Small Business Cybersecurity 1 of 7: BackupTim Weidman
This is part one in a seven part series regarding security concepts for small businesses. As an owner or principle of a small to medium sized business, you have the ability and the responsibility to understand security basics and ensure they are implemented for you.
Part 1 of 7: Who has your back(up)?
We are starting with backup because there is nothing more important than this. Nothing. If the entire world enters a zombie apocalypse and you survive with a tested, intact backup and enough equipment to restore it, you can resume business as usual even though your only remaining customers may actually be zombies.
When I ask business owners and principals if they have a backup, most of the time the answer is “Yes… I think so.” Knowing how your backup works and some basic details about it are not as complicated as you might think and I see this as a primary responsibility of business principles, not your technology team.
Here are basic questions to which you need answers:
- What are you backing up? This is first because how well your backups work is irrelevant if you are not backing up the right stuff. The answer I get most on this is “We backup everything.” Most likely not, at least not in the way you may think.
This is a part of the process in which your technology people are going to need your help. You can make a list of all electronic data which is important to your business. You don’t need technical terms. You could list: “The stuff we enter into our time management software” or anything else that comes to mind.
Simple way is to use a notepad (the old fashioned kind with paper) next to your computer and over the course of a week write down everything you access which is important. Have more than one person do it and compare lists. When you are done, that is the start of your backup plan. Your technology professional should be able to turn this into actual file locations, application data, etc., fairly easily.
- Which Method(s) of backup do you use? This part gets a bit technical but at least remember three terms. File Backups, Server Backups and Application Backups.
- File level is just like it sounds. You have files. They get backed up. If you need them back you restore. If you lose an entire server, you need to find a new one, go through all of the setup and then put the files on it.
- Server level is also just like it sounds. You back up the entire server. If you need it back, you restore the entire server and everything is back to normal. By itself, this means you cannot restore a file without rolling back time on the whole operation.
- Application level is generally some type of database. It is a way of storing data specific to an application (like the time entry system) that allows you to restore the entire application set of data back to where it was. Most important thing about this is some applications require this in order to restore. If you only backup file level and your application crashes, even though you “back up everything” you still may not be able to bring your data back. Many applications require an application level backup in order to restore.
The best strategy is a combination of the above. You need more than one way of backing up. Backups fail so if you have two methods, you are much less likely to suffer permanent data loss. Avoiding permanent data loss is what this is all about.
- Where is the backup going? There are many places to backup. You should have two. One in your facility for quick restores and one somewhere else. “In the cloud” is now pretty much an acceptable answer as long as it is a reputable vendor.
There can and should be combinations of this as well, but you should at least have enough data to rebuild after the aforementioned zombie apocalypse and have it stored offsite somewhere. You should know where it is.
- How often is it going there? Also should be a combination of different time frames, but the basic question is, “If the place blows up, how far back in time do we go?”
- How do you get it back? You need to be able to restore your backup if it is to be of any value at all. Well, perhaps not you personally, but someone needs to be able to. You should have a general idea of the restore process. You should also have it tested. Your technology professional should test it on a regular basis, but you can do it yourself also. Simple way to test this yourself is this:
- Create a file. It needs to be stored a place which is backed up (see item 1). This assumes you do at least some file level backups, which you should.
- Wait a period of time that makes sense with your backup policy. If it is backed up every night, leave it a couple of days.
- Delete the file. Wait a couple of more days.
- Get it back.
If the backups are working as designed the file should come back to you safe and sound. If not, then there is a problem which needs to be addressed.
Hopefully this simplified the mystique of the backup process. There is pretty much nothing here which requires technical knowledge, just the ability to ask a lot of questions. Your technology professional may have a written backup policy. If not, ask them to make one. Thanks and remember, you can and should understand your own technology.
Tim Weidman is the Director of Information Technology at Frankel Zacharia Tech Services, a department of Frankel Zacharia, LLC. Tim has a technology career spanning over 25 years and holds professional certifications in Certified Ethical Hacking, Security+, A+, Network+ as well as Microsoft, Apple, Linux and Novell technologies. For more information visit: fztechservices.com.