Ten tips for protecting your small business from downtime
Downtime can happen to any business for any reason. It could be from malicious intent to a natural disaster, a flood, power outage or malware attack. Threats are everywhere and they aren’t all from people. This guide is going to outline ten practical and actionable tips for protecting your small business from downtime.
This guide is intended for small businesses of one to ten people but the principles could be used for larger medium-sized businesses too. Each tip will offer everyday solutions that don’t cost the earth and yet can keep your business humming along regardless of what the world throws your way.
New Jersey Computer Help has been in business a long time, serving our community faithfully during that time. Helping our business community thrive is something we take great pride in and something we aim to be still doing 20 years from now. This guide is just one more small contribution and we hope you find it useful.
What is downtime?
First, let’s add a little clarity. What exactly is downtime? In this context, downtime is any unplanned event that impacts productivity for any length of time. This could be physical, loss of power, a server going down, fire or something else. It could also be digital, a DDoS or malware attack, database corruption, software or system error.
Downtime can also be caused by humans. Either by accident or design. Human error and the corresponding loss of data or productivity is still classed as downtime.
Small business threats
New Jersey Computer Help helps a lot of small business owners across New Jersey either with computer a IT support or data recovery. One thing we hear all too often is the assertion that small businesses are not at risk from malware attacks or viruses as they are too small and don’t have enough cash or resources to make them a target.
This is simply not true.
Small to medium-sized businesses are the preferred targets of malware. They are seen as too small to be able to afford the latest and greatest network security. They are often less likely to have a dedicated IT team or the relevant expertise on staff to effectively protect the business. They are also seen as having less aware staff who would know what to do in a downtime situation.
- 90% of businesses have experienced some kind of security incident.
- 46% of those businesses lost data.
- Small business spend $38,000 recovering from a malware attack.
The average SMB can ill afford to fall victim to downtime regardless of how it is caused.
Another report, from 4iQ said ‘Cyber criminals are targeting more small businesses, resulting in a 424% increase in authentic and new breaches from 2017.’ That makes for sobering reading and is just one more reason why you should read this guide and follow the tips within it!
Not all risks are human
Cybersecurity is a significant risk to your business but it isn’t the only one. You have to plan for fire, flood, natural disasters, medical emergencies, hardware failure, power failure or one of the number of challenges a New York business might face in any working week.
That’s a lot of risks to contend with!
Each of those risks can interrupt your daily operations, impact productivity, lose earnings, cost money in terms of data loss, reputation and customer loyalty. All things a business can ill-afford to experience.
The good news is that the steps you can take to mitigate against those risks will protect you from most of them at once. That minimizes the cost, administration and management of those risks while minimizing exposure.
Ten tips for preventing downtime in a small business
We have adequately set the scene, created the case and outlined the challenges you face as a small or medium-sized business owner. Now it’s time to outline those actionable steps you can take to protect yourself from them.
The tips are:
- Know what you’re dealing with.
- Plan your transformation project.
- Defense in depth.
- Physical and digital.
- Education is key.
- Invest in monitoring.
- Move to the cloud.
- Data at rest and on the move.
- Backup and restore.
- Test and assess.
Each of these tips are achievable by the average small business in New Jersey. Some do cost money but we have done everything we can to come up with steps you can take with as little cost as possible while achieving the maximum impact.
Any measure you take should include every device you use. Phones, tablets, laptops and desktops. If you install antivirus or a VPN on one, install them on all devices. That way, even if a desktop fails, you can safely use any device you own to work without having to think about it. It doesn’t take much longer to protect multiple devices, or cost more but it can save time and money.
Know what you’re dealing with
Nobody likes the word ‘audit’ but sometimes it is necessary to achieve a stated goal. IT audits are designed to tell you exactly what systems, software and infrastructure you have in place. Only when you know what you have can you accurately assess what you need to do and how you need to do it.
An IT audit is best done by a third party. They won’t view the business emotionally, they have the expertise to perform fast, accurate audits and they should provide a detailed report of what they find. It should list every computer, printer, network appliance, phone, tablet and anything else you may have.
The audit report should also list all your software, software versions, system patch levels, security appliances, applications and versions. It may even make recommendations to supplement any shortcomings in your infrastructure.
