Every week I'm lucky enough to be invited into accounting firms to provide advice on how they can better leverage IT to make themselves more productive, efficient and offer higher value services to their client base.
However, that's not what this post will be about. This is about a disturbing trend I've been seeing over the last few months, many of you are paying for simple services that are not being provided.
Although it seems like everyone is moving to the cloud, there are still a large number of firms who are running hybrid systems. By this I mean you would have a server in office for some of your applications (e.g. MYOB, APS) and some applications in the cloud (e.g. BGL360).
The Backup and Restore process also tends to be moved into the cloud, which means that once a day (or multiple times a day) your data is sent into the cloud where it is held in the event you need to recover a file you may have lost.
With ransomware attacks on the rise, more accounting firms are relying on restoring their data from their cloud backup to avoid losing months of work or paying the ransom.
Now at this point it would be fair to assume that if you're paying for your data to be backed up in the cloud (some firms can and do pay well in excess of $ 1,000.00 per month for this service) that when the time comes to get your data back that it would be there for you.
And this is where it gets disturbing. Many of these firms I speak to have had incidents where they suffered a ransomware attack, asked their IT provider to restore their data from the cloud backup only to find that the backups were not being completed or the most recent backup were some years old.
Only last week (and the reason I wrote this piece) I spoke to a 20 user firm who were victim of ransomware attack only to learn that when they asked their IT provider to restore their data found that the last usable backup was 9 months old.
You might ask how does this happen? Well is happens because no-one asks.
We rely on our IT partners to complete the tasks they say they will, we have trust in them (and so we should) but that does not mean we should not ask for reports or proof of work being completed.
As your IT systems become decentralised and more and more applications move into the cloud, it's becoming easier for some providers to ‘pass the buck’ and blame other parties but there is no reason for it to be this way (but that argument is for another piece or you can read how wonderful we are here).
I know servers, backups and applications can be confusing, and I know it's easy to ignore it and keep doing what you are doing now as trying to change something you don't understand can feel impossible.
The outcome of this is not to ask you to change what you are doing, but if you have made it this far (and thank you if you have) ask the following question to your current IT partner:
"Can you complete a test restore of some random files each month and provide proof that this worked?"
You can ask for anytime frame you want, but don't let this go longer than a month. Also, getting a daily report saying the ‘backups have been done’ is not enough. I know this because the firm who lost 9 months of data were getting these ‘reports’ every day.
Also, while I'm at it, there is a big difference between ‘cloud backup’ and ‘disaster recovery’. Make sure you understand what each means and how long your business may be offline if you were a victim of ransomware.