Why your SMB Business need a Backup | Disaster Recovery | Business Continuity Plan?

Over the past 30 odd years working with Business Owners (Directors/Boards) and Technology Managers, I have come to accept a common thread of thought; the Business Owners believe that they need to have good systems and procedures to collect, store and access the vast amount of data that their teams collect and the Technology Managers believe that they need to have the right systems and procedures in place to turn this data to meaningful information so business teams can be aligned to deliver the outcomes that the Directors or Business Owners need. The challenge is if the Technology Managers don’t receive sufficient funding to deliver the basics for Collecting, Storing and Presenting Data, then the business will not have the data to make the right decisions. At the top end of the medium to enterprise level of the organisations this gets done somewhat Ok, however the ball gets dropped at the Small to medium end of the organisations. So this article is directed more to the entrepreneurs of the SMB’s. As Entrepreneurs, Directors, Senior Managers, what we need to focus on at all times is something very simple, in the event of a disaster “how much of Data Am I prepared to lose and how much of time Am I willing to lose in the recovery process?” As both will impact your bottom-line. Just to share a simple math with you, if your annual revenue is $ 1 million  dollars and you have a team of 6, then if you have a down time of 5 hours, then the overall cost to your business will be 2010, in the event your business is a $ 5 million revenue business with a team of 25, your overall downtime cost to your business will be $ 9926, where your average employee wage hour is $ 50/=. The Question I like to you to ponder is “ How much Revenue do I write in a Day and can I afford to lose that much of money?” So, we are going to discuss common mistakes with Server based Data Protection, the ABC of how to mitigate that risk, the three steps of backup and finally few steps to remember at planning.

My friends who have ‘Retail Tech Repair Shops’ share a common thought; I wish some of these Business Owners are more careful with their business data as much as their photo’s in their Laptop and Mobile phone………”, supporting that statement; Verizon Data Breach Investigation of 2019 that analysed 41,686 security incidents confirms that 43% of the breaches involved Small Businesses, 34% was internal and here is an interesting discovery 2% involved the partners of the business. Which goes to recognise that one can never be certain where the risk is going to come from. Many times the data loss is close to home, I recall two incidents in an ICT organisation that I managed many years ago; one of the trusted team members before he left on the Friday decided to delete the entire sales folder. This was after we acknowledged his contribution to the business and treated him for a nice meal and drinks the previous night. The other incident was when a senior member of my team left and started a competitive business our Client list walked out too. The earlier one luckily we had the right backup tool which took 15 min back-ups throughout the day and the later could not do much, that’s business. A survey delivered by the Disaster Recovery Preparedness Council claims that 43.5% of Outage/Data loss cause is human error and 2% is Partner, how about that?

ABC of basic rules in data protection:

So, if you are an entrepreneur here is your ABC of basic rules in data protection, this strategy is a must and you must do this in conjunction with your internal or external ICT Team. So, what does ABC of Data safety mean?

#RTO – Recovery time objective – how long your business can survive following a disaster before operations are restored to normal

#RPO – Recovery Point Objective – is a measurement of the maximum tolerable amount data to lose and how much time can occur between your last data backup and a disaster without causing serious damage to your business.

The ‘A’ is your ICT Team building the ‘Alignment’ with your vision expectations, in order to provide your team with the right information to all the data that is collected and must be protected with minimum data outage. What that means is in the event of any disaster what is the maximum time out (RTO) and what is the maximum data loss (RPO) that you can tolerate. So, if you give a directive to your ICT Team internal or external, “I need minimum RTO & RPO if we have a disaster that include my industry compliance” then they can align their solution to meet your needs. Then the ICT Team can and will build the right environment to ‘Be Data Safe’. Once that part is done all you need to worry about is if this environment is ‘Compliant’ to your expectations of the RPO, RTO and the Compliance.

The challenge your ICT Team have is how to deliver your expectation of minimum data & time loss when your team collect and store information from various sources, your network server, mobile phones, tablet’s to various locations in the cloud. On one hand we want to provide flexibility as we have this assumption of “with flexibility comes improved productivity”. After many years working with the small business and the enterprise, what I have learned from the enterprise is that as much as we like to provide the flexibility, the company data unless in a central location becomes a challenge to ‘Protect’ , so you as a Director or the Business Owner must support 100% the ICT Team when they say to you, ‘we must have a company-wide policy to adopt where everyone stores the business data in a common location or few locations’, this now makes it easy for the ICT Teams to manage.  The advantage for you as the Director is your ICT Team now can deliver your ABC. So you must support your ICT Team 100%, with the right policy and procedure, they will be successful.