If you’re a very small business, you can perform an audit yourself. Just look at your computers and devices and find out how old they are, what operating system they use, what software you use on a daily basis, what router you have connecting you to the internet, what make and model your printer is and what security you have protect your systems and any data you keep.
Once you know what you’re dealing with, you can begin to plan how to strengthen your IT without leaving something out or forgetting anything.
Plan your transformation project
Once you have performed your audit, you have an idea of the task ahead. Depending on the size and scope of the project, you may need to schedule it gradually to fit it into your daily routine or to be able to afford any changes. Even the smallest business could benefit from a project plan, even an informal one.
You would want to document:
- The risks you face.
- The physical IT you need to protect.
- The measures you will take to protect them.
- The order in which you take steps to protect your business.
- A schedule of works that includes everything above.
- A regular test schedule and follow ups.
This could be as simple as writing down your physical assets from your audit and adding a column of what you can do to insulate them from downtime. Then adding a date for when you’re going to do the work.
For larger businesses, this would be better as a formal project with the appropriate stakeholders and expertise. You may have multiple layers of hardware, lots of software and applications and a range of mobile devices to contend with.
A big part of any transformation project is scheduling. If you’re planning to prevent downtime from any source, knowing what order to perform these steps is key. While impossible to outline every step in every possible scenario, as a general rule, the order you would work in would be:
- Backup and protect all business data.
- Begin staff training in data protection, safe data use, data loss and security.
- Protect your network from the outside in.
- Harden your systems using combination hardware and software.
- Ensure updates are set to automatic.
- Shift to the cloud wherever possible.
There is a reason you would want to perform the project in roughly that order.
Backup and protect all business data. Your business data is your number one asset so you should protect that right away. Most organizations can find a way to work without their PC, business network or printer but could not function without data. It stands to reason to protect this first.
Begin staff training in data protection, safe data use, data loss and security. The human element is a key vulnerability of a business. Whether by accident or on purpose, data loss and downtime often has a human cause. Beginning a staff training exercise where you teach staff the importance of security, responsible internet use, data loss prevention and good behaviors is essential.
Training is a process and not a single step so the earlier you begin, the faster you reap the rewards.
Protect your network from the outside in. When starting the network security element of your project, start from the edge of your network and work towards the center. That means adding a firewall to the edge and gradually work backwards towards your PCs, phones and tablets.
That way you’re stopping any fresh attacks before they enter your network while you’re hardening your PCs, mobiles and other devices.
Harden your systems using combination hardware and software. As you will learn in the next section, there is no single device or process that can protect everything. Network security and protecting a business from downtime is built around defense in depth. A combination of solutions that ensures you can remain productive whatever comes your way and protects everything you have be it physical or digital.
Ensure updates are set to automatic. A deceptively simple step yet many of our New Jersey IT support customers forget it. Updates are a vital element of network security. While it cannot protect from fire or flood, it can protect from cyber attacks and the human element.
Shift to the cloud wherever possible. Moving to the cloud is not only cheaper and easier to manage, it also offers redundancy, accessibility and the flexibility to use the platform as you please. As far as disaster recovery solutions go, cloud services are some of the best solutions you can buy.
Defense in depth
Defense in depth is a military term that was originally coined to protect strategic assets from physical attack. It describes a layered ring of defenses around an asset with different solutions designed to address a specific risk. Part of defense in depth includes retaliation but we don’t use that in network security!
In this context, defense in depth means a layered approach that includes multiple solutions to protect from all manner of threats. It uses three main controls, Technical, Administrative and Physical. Physical controls include locking doors and an alarm system for the building. Technical controls are the router, antivirus, firewall and data backup solution. Administrative controls include staff training and awareness, policies and culture.
We don’t need to get into all that here but they all include the various elements we cover in this guide.
In practical terms, defense in depth for a small business would include an edge router with a firewall for gateway security, software or cloud antivirus to protect your computers, software firewalls to protect local networks and network reporting to ensure you’re always up to date with what’s going on.
Staff training, clear policies and procedures, real-time monitoring, backups, automatic updates, disaster recovery solutions and proactive protection also form part of defense in depth.
We always advise our clients to begin with the router at the edge of your network. This shuts the door firmly on any new threats and gives you the breathing space to prepare the rest of your infrastructure to avoid downtime.
