Customer Service: 877-858-7445
↓  Click for Navigation  ↓

Commercial Insurance: Data Protection – A Vital Part of Business Protection

Information and information technology (IT) are the lifeblood of most businesses and must be included in any business continuity plan. Failing to take the necessary steps to protect data and data equipment from weather and other causes of loss leaves your business vulnerable. Take time now to review systems you have in place to protect your data and the equipment your employees use to create, receive, transmit and store information.

Even though most businesses cannot operate without vital records and critical information, much of which is created and recorded electronically, many business owners may not know where this information is digitally located and stored. Some businesses also may have important current and historical documents that are only available in paper form. Without proper planning, these vital records may be damaged or lost in the event a weather event or other disaster strikes. All too often, the loss of critical data and information brings commerce activity to a standstill and ultimately can cause the business to fail. This reinforces the need to have systems in place to protect and retrieve your data as part of your business continuity plan.

THE NEED FOR PLANNING

Many situations can wreak havoc on IT systems, often resulting in time consuming and difficult attempts to re-create the stored information. Even if the inability to access data is temporary, it could reduce your competitive edge, damage your reputation and result in the loss of new and existing customers.

WHY YOUR SYSTEM IS AT RISK

Your business continuity plan should include steps to protect and/or back up all aspects of the IT system, including hardware, software, data and connectivity. Different hazards may target different parts of an IT system; it is important to consider everything from a brief power interruption to the physical destruction of the facility.

HELPFUL DEFINITIONS

POWER DISRUPTIONS

The interruption of the power supply can take on many forms: surges, spikes, brownouts and blackouts. The briefest and most common disturbances such as power or voltage surges are virtually inevitable and can be damaging. While often lasting only a millisecond, these surges can raise the voltage in electronic circuits from a few hundred to as much as several thousand volts, potentially damaging sensitive IT and other electronic equipment. For information about the use and maintenance of surge protectors, see IBHS’ article on protecting commercial properties from power surges at http://disastersafety.org/commercial_maintenance/ protecting-commercial-properties-from-power-surges.

Back-up power plays a critical role in the protection of IT systems. In the short-term, and as a complement to a surge protector, an uninterruptible power supply (UPS) provides near-instantaneous protection from power interruptions for a relatively short period. The typical period of 10-20 minutes is enough time to properly shut down protected equipment or bring an auxiliary power source online. This will provide a bridge to save data and issue shutdown commands to the operating system until power resumes normally or a secondary power source is provided.

Over the long-term, an emergency power generator allows for the operation of some or all electronic equipment and lights and can greatly reduce business disruption when normal power is interrupted. The use of a generator poses certain risks that must be addressed for safe operation, including fire, damage to electrical equipment and even injury or death to people operating the generator or in the building where it is being used. For information on the safe operation and maintenance of generators, see the IBHS article here.

If you are aware of an upcoming power disruption, make time to turn off and unplug computer hardware and other sensitive electrical equipment in advance to avoid the risk of serious damage due to power fluctuations.

BOUNDLESS INTERNET CONNECTIVITY CHOICES

Large businesses no longer have a monopoly on the best Internet connection solutions. There is a variety of options available and connections that are capable of keeping up with everyday tasks. However, choosing the right solution means evaluating the needs of your business:

Once you determine basic usage criteria, choosing a dependable connection service will help you grow and adapt to your business needs. Evaluate and consider all of the Internet service options available in your area and what is most affordable.

HELPFUL DEFINITIONS

BACKUP AND RECOVERY PROCEDURES

Every business owner should have data backup and recovery procedures to reduce the economic impact of data and service interruptions. Consider the various risks facing your business:

What should be backed up? While this will vary, business owners should identify critical data that needs to be backed up and archived, such as electronic files, spreadsheets, documents, email, databases, notes, pictures, graphics, applications and their settings, servers and other irreplaceable customer data. Full physical backups of data should be done at least weekly, and even more often if your business generates large amounts of new data daily. Incremental data backups can be done on a daily basis.

There is a wide range of options when it comes to choosing a backup strategy for your business. Determine the most effective method for your company based on how much data you have to store, how vital specific types of data are to the continuation of your business, and how quickly you need to retrieve it. There are several backup methods to consider. Mix and match the options below for different types of data, beginning with very basic to more complex.

