Prevent Data Loss from System Crashes or Cyberattacks
Hello again,
All companies are vulnerable to attack by cybercriminals from all over the world. These criminals want to extract money from you with a promise that they will then decrypt the accounting and business data. They may also steal your data and after you pay the ransom to decrypt your system, make you pay again to “buy back” your data or threaten to sell or publish it.
It’s important to make every effort to avoid engagement entirely by using world-class malware prevention methods and network security. Cloud backup is excellent insurance in the event that your other efforts fail.
Small businesses, not just large corporations, are a target for these cybercriminal organizations. While there certainly are individual hacker-cybercriminals, there are also large syndicated, sophisticated criminal organizations that operate at scale and are very happy to catch small business who are generally easier targets.
For example, a small accounting firm that performs accounting and payroll services called us one morning because they could not run their PBS system. It became clear the problem was not the software, and we recommended they speak to their IT company. As it turned out, the reason they could not run their system was they had just been hacked and the hacker had encrypted their data. A ransom message was waiting for them on their server.
Options
Their options included paying the hackers and hoping that the encryption key actually worked, which is not always the case. They were not willing to pay that money, as they preferred to pay to have their server rebuilt and start over. Also, to bring in forensic experts and the FBI would have been expensive.
We had set up nightly backups saved on their server, but they were also encrypted. So, the fallback was on outside backups – but their IT firm, as an oversight, had never set these up, so there was no backup of their business data.
Luckily, we had a copy of their data from a support call several months before. They patched up the security holes, patched up their server, and installed a new PBS system with the data we had. They were able to start managing new orders in the system. And, over the next several months, they manually re-entered previous orders to have good books for year-end.
If proper backups are made, you may only lose a week’s worth of data, but the problem can be mitigated quickly.
In another circumstance, a customer showed us some errors they were receiving on their server. Their backups were failing, and their hard drive on an old server was failing. We recommended they act immediately and get a new server and upgrade the software. However, they waited two months, and their hard drive died.
Ultimately, they had to spend $6K to ship their drive off to a company for restoration services and were forced to run on manually prepared paper records for two months while they waited – they had no inventory visibility, order status or other vital insights during this time.
Technology
It’s important that you don’t assume backups are being implemented by your IT support tech. There should be ongoing communication and planning for a software/hardware malfunction or cyberattack and other potential threats. Implement a reasonable and effective plan within your budget.
If your business is critically dependent on your software data, not having a backup can significantly impact your operation. It’s common for companies to spend $20K or even $50K for data restoration and a reformatted server/software implementation. There are also costs on delayed processes, and even lost business when you are manually tracking.
There are two kinds of backups – complete (all your files) or incremental, a process that backs up only the ongoing changes you make in the software. A complete backup is a simple, effective way to ensure everything you need is backed up.
We suggest running the backup overnight as it can take a couple of hours, and check the report in the morning. Running this on a daily, weekly, and monthly schedule would give you a full archive for a whole year.
Depending on your budget, you might copy data to a network drive. However, this is vulnerable to cyberattack if the network drive is online all the time. If you use a local drive, use one that’s dismountable, and turn it off after the backup is complete. You can take a dismountable hard drive home with you over the weekend in case there is a flood or fire in your building.
Cloud backup is useful in the sense that it provides offline storage, but it might be slow depending on the quality of your internet. The data volume and the time it takes to complete will be part of what you and your IT consultant will want to consider when you devise your disaster recovery plans and select backup options to meet your specific needs.
How to Choose
Get advice from a trustworthy IT professional and take the advice seriously. However, also think about what you need – not from a technical point of view, but from a business point of view. Also, consider what you can afford.
The most important thing is to make the scenario of a system crash/cyberattack real. How long can you afford to have your critical business functions completely stopped? Half-a-day? Two days? A week?
Then, have a frank conversation with your tech team or trusted advisor about your concerns and what the options are. Do not let them casually reassure you – “Oh yeah, we do this all the time, so leave it with us.”
They should understand your business processes, business cycles, budget, if you want it in-house, and how long you can do without critical functions.
If your backup is automatic, you should be vigilant that the process is implemented appropriately. Periodically, perform a restore to make sure the system works. You may want to do this quarterly or even monthly.
Schedule a review with your tech support, so they can verify your backup is in fact working. How far back can you see yourself being inconvenienced by missing data? For example, what does three days of lost data financially cost you in terms of data entry, customer satisfaction, loss of sales, etc.
After implementing backups, make sure you have a point-person provide a status report, and actually open and review these reports for verification.
Passport Software
Passport Software provides an array of on-premise business software solutions designed to help your company streamline and improve profitability.
With on-premise software, you manage your own server and have more complete control of access and security measures. Your company is responsible for setting user access policies, installing firewalls, antivirus software, and installing security patches promptly. A security patch is a software update that resolves a bug or security vulnerability in your software.
With appropriate IT support, on-premise software can better ensure that your company’s servers are protected. You don’t need to rely on an outside company to host and manage security for your private data. In addition to controlling security measures, companies are returning to on-premise software to minimize costs and secure critical data ownership.
Passport Business Solutions™ (PBS™) is on-premise, professional-level software with a one-time licensing fee and a nominal fee for annual updates. With PBS™ desktop software, you own your data, control security measures, and our expert consultants can tailor a solution to meet your unique needs.
Call 800-969-7900 to learn more about how PBS™ Accounting, PBS™ Manufacturing, PBS™ Distribution, and other business solutions can help your company streamline and grow. Or, contact us – we are here to help.