You can spend from $200 to $2,000 on a small business router. Good ones will have a firewall built in and provide enough Ethernet ports for your needs. Some will also have antivirus and malware, deep packet inspection and intrusion detection. How much you spend depends on the size of your organization but as long as you have a firewall, you should be good.
Cisco does a great line in small business routers and this guide from Tech Radar reviews a selection of SMB routers from other providers. For most small businesses, if you invest in the best quality router you can afford, you’re good to go as far as network hardware goes.
The other elements of defense in depth are covered in the rest of this guide.
Physical and digital
We mentioned that the edge router is just the beginning of defense in depth. That is true and includes a big part of downtime prevention. But not all of it. There are still other elements you need to include if you’re to provide as much security and protection as possible.
Physical protections include a good lock and physical security on your building. It’s the same principle whether you have a home office or rent space in a block. A lock to limit access to your space and either a keycard or biometrics to access data stores or even log into a computer.
Keeping your door locked and alarm primed when you’re not home and using window locks where practical all help keep your business and your assets secure. It isn’t something many business owners think about but theft of your stuff is as much a cause of unplanned downtime as a malware attack or fire.
All levels of a defense in depth include digital protections but here we are talking about antivirus and firewall software on every computer. Even Apple Mac needs software security, so whether you use Windows or Mac, you need this. Linux desktops less so but a firewall is a good idea for every connected device, regardless of what it is.
Software antivirus can either be installed onto each computer or have an agent on every computer and be run from the cloud. There is no ‘right’ answer here. Each has its pros and cons and you will likely prefer one solution to another. AV-Test is the go-to place globally for seeing which antivirus solution works best. It publishes a league table every few months of the best-performing antivirus and can be a good guide to use. This guide over at IT Pro Portal offers a different take on the subject but is equally informative.
Antivirus should never be used in isolation. It should always be paired with a malware scanner. There aren’t that many new viruses being released. It’s mainly about the malware. Having one without the other leaves the door open for data loss and that’s not a good thing. Check out this malware scanner guide for more information.
You don’t have to pay for good security. The only difference between premium and free malware scanners and antivirus are the features included. The level of protection is exactly the same!
Encryption and data backups also form part of digital protection but we will cover those in a little while.
Education is key
We have mentioned a couple times now that the human element is the biggest security threat and risk to productivity there is. Some of this will be down to deliberate acts. The majority of it will be down to ignorance or accident. Staff training and education can help protect you from the latter and perhaps the former too.
Train your staff on how to recognize phishing and social engineering, safe internet use, good internet hygiene, what to do if they spot something wrong with a system, who to report data loss or downtime too and the importance of using good security procedures.
Training is just as important as locking your door at night and should be a priority for every day you’re in business.
Invest in monitoring
Network monitoring is another burden but it’s one that can pay dividends in the long run. It doesn’t mean you’re having to stare at an application dashboard all day looking for errors. Most good quality monitoring tools will automate that for you and just alert you to things it thinks you need to see.
Just like security applications, there are both free and premium monitoring tools. Each offers something a little different and would work in some situations or businesses better than others. Check out this comparison to help make your decision.
In an ideal world, you would want a monitoring tool that would provide all the data you need in a single dashboard but with the option to email or push notify alerts. That way, the information is there for when you have the time but it will let you know immediately if there is something you need to see.
Move to the cloud
Moving to the cloud is a massive trend in business right now and for good reason. Not only is it cheaper than running your own servers and services, it also requires less maintenance on your part, can be changed as you need and can be accessed from anywhere with an internet connection.
It is this last that we highlight here. In any downtime situation, productivity is impacted because you cannot access your systems in the usual way. Whatever the cause, this interruption is what costs money.
Where cloud solution can help is in their flexibility. Say you rent office space in New Jersey and the power goes out. Rather than sitting there waiting for it to come on, you can take a laptop to a coffee shop or somewhere with power and continue working. You could go home if your home has power and continue working. You have access to internet, email, a current backup of data, access to your productivity tools and you’re ready to go.
Whatever disaster befalls your business, as long as you have a laptop or computer and an internet connection, you can use your cloud applications to continue working.
As well as building in resilience, moving to the cloud has numerous business benefits. From lowering the cost and administrative overhead of your IT to the ability to collaborate over distance, there is every reason to consider cloud computing.