FIND THE RIGHT BACKUP OPTION

METHOD
PROS
CONS
HARD COPY
  • Can be read by anyone, at anytime
  • Not subject to the failure of an electronic system
  • Requires staff to store, retrieve & process
  • Subject to loss from fire, flood damage or event
  • Needs to be stored outside of the same geographical region as you
  • Not as portable as electronic media (harder to get the copies at the site you are located/re-located)
CDS OR DVDS
  • Inexpensive
  • Little technical
    expertise required
  • Drive failure not an issue
  • Can store easily & safely
    in a 2nd location
  • Can only hold small amounts
    of data; large amounts
    of data can get pricey
  • Time consuming; completely
    manual process
UBS FLASH DRIVE
  • Inexpensive
  • Portable
  • Little technical
    experience required
  • Easy to misplace
  • Not always durable
  • Capacity limitations
MAGNETIC TAPES
  • Can backup operating
    system, applications & data
  • Small enough to be
    stored off-site
  • Subject to degradation
  • Uncertainty of data integrity
  • Cumbersome for nonfull
    restores
EXTERNAL / PORTABLE
HARD DRIVE
  • Easy to use
  • With software, can “set & forget”
  • Connect to one computer at a time
  • Hard disk drives run the risk of failure
  • Can be expensive for large-capacity drives
NETWORK ATTACHED STORAGE (NAS – SERVER DEDICATED FOR SAVING DATA)
  • Can back up several computers at once
  • Can “set & forget” for automatic backup
  • Cost
  • Data not transported off-site
  • May be difficult to recover without technical expertise
“HOT SITE”

(Requires a contract with a disaster recovery company that has a full functioning computer site in a location outside of your disaster zone where a business can perform data processing functions and network operations)

  • Useful to a business with multiple locations with interdependent operations that are linked by a computer network
  • Appropriate for data centers
  • Maintain business operations with minimal business interruption to customers
  • Fast recovery time
  • Expensive
  • Recommended exercising of plan
  • Must ensure that in time of a large disaster, they are not over booked and your needs are guaranteed
“COLD SITE”

(Similar to “Hot site” except the client provides their own computer hardware to continue operations at the disaster recovery company’s location)

  • Useful to a business with multiple locations with interdependent operations that are linked by a computer network
  • Appropriate for data centers
  • Maintain business operations with greatly reduced business interruption to customers
  • Fast, but not as fast as a Hot Site’s recovery time.
  • Expensive, but less expensive than a “Hot Site”
  • Requires physical transferring of computer equipment to the “Cold Site”
  • Must ensure that in time of a large disaster, they are not over booked and your needs are guaranteed
  • Recovery plan exercises are more difficult than a Hot Site’s
ONLINE/VIRTUAL BACKUP SERVICES (“IN THE CLOUD”)
  • Can be inexpensive
  • Available anywhere there is an Internet connection
  • Third party takes care of the hardware
  • Data secured in a remote location
  • Run the risk of site closing
  • Can be expensive
  • Fast Internet connection required
  • Dependent on a third party

Regardless of the solution you choose, limit access to backed up data and consider the security of the environment where it is housed. The important thing is to have access to what you need, when you need it, while preventing unauthorized access and use that can compromise the integrity of your data and your bottom line.

TEST WHEN THE SUN SHINES

Like evacuation and fire drills, test your backup recovery strategies. From time to time, restore a file from your backup drive or tape. If you use an outside service provider, ask them to run through a disaster scenario with you. In addition, be sure to inquire as to their business continuity plans. You want to make sure their backup not only is secure, but also that it and/or its backup servers are located outside the same region as you, so they are not affected by the same storm or other disaster that may damage your facility or IT system.

For any business function, be sure to document the recovery steps. For testing your backup recovery strategies, there should be documentation on how to retrieve the data in a step by step process in the event someone else other than the primary person is not available after a disaster. The documentation should include the pre-, during and post- backup steps. By keeping good records, you can restore your backups with the least amount of downtime. If downtime does occur, having a social media strategy can keep the lines of communication open with your customers and suppliers. For example, using Twitter to announce that you are offline for “maintenance” will fill the void if you are unable to respond quickly due to a power disruption. Twitter and Facebook posts can be made using smartphones, which will limit the hardware that needs to be functioning while you restore data or power sources.

INFORMATION TECHNOLOGY AS PART OF YOUR BROADER BUSINESS CONTINUITY PLAN

The Insurance Institute for Business & Home Safety’s (IBHS) Open for Business® program is a no-cost, comprehensive disaster planning tool to assist businesses in reducing the potential for loss and recovering quickly should a disaster strike. Open for Business® covers many aspects of business operations; for data protection, the program will help you to determine the following:

The goal is to make sure that your data and IT systems are available and ready when you are ready to resume operations, so that you can continue to offer your products and/or services to your customers in the event of any business disruption, keeping your business open without the loss of critical data that allows you to continue with little disruption even if your facility and its IT systems are not available for normal operations.

“I wanted the Safepoint team to know that I am very happy with SafePoint and our ease of doing business! Your underwriters are wonderful.”

Twyla
Al Deleon Insurance

©2024 SafePoint Insurance. All Rights Reserved.
Terms of ServicePrivacy StatementSMS Terms of Service