Data Security and Protection Checklist for Small Business

In a world where malware, hacks, and data breaches are becoming more advanced and common it’s more important than ever to protect your business’ lifeblood – its data.

Luckily modern technology gives even the smallest of businesses access to enterprise-level data backup and disaster recovery services. These tips and assessment checklist from Techvera CEO Reese Ormand will help you decide what services are best for your company and how to get started with a robust data security plan.



This is essential to protecting your data, ensuring you are not in a data loss or recovery situation.

  1. Do you have subscription-based antivirus software installed and monitored across your network – on all workstations, laptops, and servers?
  2. Is your company’s network protected by a firewall appliance? This is a device that is installed on the front end of your network, monitoring all incoming and outgoing traffic.
  3. Is your company’s data subject to industry compliance? If you are in the medical field, and you are storing PHI (protected health information), that data is subject to HIPAA compliance and needs to be secured properly. This means your backups, and any mobile devices such as laptops must be encrypted.



This is a very common issue for many businesses – no one has any idea what is going on in terms of backup. It is essential that you know the answers to the following questions so that you can ensure your data is protected.

  1. Do you know if you are currently backing up your data?  If so, are you backing up your server/shared files on the network? If you are saving files locally to your machine, are you backing that machine up as well?
  2. Many backup solutions out there now will send you a daily email, or report, to verify that your backups have completed and are up-to-date. Do you have these reports set up? If so, is someone monitoring these reports so that if there is a failure, there is an action plan in place to resolve the failed backup?
  3. This point cannot be stressed enough – taking a USB drive offsite with just a few files on it is not an adequate backup solution for a small business. This solution is prone to so many issues:
    • Flash drives are prone to failure and often get lost. I’ve seen many clients who think they have their data backed up and current only to find out that the flash drive was corrupt, or that the last backup did not complete properly. Also, if you are subject to industry compliance such as HIPAA, you could be setting yourself up to pay enormous fines for HIPAA violations.
    • This process requires a human to backup files manually every single day to ensure you have current data offsite. A real backup/disaster recovery solution entails an automated process – software that backs up your data on a set schedule – like once every 1 hour, 4 hours, or every night at 2 am.
  4. Are you currently backing up your data offsite?  Are you paying an IT provider, or a backup solution provider (such as Carbonite, Crashplan, etc) a monthly fee to ensure that your data is being backed up offsite? This is extremely important. Many small businesses have antiquated backup solutions – running a program that is backing up their data, however, it is only a local backup – no data is being backed up offsite. Local only backups were the norm in the past, however, this does NOTHING for your company in terms of protecting your data from catastrophes such as fire, flood, theft, hardware failure, etc. A true backup/disaster recovery solution entails local backups, offsite backup, and a recovery plan.



This is perhaps the most important and overlooked part of having adequate data protection. If no one is watching your system for failed backups, you could be in serious trouble.

Having an action plan and someone (or an IT provider like Techvera) monitoring this solution is essential to ensure your backups are running, current, and your data recoverable.

Simulate a disaster to test readiness. At Techvera, we simulate disaster recovery with our clients annually. Simulating a mock disaster recovery is often overlooked.

What is the SOP for local hardware failure? Or data loss due to malware? What is the plan to recover data during a site-loss situation?

Your company’s IT department or your IT provider should have the answers to all these questions. Be sure to establish your company’s estimated TTR (time to recover) with your IT support provider based on your current backup solution. This allows expectations to be managed on both ends, which can be very important during a stressful situation.

What is your company’s tolerance for downtime? The answer to this question will dictate the level of backup/disaster recovery your company needs.

Here in North Texas, we are always concerned about weather-related outages – tornadoes, floods, etc. During our discovery process, we often ask our clients to define what they deem as an acceptable level of downtime. “If your office was wiped off the face of the earth during a tornado, how long can you survive being down? Two hours? 12 hours? 2 days?”  The answer to this question will determine how robust of solution your office will need to protect your data and minimize downtime.


Data Security Checklist

Techvera icon

Written by Reese Ormand

Reese is the CEO of Techvera. His goal is to transform technology into the ultimate business asset. When he isn't doing that, he enjoys spending time with his wife and children, playing poker, and seeing the world.

January 12, 2017

You May Also Like…

Skip to content