I was having a conversation with a Certified Public Accountant yesterday. I was there at his office for a different purpose but invariably the conversation turned, as it often does, to technology. The subject of our conversation quickly became his small office network, systems and his data backup in particular.
This Accountant has a cloud backup in place. He’s a truly small business – only he and his wife using two computers and a printer. There’s a program that runs in the background on his computer and it regularly sends updates to the backup provider’s storage cloud for safe keeping, in case of disaster. “Have you ever read the terms of your service agreement?” I ask. We launch the backup software for a quick look.
Leaving that issue aside I asked the CPA whether he was comfortable having his business critical information, customer lists, customer social security numbers, tax returns and other items available for inspection on the cloud provider’s server whenever they want? What about the nefarious “hacker”? How do you know the providers systems aren’t already compromised? Of course he admitted he really didn’t but he pointed out that his backup is encrypted so he’s fairly certain no one else can decrypt and view it. Good point.
I asked him where the decryption keys for his ‘cloud’ backup were being kept? He looked at me for a moment and then said, “Um … you know, I really don’t know, I guess they’re on this computer somewhere.” He was not sure. I asked him if he had a common “pass phrase” he uses when asked for one. He really didn’t remember, point taken though.
I’ve written about the “Feel Good Backup” in the past. The “Feel Good Backup” happens when a key business decision maker is not positive whether their company’s data is being backed up but they’re certain enough to feel comfortable that they’re doing what they need to. The “Feel Good Backup” is a pitfall.
Your company technology is a only a tool but your company data is the gold you are mining! Many hours each week are spent toiling in front of your technology, gathering information and providing services to your customers. After a while it’s easy to see where the vehicle becomes the focus instead of the payload.
A common mistake and here’s why
Truck drivers worry about tires, fuel and maintaining repair of their truck because it’s the tool they use to earn a living carrying around someone else’s gold. That gold is insured against loss and it usually doesn’t actually belong to the truck driver. In the case of the Certified Public Accountant however, the gold is his data! There is no insurance other than the backup he puts in place! Forget about the computers, switches, servers, printers and employees – insure your gold! As I’m sure most people are aware by now anyone can be replaced – “anyone” meaning any one person. Backup your data.
So where exactly is the accountant going wrong? Let’s review:
- His only backup does not belong to him
- It could disappear tomorrow and no one is responsible
- He can retrieve but cannot read his data without a copy of the encryption key
- He doesn’t know where the encryption key is being kept
- His key is most likely on the computer itself – after a fire where is the computer?
- He has no trusted surrogate
I’m glad he and I spoke because it really got him thinking. He’s not in a panic, which is good, but he’s exploring his options and realizing that with a few small changes he can have better peace of mind and a real actual verifiable backup strategy in place. He realizes that I’m just the messenger and he’s thankful I brought these shortcomings to light.