One of the most important things a small or medium-sized business can do today is protect its data. The longer it takes your business to get back up and running after a catastrophic data loss, the greater the chance that the company will lose money and customers.

The good news is that your data protection options are more powerful than ever. The bad news is there are more threats to worry about. Now, in addition to natural disasters such as hurricanes, fires, power outages and floods, businesses also have to worry about man-made disasters, including sabotage and human error.

And don’t forget about security threats such as viruses, spyware and other malware, which have become more sophisticated.

Taking action
A well-rounded protection plan can shield small and medium sized businesses against most disasters. Developing a plan may seem overwhelming, but there are some simple issues and basic technologies that every data protection plan should include.

So how do you determine whether you need just a few CDs for manual data backup, or if you need to use automatic backup and restore software? Here are some steps to take to determine what you need:

• Decide what you need to back up. Ask yourself, "What can we afford to lose?"
• Know your data environment. Then determine where that data is located in your IT system. How often does it need to be backed up? How often is it retrieved or restored?
• Document backup policies and procedures.
• Validate the integrity of the backups. Make sure they are complete and that you haven't backed up viruses or other malware. Also be sure they can be successfully restored.
• Keep backups in a safe place. This is typically done by storing them offsite in a secure location.
• Routinely check your backup plan to ensure it is current and has evolved with the business.
• At the end of the backup lifecycle, be sure it is destroyed completely so that the data cannot be retrieved by an unauthorized person.

SMB security threats
Small and medium-sized businesses face a variety of security threats. Some threats attack via the Internet, others come from simple employee error or an unhappy employee.

Battling the insider threat involves watching the behaviors among people inside the business. Threatening actions include password misuse or theft, social engineering and unintentional – yet damaging – security breaches by employees.

Your business should consider a written security policy as a means to battle the Internet as well as insider threats. A security policy puts in place an ongoing statement of protection, detection and response. Here are some issues the policy should address:

• Appropriate use of the company e-mail system
• How to handle sensitive information
• Responsive actions when faced with a security incident
• Securing all IT systems
• Measures for protecting employee, customer or accounting information
• Appropriate use of user IDs and passwords
• Roles and responsibilities of administrator, users, and providers
• Enforcement

As you develop a security policy at your company, make sure you know all of the company assets and IT systems. If you don't know about them, you can't protect them.

One of the most forgotten assets is the portable laptops.  Are you securing wireless communications?  Are you backing up these mobile units?

Assess the risks against the vulnerabilities. This will help determine how much time and money you should invest in various areas. The bottom line is that small and medium-sized businesses face multiple threats to their business that get more serious and difficult to battle each day. By taking a proactive approach to protecting and securing critical data and leveraging appropriate technology, you can minimize the chances of losing your data, and increase your ability to have the business back up and running in the event of catastrophic data loss.

For more information on protecting your business from data loss and security threats, call CompuData at 800-223-3282.