5 Data Backup Gaps and How to Fix Them
March 31 is World Backup Day. Why March 31? Because you don’t want to be an April fool according to World Backup Day’s organizers.
Human error, equipment failure and theft are just a few ways your organization could be at risk of data loss. Today, no firm or company can afford to be without a cybersecurity risk management program. If you’re like most CPAs, this is not news to you. In fact, if you’re somewhat of a data backup fanatic, you might already be paying for secure offsite storage of paper files as well as digital backups. Still, experts say even the most diligent often have gaps in their backup practices. Let’s look at some of the most common considerations and how to address them.
- Do you know exactly how to retrieve your backups? For starters, knowing the person in your office who you think knows how to retrieve your backups doesn’t count. Knowing the name of one of your cloud backup vendors is not enough. Retrieval is an often underdeveloped but equally important aspect of backup planning (see #5 below). Unfortunately, there’s no single, all-encompassing solution for backing up your systems. Even in a small firm, you’ll likely need three or four different backup systems. Tax preparation, bookkeeping and auditing software packages often have integrated, cloud-based backup options. There’s the information on your office network and server(s)—here you can choose a cloud-based solution or an onsite backup system that updates each night. Then you have your desktop and laptop PCs. And, finally, you have smart phones, tablets, watches, etc. Organize your retrieval information for ALL systems and test it—like a fire drill. If your test goes off without a hitch, you can skip the rest of this post.
- Do you back up your smart phone or tablet? 119 phones are lost or stolen every minute according to World Backup Day organizers. Fortunately, phones and tablets are easy to backup for little or no cost. Apple devices can be backed up automatically to iCloud, which is free for the first 5GB. If you have an Android device, you can automatically back up contact and email information and your app data such as calendar, browser, photos, music and things like Wi-Fi passwords. If you want an all-in-one backup solution for your Android device (recommended), Android expert Cory Gunther recommends a third-party app such as Helium or MyBackup (Pro version $6.99).
- Do you apply a retention policy to your backups? Backups and archives aren’t necessarily the same thing, but for certain systems, you might be able to cover both with one solution. Although retention policy development is beyond the scope of this post, the point is you should have one, and backups should be incorporated into it.
- Do you back up your PCs? Large and small organizations alike struggle with this one often, because of the challenge of managing PC backups. They’re dismissed on the basis that important files should not be stored on PCs. In reality, important files do get stored on PCs—even if temporarily—and PCs should be backed up. Solutions exist—both in the cloud and with an external hard drive that connects via USB. Both technologies have their pros and cons. Cloud solutions require a good Internet connection, which can be challenging when traveling with a laptop. External drives are easy to use and inexpensive—but they can be lost or stolen. Use both? Maybe, depending on what data you have on your laptop. Consider using encryption, too. It will add an extra layer of security, making your data much harder to access if stolen.
- Do you have a backup plan? Simply having a system to back up your information is not the same as having a plan. A backup plan should include identifying and prioritizing information that needs to be backed up, mapping that information to the systems and devices where that information is stored daily, and then putting backup systems in place that comply with applicable laws and regulations. Documentation for each backup system and how it is administered needs to be included, complete with authorized users and retrieval procedures.
Of course, being a CPA means more than simply protecting your own data. Increasingly, CPAs are stewards of clients’ personally identifiable information as well. Backing up data securely and regularly is an essential part of a larger data management strategy.
Whether you are just now realizing the need for a backup plan or have a robust cybersecurity risk management program in place, it’s a good idea to familiarize yourself with current methodologies and processes. Technology is always evolving, and the system you put in place yesterday might not be adequate tomorrow. Use March 31 as your day to secure your data and protect your business.
In the coming weeks, you’ll hear more from the AICPA about these kinds of business concerns when we launch our cybersecurity risk management reporting framework. To help educate members about the framework, this spring, the Private Companies Practice Section is publishing a Cybersecurity Toolkit. This practice management resource can help CPAs understand cybersecurity as it relates to their own firms and assist them in starting a new service line offering cybersecurity risk management advisory services or examination services based on the framework. AICPA members can access a preview in A CPA’s Introduction to Cybersecurity.
In the meantime, find more information about addressing cybersecurity risks and protecting client data, plus related news and information on the AICPA’s Cybersecurity Resource Center.
Susan Pierce, CPA, CITP, CGMA, Associate Director-Information Management and Technology Assurance, Association of International Certified Professional Accountants
World Backup Day courtesy of Shutterstock.