The idea of threats to data security often conjures up thoughts of large companies plastered across the national news because thousands of records were compromised at the hands of a malicious hacker. Unfortunately, this often provides smaller organizations with a false sense of security; they start to believe that the bad guys are only after the large companies with a lot of money at stake.
The truth is, small- to medium-sized businesses are just as likely to fall under the target of a malicious attack. Alarmingly, 48 percent of smaller organizations suffer from data breaches by malicious hackers as opposed to leaking data resulting from human error. Of those who suffer from a data breach, the same research shows that 60 percent of those companies will go out of business within six months of the attack.
If you are tasked with understanding how to best protect your organization’s data, there are some basic questions you need to ask your IT service provider.
1. Can the provider develop a disaster recovery plan tailored to my business?
Depending on the size of your business and the industry you are in, your data protection needs will be different than those of other organizations. Most organizations understand that their IT service provider needs to know what laws and regulations each company needs to adhere to when it comes to data protection. However, your business needs to give the same attention to its disaster recovery plan. Have you identified business-critical data and the systems that need to access and store it? Do you know the impact and cost of downtime?
The right provider will take the time to understand your business, customers, and employees before outlining a solution. Cookie-cutter disaster recovery plans don’t work; don’t accept a one-size-fits-all approach from an IT services provider you are giving your money to.
2. What type of recovery methods does the provider offer?
The first question will eliminate providers who are offering you a disaster recovery plan that isn’t tailored to your needs. This question will help you narrow down your remaining options.
Budget and personnel have a tremendous impact on which type of data recovery solution you are able to work with. It might be easy for the IT provider to say that you will need everything backed up and restored within an hour, but that will not come cheap. Perhaps you need off-site storage or encrypted storage for certain data, but other information is open to plain text storage or on-site storage.
Make sure that your provider is able to offer you methods that meet your budget, but also your requirements, so you can choose what works best for your organization.
3. What support options are available?
The reason you are bringing in an IT services provider to help with disaster recovery and data security is because your current team may not have the bandwidth or the expertise to handle such an important aspect of your business continuity. For that reason, your IT services provider must provide you with an adequate support plan to assist you and your on-site team with any issues that may arise.
When it comes to data, integrity and accessibility are important. You are going to want to look for a support option that will provide coverage for you when you need it. Some providers may offer a follow-the-sun option if your business has multiple locations. You should work with a provider that offers coverage during your business hours at a minimum, with the option to purchase off-hours support in an emergency.
4. What type of assessments are done?
One of the greatest mistakes made when it comes to disaster recovery planning is failing to test the backup and recovery process. Logs and reports may tell you that everything is backing up appropriately, but you won’t know for sure unless you run the recovery portion of the process. If you wait until you need to run your recovery for real and find out that things failed, you may be out of luck.
Make sure that your IT services provider is running periodic assessments against your backup and recovery process, not only to measure successful data restoration, but also to ensure that it falls within the SLA that they provide. If you need data restored within an agreed-upon number of hours, and it takes them days, you need to revisit your contracts.
Data security and recovery is one of the most important areas that IT needs to address in today’s business world. Failing to protect data could cost money in fines and lost revenue, and failing to restore data in a timely fashion could cause disruptions to your workers and customers. Neither scenario will result in a winning situation for your organization.
When you look to bring in outside IT service providers to help with your data recovery and security needs, make sure they are able to adequately answer these questions and take the time to get to know you as a partner, rather than a customer.