Some complications are unavoidable. These include, as you know, backup and security, plus things like coping with data protection requirements. But as you will be a startup business working from home, I suggest using home technologies as far as possible. You can move to a business-oriented approach when you need to expand. When that time comes, you will have a much better idea of what you actually need.
Cloud Computing Security: Foundations and Challenges
However, note that the Home and Personal versions of Office 365 are not licensed for commercial use, even though many people don’t know about or ignore this restriction. If you’re on a Home version, I suggest switching to one of the small business versions (up to 300 users), if only for the 24/7 support.
Office 365 Business Essentials is the cheapest because it doesn’t include the desktop Microsoft Office programs, which Office 365 Business does. In the long run, Office 365 Business Premium is the best option because it includes business-class email with your own domain name via Microsoft Exchange. It also includes a calendar and booking feature, SharePoint and Teams collaboration software, invoicing, and a lightweight CRM (customer relationship management) program.
There are many things to consider when choosing anti-malware software. How good is it at protecting your PC? Does it create other problems by making your PC slower or by blocking things unnecessarily? (File blocking and “false positives” can be frustrating.) How valuable are the things you need to protect? What are the risks? How much does it cost?
Microsoft Defender (formerly Windows Defender) is good enough for most home users and many business users. It doesn’t offer the maximum protection, but it rarely causes any problems, and it’s free.
Folder Lock - Data Security & Encryption [Download] £12.79
Some people should consider paying for extra protection. For example, they may have data that is particularly valuable, because they work for a financial institution or whatever. They may be potential targets because they work for a non-governmental organisation. They may be at greater risk because they surf hacking sites or the dark web, or because a lack of understanding leads them to do silly things. People who have the best AV software can still get their PCs infected by attacks based on scam emails and/or fake websites and “social engineering”. You can email people password-protected viruses and persuade some of them to decrypt and run the files.
Paid-for anti-virus suites try to improve on or offer utilities that Windows lacks. These can include password managers, real-time protection based on scanning background processes, anti-phishing and anti-ransomware features, controlling access to USB ports and external drives, botnet protection and network monitoring. Some of these are useful to small businesses where PCs are used by staff who are not computer experts. Kaspersky’s promotional blog post, The 10 most important features of Kaspersky Small Office Security, will give you an overview.
There are plenty of reviews of anti-virus products for small business available online. The consensus is that Bitdefender for Business is probably your best bet, and good value. Kaspersky Small Office Security for Business is worth a serious look. You can usually get a free trial period so have a quick look at the suites you fancy, preferably on a spare PC.
Oddly enough, having a good, trusted backup is also a good form of anti-virus protection. Ransomware doesn’t work on people who know all their data is safely stored offline.
Note that pretty much every effective computer security system, including Microsoft’s, now uses the cloud to store, update and check virus signatures, and Cloud AI to analyse suspicious processes. Some things – digital fingerprints or even whole files – may be uploaded for extra checking. I don’t regard this as a threat to privacy and, frankly, I think it’s stupid to block it.
Cloud systems lighten the load on the local PC, and as Webroot showed roughly a decade ago, provide better protection. Companies with “honeypot” PCs and continuous updates from millions of users can spot and deal with new and emerging threats long before they reach your PC. As a result, a growing number of companies are now marketing Cloud Antivirus or Security Cloud software. This is clearly where the AV industry is heading.
Also see: Our Security Product Reviews
In brief, you should have backups of all your business data on different media (choose between hard drives, optical discs, SD cards, online and so on) and in different places, in case you are burgled or your house burns down. OneDrive should provide an online/off-site backup of all your business data, but I’d still want some form of backup stored outside your house.
However, at this stage, I would not buy a NAS (network-attached storage) device. You don’t need one. You could justify a NAS if, for example, you wanted to stream media files to half a dozen laptops and smartphones, or your business depended on several people sharing files at once. For your purposes, the extra complexity and cost don’t make sense.
In any case, a NAS is not, by itself, a very good backup. You would certainly want to back it up to an external hard drive. Instead, just use one external hard drive to back up your PC, and a second external hard drive to back that up.
Also see: Top Tips to Increase Your Online Privacy
What you really need is a business recovery system. If something failed, how long would it take you to get back up and running? How long a delay is acceptable?
I have a desktop PC with all the files on the hard drive synchronised to an external USB hard drive using FreeFileSync, backed up to a second external hard drive. These files are not compressed or encrypted so they don’t need to be restored. If my desktop’s hard drive fails – which it has done – then I can switch to a laptop, plug in one of the external monitors, the keyboard and the external hard drive, and carry on as normal in 10-15 minutes. Of course, I had to spend some time the next day installing a new hard drive and restoring my old system from a different backup – a big, digital blob – but I could do that at my leisure. It didn’t affect my work.
It’s relatively easy for me because I do almost everything in Microsoft Office, which was already installed on my laptop, all my email is online in Outlook, and I don’t have that much data. (My whole work directory of about 12,500 files takes up about 4GB.) It might be harder for people with more complicated setups, but should be easier for you if everything is in OneDrive. You might even be able to manage with the online versions of the Microsoft Office programs.
Business recovery is a much broader concept than backups. It involves going through your business processes and working out what you would do if any hardware, software or communications link failed, or if you were hacked, or hit by some type of natural disaster.
Companies that don’t have viable business recovery strategies can easily go out of business, without a solid backup strategy.