Strategic Management Newsletter Registration

 

Data Storage Strategies

Data Storage Strategy for SMBs in U.S. Manufacturing and Services Industries

Leverage Hybrid Cloud Solutions for Flexibility and Cost Efficiency: Small and medium-sized businesses (SMBs) in manufacturing and services should adopt hybrid cloud storage, combining on-premises infrastructure with cloud services like AWS, Azure, or Google Cloud. This approach ensures critical data (e.g., production schedules or customer records) remains secure and accessible on-site while leveraging the cloud for scalable backup and disaster recovery. Hybrid setups reduce costs compared to fully on-premises systems, with cloud storage pricing often starting at $0.01–$0.03 per GB/month, ideal for fluctuating data needs.

Prioritize Data Security and Compliance: Manufacturing and services SMBs handle sensitive data, including intellectual property and customer information, requiring robust security. Implement end-to-end encryption, multi-factor authentication, and regular security audits. Compliance with regulations like NIST 800-171 (for manufacturing tied to federal contracts) or CCPA (for customer data in services) is critical. Use storage solutions with built-in compliance tools to avoid fines, which can reach $7,500 per violation under CCPA.

Automate Data Management to Boost Efficiency: Automation tools can streamline data organization, backup, and retrieval, reducing manual workloads for lean SMB teams. Solutions like Veeam or Synology offer automated backups and data tiering, ensuring frequently accessed data (e.g., inventory logs) is stored on faster, pricier drives, while archival data moves to cheaper, slower storage. This optimizes performance and cuts costs, with automation saving up to 30% of IT staff time, per industry studies.

Plan for Scalability and Disaster Recovery: SMBs must anticipate growth and potential disruptions. Choose storage systems that scale seamlessly, such as modular NAS devices or cloud platforms with pay-as-you-go models. Implement a 3-2-1 backup strategy: three data copies, two local, but on different devices, and one off-site (cloud or remote). This ensures recovery from ransomware or hardware failures, critical for manufacturing downtime issues. Regular testing of recovery plans minimizes operational risks.

Security Adoption in SMBs

By: John Bentham Tuxboy Consulting

I know… boring title, but one of the most significant issues facing IT organizations today is getting their clients, whether internal or external, to adopt healthy Security measures.

To prove this point, let’s get personal with a couple of questions.

When was the last time that you (not your IT Support team) decided “Hey, I really should change my password; it’s been awhile.”  Probably like most of us, you’re thinking “Well, I haven’t been hacked yet, so I’m good.” Unfortunately, a hack may have occurred without you even knowing about it. Without regular systems audits, it can take months or years for security irregularities to be discovered.

“Many white-collar crimes are challenging to detect because losses may not be immediately apparent to victims and/or they are masked by complex schemes and cover-ups.” (Source: ACAMS TODAY)

Next question. How would you continue to serve your clients if you were suddenly unable to return to your place of work? No pun intended, but it doesn’t happen by accident. The continuity of your business operations is essential to you, your clients, and your community at large, and effective communications is a vital component.

“The No. 1 goal with any crisis messaging is to address the burning questions that your customers have and to demonstrate that you’re doing your best to address their needs and that of your employees.” (Source: Disaster & Crisis Messaging Best Practices)

Your answers to these questions will either highlight the Security measures your organization has already taken, or it will demonstrate the need to adopt them.

What to do?

Let’s talk briefly about a Security Posture. While it can mean many things to different organizations, it is essentially the status of all the policies and procedures you’ve put into place to guard your organization against threats both physical and digital; this includes physical barriers, disaster mitigation, access control, data integrity (software APIs, system redundancies and data backups), and the really difficult part – getting personnel to adhere to stated policies and procedures.

If you don’t do anything else…

At a minimum, here’s a list of three To Dos that any organization with more than one employee should have in place:

1. A written Standard Operating Procedures for Data Security

If the thought of writing an SOP seems overwhelming, consider using a template (Google is your friend here). This is your opportunity to convey the data security expectations of your business to employees, applicable laws governing their management of data, as well as the consequences of non-Compliance.

Depending on the types of data your organization handles, your SOP will look different than others. For example, three of my clients include a Tax Preparation office, a Retail store, and a Medical Practice. How the data in each of these organizations is handled is governed in part by Federal statutes (e.g. HIPAA) where the consequences for non-Compliance is severe. Not all data types need to be treated equally, but they should all be protected from inadvertent disclosure or accidental destruction.

It may be that your IT Support team can enforce such things as periodic password changes, scrubbing emails for sensitive credit card or personal information, but if this is outside of your IT budget, having a written and employee-acknowledged SOP, and regular training, is a good way to start and can help protect you legally.

2. Backup Important Files

There are numerous ways to accomplish this, and many are available on the device you’re using to read this article. Microsoft offers a free version of OneDrive built into the Windows OS; Google offers it’s own version of online storage with Google Drive; your smartphone likely has its own backup to the Cloud. Office computers can easily synchronize files to a local network drive or Cloud based storage solution.

Whatever products you have available, none of them will help if you don’t set them up properly and monitor their use. Are the applications disabled? Are they syncing periodically? Are they backing up the files you need? Do you have access to previous version of the files, should it be necessary to retrieve them?

Having even the most basic form of systems backup can literally save your business and reputation in the event of accidental deletion, compromised systems, or worse.

3. When Disaster Strikes

You don’t have to look far to realize that almost anything can take away your ability to conduct business: a fire in a nearby building or a water main break can temporarily prevent you from accessing your place of work; catastrophic events such as large fires or floods can keep you away for much longer. Having a Disaster Recovery Plan ahead of time will help you and your team resume business operations more efficiently, and certainly much faster than having no plan at all. Additionally, you will have the necessary procedures in place to access your important data and continue serving your clients.

This too may sound overwhelming, but here’s a good way to start thinking about what your plan might look like:

a) If I were to lose access to my place of work, what would I need with me to continue? Passwords to access Cloud applications and files? Important documents that may not be stored online? Supplies that are difficult to source? Temporary workspace for employees?

b) How do I assure my clients that I can continue to serve them with minimal disruption? Do I have the necessary information to reach them and provide updates?

c) What does my “recovery” look like? How soon can I resume normal operations at my place of work?

Next Steps

If you think you don’t have time for this, consider the adoption of your Security plan as an internal Insurance Policy against bad actors and events. It doesn’t have to be overly complicated.

1. Do I have written Security SOPs in place?
2. Do I have a Data Backup plan and am I using it?
3. Do I have an Operational Backup plan that keeps my client’s data secure and allows me to keep going in the event of a disaster?

Having a plan doesn’t guarantee something bad won’t happen, but it does provide the tools for a less painful recovery.

So what’s your Posture look like?