By Angus Robertson, CRO, Axcient
Resilience is vital when it comes to disaster recovery. However, many small and medium sized businesses (SMBs) find themselves ill equipped to bounce back from catastrophic setbacks. FEMA found that “40 percent of small businesses never reopen after a disaster.” What’s more, the Ponemon Institute’s State of Cybersecurity in Small & Medium-Sized Businesses report predicts that 55 percent of SMBs will become the victims of cyberattacks this year.
With small businesses making significant contributions to the overall U.S. economy, helping them gain technological resilience is important. To prevent a disaster from closing your customer’s doors for good, use our 7-step approach for proposing a backup solution:
1. Conduct A Disaster Risk Assessment
When determining backup needs, an assessment is a logical starting point. This process should identify which staff, procedures, and equipment are mission critical. This can be determined by asking:
- How long can the business survive without making revenue?
- What (if any) insurance coverage does the company have?
- What does the company need to do to be eligible to receive insurance payouts?
- Are there alternative staffing plans in place?
- Where are supply chain distribution centers?
Even if the answers to these questions are positive and the client appears to be well prepared for an outage, put their plan to the test—a power outage should suffice—to ensure their plan is as effective as everyone hopes it is.
2. Cloud Services: Vendors Guarantee Uptime, But Not Backup
Think that SaaS-based platforms conduct their own backups? Think again. None do, according to Enterprise Strategy Group. Case in point, Microsoft recommends the use of third-party backup for Office 365. White hat hackers have even demonstrated that Office 365 data can be encrypted and held ransom. This isn’t isolated to Microsoft either.
To improve data restoration efforts in the event of human error or a threat actor, provide a cloud-to-cloud backup solution.
3. Ensure Compliance
With data breach fines in highly regulated industries reaching well into the millions, those in healthcare, legal, and agricultural fields need to have solutions in place to protect, store, and recover sensitive information in a way that complies with increasingly stringent regulations. Include backup into overall compliance solutions to address this issue.
4. Prepare For Cyberattacks
A recent study found that most SMBs affected by ransomware will become unprofitable. Making matters worse, 90 percent of these organizations don’t have any data protection. This likely means the number of SMBs that permanently close due to lack of cyberattack resilience will continue to grow until adoption of preventative technologies increases.
Giving your clients “ransomware rollback” capabilities with a secure backup solution is a helpful way to address this issue. Ransomware rollback is enabled through a secure file sync and share solution which must include continuous endpoint backup and point-in-time restore.
The sync and share agent can be applied to all devices, including phones and laptops to protect data. This means that you can quickly restore any device to the point-in-time right before the ransomware event happened.
5. Cyber Security Or Data Breach Insurance?
Cyber liability insurance covers financial losses that result from data breaches and other cyber events, and most cyber policies include both first-party and third-party coverages. First-party coverage includes data breach investigation costs as well as the fines incurred by lost data and revenue. Meanwhile, third-party coverage helps with lawsuits and fees incurred by aiding individuals affected by the data loss.
Data breach insurance requires data backup and business continuity testing, which can reduce insurance premiums. However, this creates a heavier lift for the entity being insured because they’ll need to prove compliance with the insurer’s process and solution requirements.
6. Backup Or Business Continuity? Is There A Difference?
Backup is one or more stored copies of important data, and the technology requirements are simple: a data transfer method and a location to store the additional copies.
Business Continuity requires not just data backup, but also redundant equipment and instant failover. The technology required includes:
- Redundant servers, storage, and networking equipment
- Software that replicates data and applications in real-time
- Hardware-based fail-over configured to transfer traffic seamlessly
When deciding which is right for your customer, find out:
- How much data can the business lose and still provide services to clients?
- What is the financial impact if IT is down for 1 hour, 4 hours, 8 hours, 12 hours, or 24 hours?
By answering these two questions, you can establish the clients required Recovery Point Objective (RPO) and Recovery Time Objective (RTO). The RPO is the oldest environment the business can support before there is a financial hit. The RTO is how long the business can wait before IT is back up and running.
Having a backup from the night before is great if you have somewhere to restore that data. However, if your client’s building burns down or is damaged in a flood or all their data is crypto-locked, it may be days or weeks before the business is back to normal.
7. Request A Release From Liability Waiver
If all else fails and your client insists on foregoing a backup solution, protect your interests by having them sign a “release of liability waiver.” The waiver releases you, the managed service provider (MSP) of liability due to data loss if your client is unwilling to backup data.
Deliver Trusted Backup Solutions
For clients ready to add a backup solution, consider offering Axcient X360 today. As the name suggests, it’s a central data protection platform that makes it easy for MSPs to provide backup for SaaS, BC/DR, and Secure Sync & Share. Learn more at www.axcient.com.
About The Author
Angus Robertson is CRO of Axcient.