Much of the misfortune experienced by small businesses can be blamed on outside forces - a poor economy, a natural disaster, a decision by a key employee to leave. No surprise that those who survive the down times are typically the ones who minimized their risk by taking basic precautions. One of the most basic of all is protecting critical business data.
Just imagine walking into your office one morning and discovering all of your sales records, customer contact information and order history had disappeared. How long would it take you to recover? How much disruption and delay would occur? What would it cost you?
Data loss can and does happen. It can result from hardware failure, flood, fire, security breach - or just an accidental deletion of an important file. Whatever the cause, taking precautions to reduce the impact is like an insurance policy, enabling your business to get back up and running quickly.
Basic Steps You Can TakeThere are numerous ways to safeguard critical business data, but these three methods will get you started:
1. Implement a procedure to back up critical data.Backing up data means making a copy of it on another medium. For example, you might burn all of you important files onto a CD-ROM or second hard drive. There are two basic kinds of backups: a full backup and an incremental backup. A full backup makes a complete copy of the selected data onto another medium. An incremental backup just backs up data that has been added or changed since the last full backup.
A full backup augmented by incremental backups is generally quicker and takes less storage space. You might consider a policy of running a full backup on a weekly basis, followed by daily incremental backups. However, when you want to restore data after a crash it will take longer because you first have to restore the full backup, then each incremental backup. If this is a concern, another option is to run a full backup nightly; just automate it to run after-hours.
It's a good idea to test your backups frequently by actually restoring data to a test location. Doing this will:
- Ensure backup media and backed-up data are in good shape
- Identify problems in the restoration process
- Provide a level of confidence that will be useful during an actual crisis
Figure 1 shows a Windows operating system Backup Utility, a built-in tool to make backups easier.
Figure 12. Establish permissions.Both your operating system and your servers can provide protection against data loss due to employee activities. With Windows XP and Windows 2000 - as well as Windows Small Business Server 2003, Windows Server 2003 and Windows 2000 Server - it is possible to assign users different permission levels based on their roles and responsibilities within your organization. Rather than giving all users "Administrator" access - which is not a best practice for maintaining a secure environment - institute a "practice least privilege" policy by configuring your servers to give individual users access to specific programs only and specifically defining user privileges.
3. Encrypt sensitive data.Encrypting data means that you convert it into a form that disguises the data. Encryption is used to ensure the confidentiality and integrity of the data when storing it or moving it across a network. Only authorized users have the tools to decrypt encrypted files can access these files. Encryption complements other access control methods and provides an added level of protection for securing data on computers that may be vulnerable to theft - such as mobile computers or files shared on a network. Windows XP and Windows Small Business Server 2003 support Encrypting File System to encrypt files and folders.
Together these three practices should provide the level of protection most businesses require to keep their data safe.
