Part of spring cleaning your cluttered digital space is having things set up so that you also have peace of mind – which creates more SPACE in your life by not having to worry if and when things go wrong.
Let’s face it, files will accidentally get deleted, your website will get (or may already have been) hacked, you may or may not be in compliance with IRS regulations when it comes to file archival and retention, your team may forget, you may have assumed something was being done when it was not… we are all human and things happen.
Which is why it’s super important you have a backup plan.
In this episode, we talk about backup basics and contingency planning because I don’t want you to be left unprepared and unprotected. I go over why you need a backup system, common myths, plus my 4-point web security plan.
Hi and welcome to another episode of Systems Sunday.
Part of spring cleaning your cluttered digital space is having things set up so that you also have peace of mind – which creates more SPACE in your cluttered life by not having to worry when things go wrong.
I’m Lisa Wells your Virtual Assistant Trainer.
Let’s face it, files will accidentally get deleted, your website will get (or may already have been) hacked, you may or may not be in compliance with IRS regulations when it comes to file archival and retention, your team may ‘forget’, you may have assumed backups were taking place and only when you went to restore something did you learn it was not being done. We are all human and things happen.
Which is why it’s super important you have a backup plan.
In this episode, we’ll be talking about backup basics and contingency planning because I don’t want you to be left unprepared and unprotected. I go over why you need a backup system, common myths, plus my 4-point web security plan.
I think we all know that we need to have a backup system in case 1) loss – you delete a file, computer breaks or hard drive goes bad, overwrite a file, 2) down website – get hacked, someone injects spam into your site or otherwise the site is unusable, and finally, 3) compliance – business owners are required to keep business records for a required amount of time. The IRS and regulatory commissions don’t care if you had a data disaster, all it means to them is that you’re not compliant and they can come after you.
Here are some of the more common reasons why people may not have a backup plan, what I call most popular excuses:
- I keep everything in the cloud. Cloud storage is great, but it only works for files and it’s limited at that. For example, if you are using Dropbox Plus account and you overwrote a file and want to restore the file you had from 6 weeks ago, you cannot do this.
- My hosting provider does this for me. I had a client who believed that. She thought someone on her team was doing her backups and only until we had to do a restore did she find out it wasn’t being done. And there could be other reasons – the restore service was limited, costs money, or otherwise isn’t activated.
- I copy files to a hard drive. That’s great as a secondary plan, but if a fire or flood happens and your external hard drive is located in the same area, there goes your data.
Don’t be passive about this very important part of your business. Have a plan in place in order to prepare because 10% of hard drives fail within 3 years, hackers work 24/7 to mess with you, and we are all human and will make a mistake at some point.
Here’s my 4-point web security plan:
During the auditing phase, you will track user accounts and all the items that you want to protect.
The first task is to write down the programs, services, hosting accounts, list manager services, shopping cart accounts, shared files, and companies that you use to run your online business and where the program is located. Some examples are: hosting accounts (where your web files are located), and shared files (centralized online via a secure site or are they only on your hard drive and you email them to people on an as-needed basis?)
Of course, the best route to protection is through planning and prevention. But the problem is this: we don’t know what this means exactly.
During the planning phase, you will write procedures for preventing, detecting, and responding to web security threats. You will also provide team members with a standard operating procedure.
A typical example is that the business owner assumes that their virtual assistant is backing up their site only to find out too late this isn’t the case.
This is why it’s important that the business owner create the plan so that the team may follow it. Don’t leave anything to chance – it’s YOUR business.
Here is where we get into the meat of a security plan. Take a look at your audit list. You will be creating your security plan and business’ standard operating procedure based on that list. This plan should include, at a minimum:
- backup strategy
- user accounts policy
- password policy
- badware / malware prevention and protection
- business continuity plan
- team roles and responsibilities
- file organization and structure
…basically, it is the business setup, contingency plan, and operating procedures all rolled into one.
Executing your plan is where you will communicate with your staff, train where necessary, and carry out the plan. A good backup strategy includes onsite backup and offsite or remote backup and includes local files as well as remote files.
I’ll use my business as an example. Like many of you, I have a laptop computer and I use the WordPress platform for my business websites.
For the files on my laptop, I use Carbonite which automatically backs up all my files on a daily basis. If I accidentally deleted or overwrote a file, I can restore it from a backup I did a day or a week ago. I also use Dropbox for archival storage and in case something happens to my computer, I can always get access to client files pretty quickly using another computer because all of the files are synced to the cloud.
Because WordPress is the most popular platform, I’m going to use that as an example. There are lots of WordPress plugins that do backups, and the great thing is that there are some really good ones that are free.
UpdraftPlus is very popular and free. It allows you to create a complete backup of your WordPress site and store it on the cloud or download to your computer.
The plugin supports scheduled backups as well as on-demand backups. You also have the option to choose which files you want to backup.
It can automatically upload your backups to Dropbox, Google Drive, Amazon S3, Rackspace, FTP, SFTP, email, and several other cloud storage services.
Besides backing up each WordPress website, UpdraftPlus also allows you to easily restore backups directly from your WordPress admin panel.
UpdraftPlus also has a premium version with add-ons to migrate or clone websites, database search and replace, multisite support, and several other features. The premium version also gets you access to priority support.
No matter which plugin you choose, make sure it will allow you to schedule your backups so that you aren’t having to remember to do this every day, and also be sure to store your files that are created during the backup in a place separate from your website. For example, store the files in a Dropbox folder and not in a subdirectory of where your website is hosted.
As for a schedule, you can do daily or weekly full backups with a daily database backup. If you’re not familiar with WordPress backups, there will be a setup guide that will walk you through all of this.
If you use different types of hosting platforms other than WordPress, do a Google search to see what backup systems are recommended, but the same backup strategy can be applied no matter the method.
The final part of the security plan involves updating and modifying the plan as changes occur in your business such as adding new programs and services or if you bring on new team members or change their roles.
Here is an example of what you can include in your security plan for this section:
MAINTENANCE AND MONITORING
Joey will be responsible for security on a day-to-day basis, with Ann taking overall responsibility. Joey will monitor virus logs and backup status.
On a monthly basis, Ann will make sure that WordPress sites and plug-ins are up-to-date and that the backup and restore procedures are working properly.
On a quarterly basis, Ann will conduct an audit on user accounts and change passwords for all Administrator accounts.
Ann will be responsible for ensuring that new team members are fully trained in the company’s security policies and procedures.
If you enjoyed this episode and want a shortcut in creating and documenting your security plan, check out my training guide, Creating Your Small Business web Security Plan. After you complete this training guide and implement the easy strategies and how-to’s, you will:
- Have a sound security plan
- Be able to implement secure policies for your team and/or clients
- Have peace of mind
You can find a link to the product below or visit my VA Business Builder Boutique by clicking on Shop in the menu bar.
I’ll see you next week on my spring cleaning series where I’ll show you the art of unfollowing on social media.
Catch up on other Spring Cleaning Your Cluttered Digital Space episodes + resources mentioned in the video:
Did you enjoy this episode and want to put it into action? Grab this guide!
Creating Your Small Business Web Security Plan
It doesn’t matter if you’re a Fortune 500 or a one-page site, we are ALL at risk.
That is why I wrote this ebook with YOU in mind. After you read this guide and implement the easy strategies and how-tos, you will:
- have a sound security plan
- be able to implement secure policies for your team and/or clients
- have peace of mind