Large corporations with big IT departments understand the importance of protecting company data. And, yes, ensuring high system availability and up to the second recovery of data in the event of a disaster can be a costly endeavor. However, even small companies need to be aware of the probable and possible threats to their corporate data and take steps to mitigate those risks before the unthinkable happens.

Loss is not an option

It's been said many times that corporate data is one of your company's most valuable assets. But what does that mean? Your clients have probably entrusted you with at least some confidential information, such as a credit card number, so you probably can't sell it on eBay. You may not have a full-blown CRM system or a Marketing department or even have your data in a format that allows for easy mining of customer information. So where is the value?

From accounting to order entry to retail sales, data is an integral part of most companies. In fact, when faced with the prospect of irretrievable data loss, most companies fail within two years. Taken from this viewpoint, the question in your mind should not be, "How much is my data really worth?" but "How much can I afford to lose?"

What are the threats?

There are three basic threats to your data:

1. Hardware failure
2. User error
3. Malicious attack and theft

Management needs to understand each of these threats in their various forms and develop a safeguarding strategy based on each threat's likelihood, cost of mitigation, cost of down-time, cost and ability to re-create data and company reputation in the event that your data is lost or stolen. For most smaller companies, a few hours of down-time, a couple of times a year with the manual re-entry of up to 24 hours of data is easier to justify than spending hundreds of thousands of dollars to ensure that their systems will continue to function uninterrupted while the office burns to the ground.

Start with the basics

Let's start with the most likely cause of data loss-hardware failure. You come into the office, pour your first cup of coffee, turn on your computer and nothing happens. Many people don't even consider this scenario until it happens to them. If this hasn't happened to you yet, chances are very good it will at some point in the future. And if you haven't taken even simple precautions to protect yourself against this likelihood, the results could be disastrous.

Let's examine the probable causes of this scenario.

What are you plugging into?

Computer systems have very few moving parts, however, they do contain sensitive components that are susceptible to power fluctuations. A surge in power can easily burn out a computer's internal components and even a brief interruption in power will likely cause you to lose the document or spreadsheet you are working on or corrupt your operating system to the point that your machine will no longer boot up.

A good surge protector costs less than $50 and will protect your sensitive components from damage due to power spikes. But don't go too cheap! A 99¢ power bar with a reset button offers little or no protection for computer components. Most solutions include surge protection for both AC power and phone lines. Although more rare than AC power spikes, phone lines are also susceptible to power surges from events such as lightning strikes. If you use a modem or fax machine, it is recommended that you incorporate surge protection into your phone line.

By their nature, laptops are not susceptible to power outages in the same way as their desktop counterparts since they draw their power directly from an internal battery and only indirectly through the wall socket. In this case a surge protector alone should suffice.

For desktop computers and servers careful consideration should be given to an Uninterruptible Power Supply or UPS. A UPS offers the protection from power spikes of a surge protector along with the continuous availability of power of a laptop battery. Because they contain a battery, a UPS is a little more costly than a surge protector. They can range from $50 to $1,000 depending on the power requirements of your computer equipment and the length of time they will operate during a power interruption. The batteries are generally replaceable and last about 3 years. As with a laptop, they can be configured to gracefully shut down your computer during an extended blackout period.

Your spinning time bomb

Most computers still have three types of moving parts:

1. Fans
2. Disk/Tape Drives
3. Hard Drives

The average computer will recognize the failure of a fan either by monitoring it directly or indirectly by recognizing an increase in temperature. Regardless of the method, it will raise an alarm and/or protect itself by shutting down before any real damage can occur. Most of the time you will hear issues with fans well before they present a real problem.

Failure of a CD Rom, DVD Rom or other removable storage device can be a nuisance. However, disk drive and fan issues are reasonably inexpensive to rectify and generally present only a minor inconvenience.

Last, but definitely not least is your hard drive. Spinning at an average of 7,200 RPMs, your hard drive will spin about 20 Billion times during its 5-year life expectancy. Not all hard drives will last 5 years, but all hard drives will eventually fail. When your hard drive fails, there is a very good chance that your data cannot be recovered. Most computer equipment becomes obsolete within 5 years anyways. And replacing your hard drive at least once every 3 years will help to mitigate this risk even further. However, the only way to truly guard against data loss due to hard drive failure is to make a separate copy of your data onto a physically separate device.

Where is your data?

Before looking at simple ways to mitigate hard drive failure you need to know the location of your data in all of its various forms. This includes documents, spreadsheets, email and data stored in other applications such as accounting software, contact management programs and databases.

When setting up your computer it is a good idea to make a distinction between the location of your application files and the location of the data that these applications manage. Reinstallation of a software application is rarely a big deal compared to restoring the data that the application accesses. Keeping your data in a centralized location greatly simplifies the task of backing it up and sharing it with other users in the office. If you run even a small office network it is a good idea to dedicate one machine as a file server containing all of your corporate data. As long as you protect your file server using techniques discussed in this article, your company will be relatively unaffected by the loss or failure of a workstation.

A second drive

The simplest way to protect your data is to make a copy onto a second physical drive. The word physical is important. A hard drive may be divided into multiple partitions which appear as individual drives, however if the hard drive fails, all partitions on the drive will fail.

If your machine is part of an office network and you have the appropriate access privileges, you could consider copying your data to another workstation on the network. The advantages of this are cost and protection of your data no matter what happens to your workstation. However there are a number of disadvantages with this technique. Copying large amounts of data over a network can be slow and will compete with other users requiring network resources. There could also be security issues due to data confidentiality. Unlike a dedicated file server, you cannot restrict access to files you place on another user's workstation. Another disadvantage of this technique is the exponential complexity that arises for each workstation you add into the mix.

A better option may be to purchase and install a second hard drive. Hard drives cost around $100 and virtually all workstations come equipped with the room, power and data cable connectors needed for at least one more hard drive. Adding a second internal hard drive to a laptop is not always an option, however, external hard drives are also relatively inexpensive and have the bonus of being able to be used with multiple machines and stored in a physically separate location.

There are a number of methods that can be used to make copies of your data. It can be done manually, scripted in a batch file, or completely automated using a backup program. However it is important that you close any applications that access your data before the copy is made. And remember, the more frequently you copy your data, the less you will lose in the event of a hard drive failure.

Other backup options

A number of options exist for protecting your data against hard drive failure.

A drive array (RAID) is a group of 2 or more hard drives which maintain multiple copies of your data automatically. The cost for this option has dropped dramatically in recent years. Drive arrays operate seamlessly and continuously. In the event that one hard drive fails you are notified by an alarm but can continue to access your data normally. Once the failed drive is replaced, the new drive is rebuilt automatically.

Tape and optical backup devices are a more expensive option but should be given consideration if you are managing a file server with large amounts of data, require the ability to restore data at different points in time and would like to store your backup copies off site.

Final word

Another common threat to your data is viruses. This threat is dramatically increased if you are connected to the internet. Therefore another wise investment would be a good antivirus package with the ability to keep itself current with the latest known virus threats. These can be found for less than $100 per year.

Implementing these simple, cost-effective measures will protect your data against the most likely causes of loss and corruption. And when you consider the alternative, I hope you realize that ignoring these risks is not an option.