Building the Solution

So, lets now build the solution; in your business you will have your data in various locations, they can be in physical or virtual servers. The data in these servers must be Backed-up on a regular basis, ideally not into a rotation of Office Works USB Drives (yes this happens). The advantage, although easy and cost effective to acquire and deploy, you will pay the price if you need to restore a file or folder, since  errors gets discovered only after 2-3 weeks into the month.  The other point of managing the rotation, one need to depend on someone in the organisation to be diligently responsible for your business data back-up. That’s the operational challenge, the other is productivity and commercial challenge, from a technology standpoint if you only have a Backup to USB based on the free software provided by the Operating system vendor like Windows, if the disaster strikes and you need to replace the servers your ICT Team need to re-build the server operating environment from ground-up and only then they can restore the data from the USB.  

So, Stage 1 is maintaining the focus on minimising the impact on RTO & RPO, my

recommendation is to have a local Backup and Disaster Recovery Server this can be a Windows Pro system with a Local Network Attached Storage (NAS) Box complimented with a Backup and Disaster Recovery Application that can take 15 min incremental Backups, this way you are limiting your data loss to a minimum. The advantage of having this BASIC infrastructure within your premises is in the event you have a file, folder or worst case the Server needs a rebuild then your ICT Team does not need to waste any-more time than picking up the file or folder from the last good backup and presenting to the person who has overwritten the file or folder. In the worst case if you have a server re-build you are not waiting for the data set to be downloaded from any Cloud Service. Your ICT Team has a local Back-up Storage (NAS) that they can easily access to recover even the whole server in a matter of a few hours, than a whole day of rebuilding the server.

Stage 2 is to ensure that the Backup you take on to your local Backup & Disaster Recovery environment is moved off-site. Gone are the days where someone trustworthy and responsible within your SMB Business took the Tape Cartridge or USB Home (which sometimes they forget to). Today, leveraging the technology your business data can be copied to a Data Centre that is accessible remotely by your ICT Partner. Many times the Enterprising ICT Partners have a Data Store within their business. Going down this path is a good strategy. When the worst takes place, it is they who always takes the responsibility to get your business up and running. So, your minimum Off-site Storage & Recovery should be leveraging your ICT Partner. The challenge is how long it would take to recover the environment. So, comes the Stage 3 the business continuity part of the Backup and Disaster Recovery.

So, Stage 3 is the challenge of reducing the business downtime and improving the productivity, thereby having business continuity. The ideal is to find a Technology Vendor or a Partner who can retain your Backup Off-site for the past few days and in the event of a

major disaster virtualise that Backup as a Production Server in less than 60 min in the Cloud until your ICT Partner gets things moving. One single advantage with this platform is that you don’t need to spend hours and days testing this business continuity plan. Your ICT Team can test this process within a few hours with a bit of preplanning during a weekend. Here is an interesting point by  The Disaster Recovery Preparedness Council 38.8% of businesses did not have a DR Test for a disaster, then 25% said the Plan was somewhat useful. Technology in a business is very dynamic, what prudent organisations experienced was that although they test quarterly or bi-annually, 65% said that they did not pass their own tests. So, think about it, more you test your DR plan which is part of your Business Continuity Plan (BCP) better result you will have over time.

Take advantage of the technology that is available to you, So, here are a few tips from all our experiences.

A)    Try to understand the cost to your business what down time really mean to productivity and revenue impact,

B)    Work with your business unit managers and work-out what are the critical applications they use and what impact would it be for their business unit in case they are not available for an hour or day,

C)    Working with your ICT Partner develop a risk mitigation plan how to reduce the impact of no access to Files, Folders, Emails, CRM Data, Accounting Data and mitigate the Ransomware attacks, etc,

D)    Working with your ICT Partner work-out the process of how to virtualise your current Physical or Virtual Servers in the cloud until they get your systems up and running,

E)    Develop a cost-effective way of testing the access to the Virtualized Servers as part of your Business continuity plan at least every quarter (it should not cost you an arm and a leg).

F)     Bring your ICT Partner to the table, be transparent with your needs and budget, if money is tight have a plan to get to the final outcome.

I trust this was valuable reading as a SMB Entrepreneur, your feedback is most welcome.

Co-Authored by #ShamalTennakoon and #BalanNaidoo.

Shamal Tennakoon is a Business Strategist and a Technology Advisor. He is a specialist in developing simple and effective strategies for business growth and data protection for growth centric businesses. 

Balan Naidoo is the Principal Technology Consultant at INFOTECH Associates. He is a specialist in helping companies build the technology stack to compliment the visions and the outcomes for the Small to Medium businesses. Balan, has valuable experience working in FMCG, Retail, Agri, Manufacturing and Finance delivering leading edge solutions and reducing the cost of operations.