Data at rest and on the move
Data essentially has two states, at rest or on the move. Data at rest means data stored on a hard drive, USB drive, even a tape drive. Data on the move means being shared on a network, send via email or uploaded or downloaded from the internet. You need to protect this data during both states.
Protecting data at rest
Protecting data at rest has two elements, encryption and backup. We’ll cover backups in the next section so let us concentrate on encryption. Encryption is a security measure that uses 256-bit encryption to protect all your data. Without your unique encryption key, any data lost of stolen would be incomprehensible to whoever had it. It would be worthless and disaster averted.
You can encrypt data on your phone, laptop, desktop and in the cloud. We suggest using encryption on every device you keep company data on. This guide is an excellent primer on data encryption and you could benefit from reading it.
Protecting data on the move
Protecting data on the move is about keeping data safe while being transmitted. Any time your staff share data via email or over Slack or your local network, every time they upload data to your cloud storage or share it with customers, it needs to be protected. There are two aspects to this, encryption as explained above and secure networking.
The ideal solution would be a secure internal network with a good router to protect data within your organization. Then, data encrypted using PGP encryption when sent via email and the use of a VPN when uploading or downloading data from customers, cloud storage or cloud applications.
First, your data is encrypted within the email or network packet so even if it was intercepted, it would still be safe. Using a VPN creates a further encrypted tunnel between your network or device and the VPN server. This adds another layer of protection that keeps your data safe from anyone.
VPNs are cheap, as flexible as cloud services, can be used on phones, laptops, tablets and desktops and offer a significant boost to data security.
Backup and restore
We cannot overstate the importance of having a data backup. It doesn’t have to cost much and can be fully automated so you don’t have to do a thing. Having one can literally save your business. If you’re in doubt about the need for a data backup solution, we are about to change your mind.
60% of all small businesses fold after a cyber attack. That includes non-data loss scenarios but will include some element of data loss, corruption or worse.
A data backup solution can be as sophisticated as a full enterprise cloud solution or as simple as automatically backing up documents to OneDrive or Google Drive. As long as you have three copies of all important data, you’re relatively safe. Add to that automation of backups and that’s all you need to do.
We did say three copies. The original on your device ready to be used. Another copy on a different machine or storage medium. A third in the cloud on at a different premises. That way, whatever happens, you will have access to one copy of your data.
Data backups are only one side of the coin though. Whatever you do to back up your data has to be usable when you need it most. We will cover this in more detail in the next section on testing and assessment but any backup solution you use has to be available in a usable format in a potential disaster situation.
Whatever situation you face, fire, flood, hacking, cyber-attack or whatever, you should always have access to one copy of recent data in usable form.
Test and assess
By now you have audited all your IT equipment, installed a router with hardware firewall, software firewall and antivirus. Installed a malware scanner, trained staff in safe internet use, phishing and internet threats, set up some basic network monitoring, moved some productivity to the cloud, invested in encryption and a VPN and set up a reliable backup solution.
All you need do now is test to see that it all works. You can go as far as employing a company to perform penetration testing and a full simulated cyber-attack. Or you can simulate a building failure, pick up your laptop and go to a coffee shop and make sure you can log into your cloud applications, access cloud storage and remain productive in a completely separate environment.
While it may seem unnecessary to go to all this trouble, we can assure you it is not. For the same reason you perform fire drills, testing your disaster recovery familiarizes everyone with what they need to do, when they need to do it and how they need to do it. It also tests to ensure your data backups are usable and that your cloud solutions really are accessible from anywhere.
Finally, testing also shortens your reaction time. If you already know what to do and how to do it, when the time comes, the downtime you do experience will be much shorter than when you performed your first test. That alone makes testing your resilience worthwhile!
Avoid downtime in your small business for free
If you’re just starting out, are a freelancer or sole trader, money is likely an issue. This is certainly true in the beginning even if the picture changes later on. With the exception of a router, you can achieve most of these protections using free products. You should definitely invest in a good business-class router with a hardware firewall and perhaps some network monitoring but everything else can be had for free.
- Free antivirus.
- Free software firewall.
- Free cloud storage.
- Free backup solution.
- Free IT training.
- Free encryption tools.
- Free network monitoring tools.
- Free penetration testing tools.
