How Often Should You Back Up Files?

Rudimentary data protection can be a business life-saver.

It’s a call no business owner wants to get — a fire broke out overnight in the industrial park where your office based, reducing it to smoldering rubble. Sure, you’re thankful no one was inside, plus insurance should cover the physical damage — but what about your company’s critical computer files?

According to ADR Data Recovery, U.S. businesses lose more than $12 billion per year because of data loss due to hardware or system failure (which accounts for roughly 78 percent of all data loss), software corruption, natural disasters, or human error.

“Data loss, and the downtime suffered from it, can cause considerable damage to your business,” says analyst Bob O’Donnell, program vice president for clients and cisplays at IDC, an Internet consultant. “And if you do any kind of commerce and your current orders are lost, it can prove to be a serious blow to your business revenue.”

The only absolute protection against losing critical information on your PC is to proactively back-up important files on a regular basis.

DIY or Automatic?

Backing up your files can be handled automatically, thanks to the many scheduled onsite or offsite back-up programs available today; or manually, where it’s up to you to select which files to back-up and where to back them up to, either burned onto a recordable CD or DVD, USB memory stick, or, preferably, uploaded to a secured offsite location in case of fire, theft, or natural disasters. Backed-up discs may also be stored in a safety deposit box.

What Gets Backed Up

Each business has its own particular needs and interests, but across the board, all businesses share the common need to back up customer data, contact information, and passwords. Individuals may want to add to that list: work files such as documents, spreadsheets, presentations, Web site code, as well as calendar appointments and e-mails.

A sales office will want to make external copies of its detailed CRM files. An architect will save blueprint sketches and 3-D renders.

Deciding what to back-up is as easy as asking yourself what is irreplaceable. In some cases, the data could be recoverable, but it may cost your business money, time, or embarrassment to retrieve everything from external sources. Let’s face it — asking one of your most important clients to re-send contact information or contracts could be damaging to your relationship.

“Data loss can ruin your reputation with clients or customers,” says O’Donnell. “Because you never know when data loss can strike, back-ups should be automated and stored off-site, so you can concentrate on growing your business.”

What’s the Frequency?

Some software packages — many of which are available as a “try before you buy” download atwww.download.com — automatically back up your information at a select time every day or week.

But if you’re handling the back-up manually onto a CD-RW disc or USB thumbstick, it’s recommended you back-up important information at least once a week. This includes files such as key work documents and files, business contacts, and appointments.

If you’re working on an important document, such as a sales report or a presentation or spreadsheet, it’s not a bad idea to keep a USB memory stick inserted into the PC’s USB port to make a back-up after the work is completed. This is especially a good idea for mobile professionals working on laptops — all it takes is for you to leave your PC on a plane, in a hotel or in the back of a cab and your critical data could be gone forever.

Does File-Sharing Threaten Your Sensitive Data?

Whether your employees are using peer-to-peer technology to download the latest game or video or to share work-related documents, their actions may place your data and your organization at risk.

When debit cards first came out, says Internet encryption pioneer Taher Elgamal, people simply scrawled their pin numbers on the back of their cards.

He sees many businesses taking the same sort of naïve approach to security these days when it comes to file-sharing and peer-to-peer networks. Too often, businesses haven't thought through the risks involved in file-sharing. And like those early debit card users, employees often are thinking simply of convenience and ease of usage.

Yorgen Edholm, president and CEO of Accellion, a company that provides secure file transfer solutions, agrees that businesses have been slow to react, despite continued news reports about data breaches. "One of the things that surprises me is it's still such an under-discussed topic,'' says Edholm. "Two years from now, it's going to be, 'How did we do that?'"

How P2P threatens your data

In February, the Federal Trade Commission notified nearly 100 organizations and businesses that had released sensitive information about customers, students, or employees through file-sharing or P2P networks. The government agency also announced it was conducting investigations of other businesses which had exposed data through file-sharing. In conjunction with the announcement, the FTC published new educational materials for businesses.

The risk to your data from P2P technology is a two-pronged threat. Employees are placing critical data at risk by using P2P technology to transfer and to share work-related materials. However, as people become accustomed to moving much of their lives online, they often blur the distinction between work and home activities. Employees downloading the latest movies and music from file-sharing sites also create risk for their employers.

Among the dangers:

• Inadvertently sharing files. Users may accidentally save a confidential file to a folder that is shared on a P2P network or malware could change the designation of  a folder or drive where sensitive information is stored.
• Opening your network to attacks. Malware in P2P programs can lead to attacks on other computers on your network, not just the computer sharing files.
• Losing track of data. Once files are placed on a P2P network, they may be shared among other computers even after deletion on the original computer. So, retrieving and securing data you've unintentionally exposed is virtually impossible.
• Remote storage of illegal material. Malicious programs could open one of your computers to storage of stolen documents or even child pornography, cautions Randy Abrams, director of technical education for anti-malware vendor ESET.

The threat is so significant Abrams thinks P2P programs should be avoided. "Peer-to-peer file-sharing programs have virtually no place in a business environment,'' he says. "The security of the programs varies widely. However, in many cases, the default settings are not the most secure. The risks of P2P file-sharing are too great to be ignored."

While every organization is vulnerable, Sanjay Mehta, senior vice president for security solution company Breach Security, advises that your company may be particularly susceptible to P2P threats. "In many ways, small to mid-sized businesses are great targets,'' he says. Mehta notes that smaller businesses often aren't equipped with the IT assets or the staffing to evaluate P2P risks or combat data breaches that occur through file-sharing.

How you can protect your data

Like most technology-related security issues, the first steps you should take involve people rather than machines or software, say the experts. Smart business practices will go a long way toward avoiding file-sharing data losses. Make sure your organization follows this checklist:

• Establish and enforce a file-sharing policy. Awareness is critical. Your policy should spell out in non-tech speak whether you'll allow the use of P2P networks. If you allow file-sharing, you should  explain the circumstances under which it is permitted and whom you authorize to do so. Once you've created a policy, revisit it frequently since technology evolves quickly. Educate your users.
• Offer file-sharing solutions. "Ninety percent of employees just want to get their work done,'' says Elgamal, chief information security officer for Axway, which secures and manages business transactions. "Generally speaking, people like the path of least resistance. We need to tell people how the company is enabling them to do business. You can't sit down and say 'no, no, no.' Then what?"  Your employees will find ways to share documents and files when they need to get the job done, so anticipate their needs and find secure solutions.
• Classify documents. Establish a system for classifying information based on how it can be shared or the sensitivity of the data, advises Mehta. Then, arrange information in locations based on whether it can or can't be shared. Consider a separate server or network for secure information.
• Classify users. Evaluate access and who should or shouldn't be sharing information. Consider whether you'll allow home computers on your network, an option Abrams advises against. "The cost/risk ratio of allowing personal computers on a corporate network, even for small companies, cannot be justified,'' he says.
• Purchase help. Look for a vendor solution that helps you safely secure file transfers, log transfer activity, archive files that have been transferred and filter what goes into and out of your network. Accellion charges a couple of thousand dollars a year for a subscription covering 25 to 50 users, Edholm says.

Most important, says Mehta, is taking action now.  If you visited the problem of file-sharing a year ago, it's time to look again. "The threat factor moves a heck of a lot faster than every so often," Mehta says.