I have been building and running computer systems since about 1980 and I have had ‘a data disaster’ happen to me on a number occasions – so I have learned the hard way!
Hard disk drives do crash and you basically lose everything just like that! Now I run mirrored drives (RAID 1) for my operating system on my PC’s and servers. I have also deleted files by mistake or tidied up only to find I had been rather over-zealous! Now I have a backup facility that I wrote that automatically copies new or updated files to a backup drive and anything that gets deleted or replaced is placed into a dated trash folder. This gives me the advantages of a mirrored drive, but protects me from incorrect deletions and allows me to get older versions of files. Yes Windows provides a Recycle bin and also allows recovery of previous versions of files, but this is belt and braces for me on a backup drive.
I have lost complete database and server files for multiple websites in one hit because my annually paid hosting came to an end and I didn’t receive emails to renew – yes my own silly fault. So I had to pay a large fee for them to recover from backup (but backups are not always guaranteed or available).
The Big Question
From an IT perspective, the most important question you can ask yourself as a business owner is: How safe is my data and can I afford to lose any of it?
What would you do if tomorrow, you have no access to your customers details or to your accounting information. What if your PC won’t start up, or your website files and/or data were lost?
You need to consider for the different areas of your business, both the safety and the security of your data.
What happens if your hard disk crashes – have you backed it up or do you have it mirrored as a RAID drive? Or do you hold all your business files on a NAS drive so that it is safer and accessible across your business?
The first line of defense against hard drive failure (where you lose access to all your data in one moment) is to have it mirrored as a RAID drive? This means that everything written to drive 1 is mirrored on drive 2. You can’t protect yourself from accidental deletion of data, but you can continue working, replace the broken drive and have it copy to the new mirror drive as you work,
So you have your NAS drive configured as RAID drives, so now you are protected from hardware failure. Have you considered what would happen if your NAS drive were stolen or you had a fire? The answer here is to back up your data, or at least your most important data and store it off-site or in a firesafe. You can do this is by backing up your drives to an external hard drive(s) and removing to safe storage.
Unless you are working in a vacuum, you will have details about your customers stored in your databases or in files on your computer systems. You need to consider how secure this information is and who has access to it. Although you might have staff accessing your customers information and being able to copy it, a greater problem would be having all your data copied en-mass either by an employee or worst still by a hacker.
As a business owner, you need to consider how sensitive the information is that you hold and how accessible it is to your employees and your support staff. Not an easy one and you cannot remove risk completely, but you still need to assess the level of risk and perhaps put into place appropriate restrictions.
For example, it would be prudent to not make it possible for your sales staff to be able to download all your customer details in one go. If you are a small business owner, having your most useful employee running your systems and managing all your customers is an interesting scenario if the decide to leave taking your data and customers good will with them to set up a new business on their own account. For these scenarios having a well written contract for your staff/employees would probably be a better solution than trying to completely bolt down access to data.
Outside access is most at risk where you have data close to a website. If you run your whole business from one server and that server is compromised, you might find all kind of information being sucked out of it. Most companies run their websites on dedicated servers or on externally provided systems, but a small business might look at self-hosting from their own premises and this massively heightens the risk.
If you have a website that allows your customers to have an account that contains business or personal information, there is always the risk of having your website hacked and the information sucked out of your database.
Another scenario is where you manage systems for your customers and they hold their customers information within your system. Now you are not only entrusted by your customers with their information, but they are also trusting you to hold secure the details belonging to their customers!
Not only do you need to ensure your data isn’t stolen, you need it backed up in case it gets corrupted or wiped out. This can happen from a disgruntled employee, or from your database getting hacked.
You need to consider backup intervals and to do this you ask the following question for each type of data (accounts, websites, design/development data); the question is ‘If this data were gone tonight, how bad would that be for my business?‘
So if you are doing a lot of accounting work each day and all the paper work and computers went up in flames tonight, your business would be so disrupted that you might never recover from such a disaster! However if you backup your data every night and take/send it off-site, you could pick up your business tomorrow from a temporary office – inconvenient, but you still have an operational business!
If you a a small business doing design, writing or development work each day and everything went up in flames tonight; a weekly backup may be fine for your business because you can recover back to last weekend (for example) and your staff will then have to re-do the work they did over the last few days. However if you have more than a small business this would not be acceptable and you so you will be having your IT staff doing daily backups so they can ensure a recovery to yesterday.
So it should be apparent that every person and every business should be taking consideration of data safety and data security and the amount of effort put in to managing the issue will vary from single person up to big business.
Even if you do not have a complete solution in place covering all aspects of your business, you should be managing the risks and ensuring you have enough in place to have the a level of risk that is acceptable to your business.