You can get free VPN software but we wouldn’t suggest it. Free VPNs share networks with a bunch of traffic and don’t offer anywhere near the speed you’re going to need for data backups or for productive use. You would be much better off spending the $5 a month a good quality VPN costs to ensure productivity and efficiency.
Free solutions offer credible protection for small businesses or startups. Once you need higher levels of protection, you should begin investing in them. Begin with data encryption and backup and work your way to premium firewalls and antivirus, training and then monitoring and pentesting tools in that order.
Common questions around business downtime
We hope this guide has addressed most questions you might have around protecting a small business from downtime. Just in case, we have collected some of the common questions we at New Jersey Computer Help hear around the subject. We hope they help!
How much does downtime cost a company?
While downtime impacts different businesses in different ways, the average cost of IT downtime is $5,600 per minute. The page linked says that costs can be as much as $140,000 per hour for small businesses with $300,000 per hour being the average. That can increase to as much as $540,000 per hour at the higher end.
The cost to your business may not be anything like that but rest assured, there is always a cost.
How is downtime cost calculated?
There is a calculation to costing downtime and this page covers it in detail. Essentially you have to calculate the basics like hourly wage multiplied by the hours of downtime, the cost of lost productivity and cost of any repairs or replacements.
You then have to add in intangibles like reputation damage, disappointed customers, missed deadlines and any professional costs of returning the service.
What is the formula for calculating productivity?
If you want to dive further into calculating the cost of lost productivity, this page has a breakdown of the calculations you will need to make. It is long and detailed but it is also as full a guide as there is around right now.
What causes downtime?
The video below is about as detailed as you get on the subject of what causes downtime. Luke Stone, the Director of Customer Reliability Engineering at Google presented a session of the 2017 Google Cloud Next conference and discussed that very subject.
<iframe width=”560″ height=”315″ src=”https://www.youtube.com/embed/Ru0vep3hzcY” frameborder=”0″ allow=”accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture” allowfullscreen></iframe>
In essence, downtime is caused by anything from power loss to pets, hardware failure to failure to prepare. The good news is that by following this guide, you are preparing your business to survive just about anything short of the zombie apocalypse!
What are the disadvantages of cloud computing?
Cloud computing is an answer to many IT questions but it isn’t perfect. There are limitations to the technology that you should bear in mind before switching entirely to the cloud.
The disadvantages are:
- Dependent on a network connection.
- You don’t own anything, lease vs. ownership.
- You have less control over how the solutions works and looks.
If you work with a quality cloud provider, security is less of an issue as cloud business models are built around robust security. If they didn’t protect your data, they wouldn’t be in business long!
How safe is cloud computing?
Cloud computing is as safe as you and the provider makes it. Cloud storage and cloud applications will usually use encryption to keep data safe. If you use the principles outlined above for encrypting data yourself before uploading it and upload it from within a VPN, your data is about as safe as it gets.
Work with providers with a reputation for security and who have a good track record and you should be fine!
Which is the safest cloud storage?
As mentioned just now, the safest cloud storage is the one offered by the provider with the best reputation and who works the way you work. This guide offers a look at secure storage providers and includes free and premium providers. Like all of the solutions in this guide, premium products should be viewed as an investment in your business and not just as a cost.
Which cloud storage is cheapest?
If cost is an issue, you can achieve many of the checks listed in this guide for very little money. You can use free antivirus, a free malware scanner, free software firewall, free cloud storage, free automatic backup, free encryption (BitDefender in Windows or FileVault on Mac), free cloud apps and free training online.
Protecting your small business from downtime
The risks facing small to medium-sized businesses are growing and are becoming more sophisticated all the time. Fortunately, your defensive options are also becoming more sophisticated all the time. It is these times when a competitive marketplace works in your favor as hundreds of firms all offering similar solutions compete for your money.
As we have shown, you don’t even have to spend much on preventing data loss or downtime. All while securing your business and maintaining productivity. While those free solutions are viable for startups or freelancers, you wouldn’t want to depend on them entirely when your business grows but that’s a challenge for another time!
For now, take all the measures you deem necessary to protect yourself from those risks. You not may think you need them but you do. We don’t think we need auto insurance or home insurance until something happens and then we are so glad we have it. This is exactly the same!
If you need help with any aspect of securing your business, preventing downtime, data loss, backups or anything mentioned in this guide, contact New Jersey Computer Help at (908) 356-6171. We would be happy to help!