The Philippines is one of the world’s most disaster-prone countries and when typhoons, floods, earthquakes, and landslides strike, every aspect of society is placed at risk. While one cannot control the forces of nature, one can put into place measures to mitigate the worst effects. Protecting one’s business in such circumstances can be a huge challenge but if one knows how to plan and prioritize, one can be better prepared to face these obstacles.
This is #SafeInAStorm SIKAP’s series about protecting your business during disaster-related disruptions! These blogs will provide practical tips on boosting your disaster resilience in the different aspects of your business.
Part 4: Protecting Your Data
So far we’ve tackled the ways that you can protect your employees, customers, and physical assets from the worst effects of disasters. Now, it’s time to consider a part of your business that may not be tangible but is still material to your future - data.
Data pertains to a collection of facts (numbers, words, measurements, observations, etc) that has been translated into a form that computers can process. With modern technology, more and more data is being processed for any kind of enterprise and a lot of very important documentation for a business such as inventory, payroll, product development, and communication material are in digital form.
And though there are advantages to not having everything simply on paper that could easily be destroyed by fires or floods, digital resources are not immune to damage during a disaster. While you are prioritizing your people and physical assets, make sure you also factor in robust data protection strategies in your business continuity plan.
When mapping out your data protection strategy, it’s best to remember your ABC’s:
Regularly conduct assessments and document your findings. You must be able to identify the most important data, where it is stored, and who are authorized to access this. Make sure to assess the rest of your data and determine which need higher levels of protection.
All your data needs to be backed up to make it easier for you to recover even when a disaster strikes. More than making copies of your data, you must also make sure they are stored in secure locations.
Some experts, including the United States Computer Emergency Readiness Team (US-CERT) recommend the 3-2-1 rule as a backup strategy, which works like this:
3 - Keep 3 copies of any important file: 1 primary and 2 backups
2 - Keep the files on 2 different media types to protect against different types of hazards
1 - Store 1 copy off-site (e.g. outside your business facility)
The advancements in internet service have made cloud storage more readily available to more businesses. You can use the internet to access a shared pool of computing resources (e.g. networks, servers, storage, applications, and services) owned by a cloud service provider like Google Drive, for example.
Storing your data in the cloud protects it against natural disasters or critical failures of local devices due to malware. You will also have access to data anywhere as long as you have an internet connection with no need to invest more in networks, servers, and other hardware. Cloud service is also affordable as you can buy only as much service as you need.
When choosing the best data backup option, you must take the following into consideration:
- the advantages and risks of each media
- your financial resources
- the amount of data to be backed up
- protection for sensitive data (customer data, personally identifiable information, or personal health information)
- accessibility of data (permanent archiving, temporary backups, and rolling backups).
An additional way of ensuring that your data is safe is to consider Disaster Recovery as a Service (DRaaS).
DRaaS “is a cloud computing service model that allows an organization to back up its data and IT infrastructure in a third party cloud computing environment and provide all the DR orchestration, all through a SaaS solution, to regain access and functionality to IT infrastructure after a disaster.” Since this follows the as-a-service mode, the company doesn’t have to own all the resources or handle all the management for disaster recovery but instead it will be relying on the service provider.
If you do not have the resources to research, implement, and fully test disaster recovery plans, the DRaaS provider takes on this burden for you. In some cases, it might be more affordable than hosting your own disaster recovery infrastructure in a remote location. You may choose from 3 main models of DRaaS depending on how much responsibility you want to give the provider: Managed DRaaS, Assisted DRaaS, and Self-service DRaas.
There’s a lot more that can be explored to build your data protection plan but these are the basics. Keep your data safe and secure and your business will be able to easily recover from any crisis.
Stay tuned for more practical tips and advice on how you can keep your business #SafeInAStorm #SIKAPMSME #ResilientMSMES #ResilientPH