use – because the business version will have more restore bandwidth, and/or you can get your data put onto a hard-drive and sent to you overnight. There is probably going to be a fee for this, but if time is money – you can save thousands or more by getting that hard drive back and your data restored FAST.
The other reason for a business plan over a home-user plan is that you can turn on versioning and keep multiple versions of a file. If a ransomware threat encrypts your data – you do NOT want to have the only restoration point to be AFTER the malware encrypted your files!! Think this can’t happen? We have seen it – a photographer that thought his backup would be able to restore files from a year ago… sorry, the ransomware encrypted the files and his home backup solution over-wrote the good files with encrypted files. Months later when the malicious code announced itself, all his valuable photos were encrypted, even the backups.
Stay tuned for part 2 of our article – What does a real world small business security plan look like?