This is Part One of a new series for GDPUK, on computers and dental practice sytems.
Backup is without doubt the most important element of your IT Infrastructure, without a robust backup process in place in your practice your patient data is at risk, and if you lose your patient data, your whole practice is at risk – 60% of businesses that lose their data close within 6 months1
So, the question really is, do you know if your data backup process is up to it’s job? Look at these five questions and see how you would answer:
So, where to start with backup. Well, as it is so important to ensure you are backing up data, and the fallout from losing data is so severe it can seem quite daunting, but actually with one simple rule you can make sure you protect yourself from any data loss. I could easily write 100 pages on backup and all the nuances, best practices, regulations, ISO certificates, different software and hardware solutions – but that would just bore everyone. So instead I felt your time would be better suited to an explanation of this rule:
The Rule of Three
The rule of three is the bare minimum you should be doing to protect yourself, in my opinion you can NEVER have enough backup and this is something I always try and impress on all my clients. Ok, onto the rule of three, as this graphic shows it’s quite simply a ‘ 3-2-1 countdown’
3 - Three Copies of Your Data
Quite simple one really to start off with, ensure that you have at least THREE copies of your data as a minimum, this can include the live copy that you are working from. In this example there are three copies
2 - Two Different Media Formats
This means across different physical storage devices, the data on your server counts as one format type and the second media format could be the “cloud backup” copy of your data.
There is nothing to say you have to stop there, even if, in your practice you have a NAS box (another format), you can still connect a USB hard drive to your server and run a Windows backup directly to that – remember what I said earlier, it’s impossible to have too much backup going on.
1 - One Copy of the Data is Offsite
This does not mean your Head Receptionist or Practice Manager taking it home in their handbag, or you taking it home and leaving it with your keys and loose change in the hallway of your house. It actually means a robust, certified, encrypted copy stored away from the premises, the most effective way to do this is via “the Cloud”. There are plenty of providers out there, the things to check for in the first instance is their location (UK preferable) and also their ISO ratings and security arrangements (and ask for client testimonials too).
If you follow this as a foundation for your practice backup then when the inevitable happens (as it will) and you suffer some form of data loss (either from hardware failure or virus attack) then you are in a much stronger position to get back to a working.
Backup is only one part of the data protection strategy in your practice though. Prevention is always better than cure so there are also other things to consider that are equally as important. Running through these (in no particular order):
1. Antivirus Protection
What antivirus you have is key, not only must it sit on your PCs at your practice and protect you from viruses, ransomware and other nasty programs, but it should NOT interfere with your dental software – this can sometimes take some fine tuning of the settings. In 12 years of looking after Dental Practices, we have our own opinions of what is the best and we strongly recommend ESET – we receive no financial reward for recommending them, just the satisfaction of knowing that it does ‘exactly what it says it is supposed to do’. It just sits on your server (and workstations) shielding you from viruses and ransomware (remember that thing that hit the NHS in spring 2017) – they are also the best at recognising new virus strains and ‘first day attacks’.
2. Windows Updates
Keeping your Operating System up to date is crucial, the NHS attack happened because some of the PCs inside their estate were still on Windows XP – this went out of support many years ago. Everyone should now be using Windows 10 as their base operating system and should make sure that updates are configured to install. If not all of them, then definitely the crucial security ones. If you ask your IT support, they should know exactly what is going on with your updates, if they don’t it’s time to make them earn their money.
3. Disaster Recovery Plan
If disaster does strike and you suffer a data loss it is important that you keep a clear head and approach the problem logically and methodically.
This is easier said than done though as human’s do tend to panic when we are stressed, therefore it is important to have a well thought out and comprehensive disaster recovery plan. This should include step by step instructions, important contact numbers and the location of the nearest bottle of whisky – ok, so the last part is joke, you can drink once the data is recovered! But it is important that you plan for the inevitable with a well thought out and documented plan so everyone knows their roles and you can manage your way through the data loss with the minimum of disruption to Patients and the team.
Backup is daunting, of course it is, because it is your critical practice data, losing that is something that no Principal Dentist ever wants to consider. However once you get past the ‘scary’ aspect of the task, and focus on it as any other task and as long as you follow this simple guide you can at least sleep at night knowing your data isn’t going to get lost, compromised or ransomed off by the latest strain of ‘ransomware’.
The caveat to all of this however is: If you are ever in doubt, bring in the experts!
1according to a study by “The Diffusion Group”, who surveyed small business organisations, 60% of companies that lose their data close down within six months of the disaster and a staggering 72% of businesses that suffer a major data loss disappear within two years.