By David Donovan, Senior Infrastructure Architect, VC3
This article originally appeared in the Winter 2023 issue of The South Carolina CPA Report
There is no denying that backing up your CPA firm’s data is important. Ransomware attacks, natural disasters, and hardware failures can easily lead to permanent data loss. It is crucial to have a plan in place if your CPA firm experiences an incident that leads to data loss. A true data backup involves having a copy of your most important information stored offsite so that, no matter the disaster, you can recover your data.
However, many CPA firms often think they are backing up their data when, in actuality, they are not following several important best practices. If something were to happen to your data, not following these best practices may jeopardize your ability to recover that data.
Let’s look at five basic data backup best practices you should have implemented at your CPA firm.
- Back up routinely and frequently.
A great way to ensure that none of your most important data ever gets lost is to schedule backups routinely and frequently without long intervals between the backups. Without a schedule, remembering to perform a backup could fall between the cracks and you could lose some of your most important information in the wake of an incident.It’s also a best practice to ensure that you more frequently back up data that changes more often, such as tax preparation data or documents your employees are actively working on. Data that is archived or changes infrequently can be less frequently backed up. - Have both onsite and offsite data backup.
In case of a smaller incident, such as a server failure, an onsite backup solution can allow for your CPA firm to be up and running again in minutes. For example, you may have a redundant backup server replicating the information on your current server. If the original server fails, this backup server can take over—giving you access to your data within minutes and maintaining your operational continuity.However, in the case of a natural disaster or ransomware that affects even your onsite backups, you need offsite data backup to preserve your data. That means storing your data physically far from your building, just as through a cloud solution or data center. If your onsite servers are destroyed, your data will be safe and sound in a different location. While it may take hours to access your data and restore it into a usable state, you know it’s there.It is important to have both an onsite and offsite data backup plan in place. While onsite backups are very beneficial for smaller incidents, they cannot protect you from larger disasters.
- Encrypt your backup data.
In case a cybercriminal or unauthorized person accesses your data backups, you need to encrypt them so that your information is unreadable and useless. Encryption of data at rest and in transit—such as when you’re sending data backups to your data center or cloud provider—turns your information into garble unless an authorized person is accessing the information. - Periodically test your data backup.
The responsibility you have for backing up your data goes further than just, well, backing it up. You need to perform periodic tests to make sure everything is running smoothly. Testing will help discover any missing gaps in your data backup or show if your data backup process fails. Through finding possible errors, you can make any necessary corrections before it is too late. You don’t want to discover critical issues with your data backup after an incident. - Keep your data backups organized.
You should always keep your data backups organized so that you can find and access critical information after an incident. Otherwise, unstructured data, even if recovered, can be useless for a long time until you find a way to fully restore databases or applications. It’s important to identify, organize, archive, and back up critical data and important records.
Many CPA firms don’t realize the importance of data backup until it is too late. Data backups are a vital practice that should be done routinely and frequently. By following these five basic data backup practices, you are already one step ahead of counteracting any cyber threats or natural disasters that could come your way that would result in data loss.