Data is a primary asset of membership-driven business models like health clubs and gyms. Protecting this critical asset (i.e. member records, A/R history and more) from harm (lost or stolen data) should be a top priority. Performing regular backups of company data and further verifying these backups are critical steps to mitigating the risk of the disruption to daily operations. Significant potential exists for a negative impact on revenue generation to occur due to data being lost or stolen. Below are steps club operators can take to protect this valuable asset, the membership database and all that goes with it.
Backing up data should happen as part of a regular, scheduled process.
Start by cataloging where all data is stored. For example, how much is in the cloud and where is it?
- Where is all club management software data stored?
- Are file servers set up with files?
- Are employees using personal computers or cloud providers to store club data?
- Are there separate systems that manage prospects and other data for various aspects of the overall business, such as summer camp data?
Once all the data locations are cataloged, next is to figure out how to get the data out of these systems to back them up.
- Vendor partners may be helpful in extracting data, other times a manual export of data out of a system or program works just fine.
Establish a backup plan and location for these.
- Daily or weekly backups of all data to one central location are ideal.
- Include a monthly “data verification” day where a small portion of the latest backup is restored.
- Verify that all the restorations work, and that each restored file can be opened and/or loaded into a temporary location for verification. (an example is Syncback Pro for all file backups (https://www.2brightsparks.com/syncback/sbpro.html).
- Test 5 or 10 separate files, and make sure to test each type of file separately. For example, open an excel file, restore a database backup to a temporary location and make sure that it can read from it, etc.
- Set up an email alert for when backups succeed or fail. Syncback Pro also has built-in support for backing up straight from the cloud (dropbox, onedrive, etc.)
A Disaster Recovery Plan should be mapped out BEFORE there is a disaster! Any sort of data loss is a disaster and there are many things that could cause data loss – fire, theft, ransomware, or hardware failure just to name a few.
It is highly recommended to have both on-site and off-site backups.
- Off-site backups will protect against backups getting held for ransomware, deleted accidentally, theft, or destruction (fire, hardware failure).
- The most important part of an off-site backup is to make sure all data on the off-site drive is encrypted. This will prevent a data breach if the off-site backup drive is lost or stolen.
- Veracrypt (https://www.veracrypt.fr/code/VeraCrypt/) is an option
A typical backup routine could look something like this –
- Purchase two external USB drives (2TB or bigger)
- Use Veracrypt to encrypt both drives with a very long password
- Keep one of these off-site, and one on-site and back everything up to these drives, swapping them monthly
- Make sure to test restoring files off-site as well
Regular backups do more than keep the database clean, accurate and current. They also serve to keep the business running in the event of an emergency. For instance, what happens if the cloud provider goes down? Files are corrupted? The database gets hacked and all data gets deleted or held hostage?
Using a cloud provider for data storage minimizes risk, but it is still imperative to back up any files that are on the cloud. When files are ONLY in the cloud and not stored anywhere locally, the risk is when (not if) the cloud provider goes down or even worse, has a data loss.
To drive this home, here’s a worst-case scenario. The club management software in use has all the data hosted in the cloud. The provider gets hacked and all the club's data gets deleted or encrypted with ransomware. What is the disaster recovery plan? If there isn’t one, the business is in trouble. The cloud provider maybe has their own backups of the club’s data that they have verified are working. Either way, this critical asset (the database) is at the mercy of your provider.
The key takeaway is that while none of these scenarios (corrupted files, database is hacked, systems crash) are that big of a risk, smart operators err on the side of caution and choose to proactively mitigate the risk by establishing regular backups with periodic data verifications and having disaster recovery plans in place.
Get in touch to ask questions or learn more about best practices for data management.
