By Chris Crellin, VP of Product Management, Intronis
Since 2004, Ready.gov, a national public service campaign by the U.S. Department of Homeland Security (DHS) and the Federal Emergency Management Agency, has recognized September as National Preparedness Month. As the month comes to a close, we remind you to stress with your clients that businesses should be prepared year-round for disaster. This is an opportunity for IT solution providers and SMBs alike to re-focus their efforts on ensuring that their data and critical business infrastructure are protected, should catastrophe strike.
To get started, here are four ways that MSPs and solution providers can help small businesses protect themselves from data loss:
1.Evaluate potential threats. User error, theft, natural disaster, equipment failure, fire, or malware can all spell disaster for a small business. Managed services providers (MSPs) and solutions providers should work with their clients to ensure that the business is protected in the event of any of these occurrences.
2.Prevent unnecessary risk. Many SMBs may not be aware of some of the user behaviors that are putting their data at risk. Education is an important part of preventing data loss, and MSPs and solutions providers can also help their clients prevent unnecessary risk by helping them to create BYOD (bring your own device) security policies, implementing strong user access control, putting data encryption protocols into place, and using off-site cloud backup for business recovery. Risk can also be alleviated when companies establish a security policy, and for more guidance on how to go about this, check out my recent Business Solutions Magazine article on “5 Best Practices for Establishing a Security Policy.”
3.Create or update a disaster recovery plan. There are a number of steps involved in creating a disaster recovery plan. These steps include:
- conducting risk assessments
- prioritizing applications (e.g., mission critical, critical, essential, and non-critical)
- developing recovery strategies
- preparing inventory
- documenting the plan
- testing the plan
- implementing the plan
MSPs and solution providers should also ask their clients the following questions when putting together a disaster recovery plan:
- Where they will resume operations?
- Who and what are their critical resources?
- What do they consider to be critical business processes?
Once the plan is put into place, it should be revisited on an annual basis at minimum to ensure that it is up to date and has been adjusted for any changes to the business or its technology infrastructure.
4.Back up data. Small businesses should be backing up all emails, line-of-business (LOB) applications, client records, virtual machines, point of sale (POS) systems, financial applications, customer relationship management (CRM) software, electronic medical record (EMR) systems, servers, files, and folders. MSPs and solution providers can see to it that their small business clients are putting technology solutions — such as off-site backups — in place to ensure that this is happening.
Data loss can be expensive and according to Aberdeen Group, businesses are losing between $7,000 and $74,000 dollars for each hour of downtime. The fact is, every business needs a disaster recovery plan in place, and it’s not just the data that’s at risk. The people, facilities, and equipment are also vulnerable, and these are all critical elements to the business’ ability to keep its doors open and remain profitable.
Those of you who have read some of my other contributions to Business Solutions Magazine know that it’s important for MSPs and solution providers to take a holistic approach to data security. Building awareness, educating small business clients about disaster preparedness, and helping them to put plans in place, as well as the processes and technologies needed to protect their businesses, are important elements in this approach, and a great way for MSPs and solution providers to grow their businesses and demonstrate their value as a trusted business advisor.
Chris Crellin is vice president of product management at Intronis, a Boston-based provider of world-class backup and data protection solutions for the IT channel. He has more than 15 years of experience in the security and data protection industries, and previously worked for Datto, Inc. and RSA, the Security Division of EMC.