Tekexpertise Blog

Your business is almost certainly highly dependent on data you have on your server(s) and PCs. Studies indicate that small businesses that lose their technology or data capabilities for more than 48 hours are in danger of going out of business. The good news is that some simple techniques which need not cost a lot can prevent data loss except in the most extreme cases.

Required:

You must backup your data and keep copies of those backups off-site. Data must include all primary business files, including those on employee PCs. Primary files include accounting data, email, work in progress and business process information. You should create a list of what those are.

For business with relatively modest amounts of data, Internet based backup is a great choice. Services such as Carbonite (http://www.carbonite.com) and Mozy (http://mozy.com/) are good choices among many options. Get a connection with at least 5 MB upload (that is from your systems to the Internet) and 10 MB download. Cable providers (Comcast, Time Warner, etc.) and Verizon FIOS can provide more than enough bandwidth for as little as $100 to $150 per month. Note that DSL is NEVER fast enough.

If you have a large amount of data, consider tape backup or backup to an external hard-drive. Be sure to bring at least a weekly full backup offsite, even if it’s to your home.

Better:

Businesses can’t rely on a single piece of equipment to run their businesses whether that is a server or the boss’s PC. Fortunately, virtual machine technology makes this less of a problem. Without going into the technical details, a virtual machine can take a snapshot of or server or PC and have it ready to be redeployed on another device.
Excellent choices are VMWare from VMWare Inc. (http://www.vmware.com) and Hyper-V from Microsoft (http://www.microsoft.com/windowsserver2008/en/us/hyperv-main.aspx). In both cases, they have free versions that will work just fine for most small businesses. However, these products require the assistance of an expert to configure and maintain. There are many capable technology service providers with virtualization experience.

Best:

The next level of protection means hosting your key server(s) offsite to a data center (sometimes called a co-location facility). These facilities provide redundant power, cooling and Internet capabilities as well as strong physical security for your systems. Most can provide monitoring to alert you in case one of your systems goes down and will provide some level of support to get them back up. All of your systems should connect via a high-speed Internet connection.
Some additional costs (other than the monthly fee at the co-location facility) include one-time costs of buying an additional firewall and switch and the initial configuration fees. Again, you need to have a service provider that is capable of configuring these environments correctly. The co-location facility may provide these services themselves or have partners they can recommend.

These are cost-effective techniques that can give you the peace of mind that your data and systems will be protected. If you would like to discuss more, contact me at ed.mchugh@tekexpertise.com.

Massachusetts has new privacy regulations that went into effect on March 1, 2010. These regulations affect almost all entities, except for government bodies, that have private information for any resident of Massachusetts whether or not the entity has an office within the state. Specifically, the regulations, commonly called 201 CMR, apply to entities that collect and store sensitive information that must be kept private. Here is a link provided by the state with general information regarding the regulation: http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf.
In order to comply, a company must institute a security program designed to protect sensitive information associated with a person’s name: Social Security numbers, driver license numbers, credit card numbers and any financial/banking institution accounts and associated credentials. These elements must be protected whether they are stored on paper or electronically. The regulations provide for stiff fines for non-compliance or security breaches.
To protect this information, entities have to meet requirements such as: a written data privacy policy, functioning firewalls and anti-virus/anti-spam software, applicable security updates on all computers, and encryption of all wireless communications. Companies need to designate an individual to be responsible for the security program. In addition, encryption is required for protected elements that are passed to and from the Internet, are placed on laptops or on any other device (USB drive, thumb drive, etc.) that can leave the firm’s premises. Access to the protected data must be limited to those whose job functions require that access and data access must be protected by security policies that require strong passwords that are regularly updated. Users must also receive training on the policy.

Even the smallest companies can be put at great financial and reputational risk if there is a breach. Breaches need to be disclosed and non-disclosure could lead to even larger fines.

If you would like a tutorial or consultation on how your organization can have an effective policy, please email me at ed.mchugh@tekexpertise.com.