typing on a laptop

Every business needs a business continuity plan in case of a disaster or emergency, which may potentially disrupt regular operations. A significant part of any such plan is having a data backup and recovery strategy. This is a plan for backing up all information that is important to your operations and a strategy for regaining access when disaster eliminates it.

It's extremely important to have such a plan in the event of any type of disaster that can potentially damage your systems. This could be anything from a fire or natural disaster to a cyber-attack. Even simple software/hardware failure or human error can bring about major data loss. Simply put, protecting your data means protecting your business.

"Recovery strategies should be developed for Information technology (IT) systems, applications and data," explains Ready.gov, the official website of the Department of Homeland Security. "This includes networks, servers, desktops, laptops, wireless devices, data and connectivity. Priorities for IT recovery should be consistent with the priorities for recovery of business functions and processes that were developed during the business impact analysis. IT resources required to support time-sensitive business functions and processes should also be identified. The recovery time for an IT resource should match the recovery time objective for the business function or process that depends on the IT resource."

Identify important processes and solutions

Any plan begins with the identification of all important business processes and the hardware and applications needed to fulfill them. Once you have a good overview of what exactly will potentially need to be restored, you'll have a good starting point.

Conduct a business impact analysis (BIA)

A BIA will enable you to foresee the potential results of a disaster on various aspects of your business and help you prepare the necessary resources for recovery. This Ready.gov resource will help you get started with that.

Test and adjust

Once you've assessed your risks, and put your recovery processes in place, do a dry run and see if your plan actually works when put to the test. This will help you spot problems and fix them accordingly.

Back your data up regularly

You should be backing up your data on a regular basis: every day to be safe. This may sound like a hassle, but there are plenty of software programs out there that will do this for you automatically. Here's a list of 34 backup software solutions that you can consider trying out. Some come with free trials. Back your data up both locally and offsite. Use online storage solutions as well as external hard drives for maximum protection.

Look at examples

You don't have to come up with your strategy completely from scratch. Learn from others who have gone through it. There are plenty of examples, resources, and templates available online to help get you started. Look at some and apply relevant elements to your own plan. TechTarget has a great example of a cyber security plan template here.

Get cyber insurance

In the old days, the idea of something called cyber insurance must have seemed fantastical, but in the digital age in which the Internet is critical to business operations, risks are abundant, and having the protection that cyber insurance provides can help business owners sleep better at night. Even beyond the direct hit a business faces from compromised data, there are potential legal issues that can be costly. A cyber-attack can be a much bigger headache than you might even imagine.

If you think that as a small business, you're not at risk the way a larger corporation is, think again. As many as 55% of small businesses have experienced a data breach, and nearly as many have had more than one (SmallBizTrends). Breaches can not only hurt your actual IT infrastructure, but also your credibility with consumers. Cyber insurance can help.

Cyber insurance can potentially help you:1

  • Cover legal fees and expenses associated with a data breach
  • Pay for a professional information technologies review to determine the extent of personal data compromise
  • Notify customers about the breach
  • Restore control over customers' personal identity, within the constraints of what is possible and reasonable
  • Pay an outside firm to research, re-create and replace data lost or corrupted

Another important consideration for cyber insurance is that it can provide you with an expert to guide you through what steps need to be taken following a breach, including compliance with various state laws in order to avoid fines and penalties.

Having a data backup and recovery strategy is critical for any business because when the worst happens, being unprepared can have major consequences. Including cyber insurance as part of your strategy can alleviate the bulk of the damage and help you maintain your systems as well as your integrity.

Small Business Icon
Learn more about Nationwide business insurance Talk to a specialist  

1 Insurance terms, definitions and explanations are intended for informational purposes only and do not in any way replace or modify the definitions and information contained in individual insurance contracts, policies or declaration pages, which are controlling. Such terms and availability may vary by state and exclusions may apply.

Nationwide is providing this information as part of its Business Solutions Center website content and e-newsletter. The information included on this e-newsletter and the Business Solutions Center website is designed for informational purposes only. It is not legal, tax, financial, or any other sort of advice; nor is it a substitute for such advice. The information may not apply to your specific situation. We have tried to make sure the information is accurate, but it could be outdated or even inaccurate, in parts. It is the reader's responsibility to comply with any applicable local, state, or federal regulations, and to make their own decisions about how to operate their business. Nationwide Mutual Insurance Company, its affiliates, and their employees make no warranties about the information, no guarantee of results, and assume no liability in connection with the information provided.