A disaster recovery plan is a strategy that allows a business to return to normal after a disruption of some type. Some data disasters are brought on by outside attacks, some are the result of a natural disaster or environmental issue, and some are simply a return to normal after an internal problem interferes with business operations. Today, we’ll take a look at a few things you need to know about disaster recovery to help you mitigate the negative effects of a data disaster.
Data loss can have lasting effects upon your business, usually measured in lost productivity and capital. In other words, data loss is often measured by the cost required to retrieve, restore, and/or repair its effects. Of course, this is only the beginning of how data loss can impact your operations.
Just because you think that you’re following best practices, doesn’t necessarily mean that you actually are. Take it from this aspiring entrepreneur, who shared his own personal experience with us, so you could benefit:
I used to be a sales manager, taught in the classic, old school approach. Basically, I just got to know my clients really well so I could always talk to them about something. Wishing them a happy birthday, finding out how their youngest did during his baseball game, I had a pretty comprehensive well of topics I could pull from. This let me keep a pretty detailed record of people and their interactions with me that allowed me to really make connections with them.
My dad used to moonlight as a rental property manager on top of his full-time position, and that really inspired me. I slowly saved up my money until I could buy the duplex I lived in, and from there, I was hooked.
That first investment grew into a business that supports my family and my staff. All of the processes of managing properties (things like collecting rent, paying taxes, handling payroll, managing utilities, and maintaining the rental spaces) mean that I rely on logistics quite a bit to accomplish it all.
My dad taught me two things that I have really taken to heart: Measure twice, cut once, and to do as much as I could, and let the experts do what I couldn’t.
The second lesson was really helpful when I was first equipping my rental properties. I like to think my places are pretty nice, so they feature things like quality Wi-Fi connections, smart locks, and other things that need a little bit of management. The commercial properties I have are equipped with even more of these kinds of things. All of this tech needs a lot of horsepower, so to speak, so I have a pretty hefty setup at my main office. I also need my technology to help me keep track of who my tenants are, the documentation they’ve given me and the stuff I have to keep, as well as to manage my employees the way I need to.
Now, I can’t do very much at all with a computer unless it’s something I use it for every day, so I listened to my old man’s advice and called a reputable IT company. They came in, set everything up, and when they recommended a backup system, I approved it. The IT company set everything up, taught my office manager to use it and how files could be restored, and even stopped in a month later to check in.
This was all great, and we went along with our business for a few years after that.
Then, we got slammed from all sides. A few tenants were moving out, there were some maintenance concerns that we were dealing with, it was the middle of tax season, and the office manager who knew how everything worked had just left for a much-deserved cruise with his family.
Of course, it was then that the software we rely on for pretty much everything - internal communication, payroll, and scheduling - it just stopped working, and our data was all messed up.
Nobody could figure out what to do, and I finally had to make the very expensive call to my office manager, who was kind enough to spring for the cruise ship’s cellular service in case something happened. That got us to the backup to restore from it. We had also left a message with the IT company.
It was a good thing we did, too, because when the restore was finished, we were still dealing with bad data. We tried again - same thing.
When we managed to get in touch with the company, they told us that some software change had messed up how data was stored in the backup, so while everything else was fine, that one software just stopped being backed up.
This was important stuff - like, the kind that it would have taken a HUGE amount of work and time to even get back to our normal business functions. Plus, we would still have to go back and ask all of our tenants for their sensitive information again. How would that have looked?
The worst part? We knew about the issue when the software was updated - we just never connected it to our backup.
Somehow, after a lot of stress and a pretty big bill, our data was recovered and we could get back to work. Frankly, while it was a really expensive process, I still look at it as a bargain.
However, with a few better practices, we could have avoided the entire issue. That’s why we’re now sure to test our backup at least once a month. A few hours gives me the peace of mind that my business won’t be thrown in jeopardy again. Basically, we just see if we can operate using only what’s on the backup.
These evaluations have already caught a few additional issues, so we’re already seeing the benefits. Make sure you’re backing up your data, and make sure you’re testing them!
We appreciate having this story to share with you, as it raises an important point. Your network is going to change as time passes, so you need to make sure that it is still working as intended. A secure network hosting an insecure application is effectively no longer a secure network. You can view your backups in the same way.
We test all the backups we maintain in a similar way. After all, if a backup doesn’t deliver what you need, it isn’t going to help you much when you need it.
The Connection, Inc can help you avoid this kind of issue, and many others, from impacting your business. Learn more by reaching out at (732) 291-5938.
We’ve all seen and heard about companies and government departments that have experienced major security and data loss events. Once the event is made public, there is a media frenzy of coverage disclosing answers to questions like: Were your records compromised? How can you protect nonpublic information in the future? What should you do if you are a victim? However, as the media focus moves to another topic, the breach becomes yesterday’s news - and there is very little coverage of what repercussions and penalties those entities that were breached faced - if any.
The United States Federal Government determined that general data breach events were ‘sectoral’, meaning that each state where at least one victim resides have the jurisdiction to create and enforce laws regarding general data breaches and security. When a breach occurs, offenders are normally required to give notification to that state's Attorney General, who then determines if the state will seek further action against the offending party.
The U.S. government has only stepped-in so far as to protect two specific-categories of nonpublic information; medical information, through the Healthcare Insurance Portability and Accountability Act (HIPAA), and financial information, through the Gramm-Leach-Bliley Act (GLBA). Even though these laws were established in the late 1990s, their application to information technology is still being explored by the court system. Compared to many other types of crime, prosecuting a data breach is still new, with federal courts having just completed a trial for the first time, in 2015.
Other parts of the world have already seen the importance of a unified standard for regulating data protection, breach prevention, investigation, and violation. The European Union has already passed a ‘General Data Protection Regulation’ which goes into effect in May 2018. In addition to giving data protection authorities more power and resources to investigate and enforce the law, the fines for an offending organization are $20 million or 4% of their revenue - whichever is the larger amount of money.
The secular responsibility of data security laws has lead to some pretty extreme variations among how breaches are handled by the United States. For example, it is the discretion of the state whether they choose to penalize the offending company per violation (records lost), per series of breaches (all charged as a single breach event), or, as impractical as it sounds, per resident. Furthermore, even if they’re prosecuted for their actions that led to the breach (or inactions in some cases), only four states and the District of Columbia give their Attorney Generals the explicit right to collect restitution. Those states are Arkansas, Illinois, Nevada, and Pennsylvania.
Additionally, many states completely bar individuals and organizations from taking independent action against the entity that had been breached, even if said entity is not prosecuted by the state or ordered to pay any type of restitution.
In what could be the most severe repercussion of all the possible punishments for a data breach, is the right of a state to file an injunction against offending businesses, forcing them to freeze operations, pending an investigation of the event. For many companies, the losses associated with indefinitely halting production, combined with damage to their reputation, will exceed any fines or restitution ordered by the court.
The good news is that many states have proposed new legislation or adjusted statutes to reflect the increasingly digital climate of the business world. In fact, a few progressive states have already implemented clarifying the exact amount of time allowed before an entity must notify the Attorney General of that state, as well as setting parameters for the maximum number of records stolen before breach notification is required. For example, Rhode Island law compels breached organizations to notify the Attorney General if five hundred or more records are compromised.
The reality is that, for the most part, cybercrime and data loss laws are a bit behind the technology. In many cases, states have found that by the time an act goes through legislation and becomes a statute, the technology that the laws were created for is outdated. After all, if we can access an infinite world of information immediately, perhaps it’s time to reconsider lengthy legislative processes.
What is your opinion on data breach laws? Should the federal government have a general data loss notification policy, or are the states the best choice to determine how to handle a breach?
No business owner wants to experience data loss in any way, shape or form, which is why it’s so crucial that preventive measures are taken. If you don’t have protections in place, you may find yourself out of business due to a data loss disaster. While that’s certainly the worst-case scenario, the other consequences of data loss are downright troublesome in their own right.
Mobile? Grab this Article
