From the April/May 2010 Issue
[If you've already read the first part of this column from our print issue, you can click here to jump to the bonus online content.]
Ever since the computerization of America in the early 1980s, technology experts have been preaching the gospels of data safety, especially the use of virus protection systems and data backup.
You know why data backup is important, of course, but how vigilant are you in practicing what you know is a mission-critical issue? If your computer or server crashed right now, how much of your work would you lose? A day? A week? More?
If your computing systems were damaged by weather, fire or theft on April 1 of next year, would you survive tax season? Would your professional reputation, your client relationships and you’re your practice survive to see the next year? Backing up your computer files and having a way to retrieve them quickly is that important.
WHY LOCAL BACKUP IS NOT SAFE
There have been many variations on data backup over the years, most essentially being what’s referred to as local backup, meaning that the data is kept totally within the walls of the practice, or at least with them.
As an example of the most basic level of local backup, many professional tax and accounting systems have included for years what they called backup functions. But most of these simply keep a duplicate copy of some data on the same computer. This may be better than nothing, since at least if the original file gets damaged, the copy is available, but when the problem is a crashed hard drive or permanently damaged computer or server, this kind of backup offers no protection.
Other examples of local backup have included tape drives and CD-based systems, with users performing a manual backup routine at the end of the day. There would usually be at least a few different tapes or CDs, sometimes one for each day of the week, which the users would copy information to and then take home with them or store someplace within the firm. External hard drives also fit into the local backup category. Essentially, these systems perform backup to an external device that is usually located alongside the computer, with data transferred via USB cable. External systems at least protected against computer failures, but the information was usually still in the same office and, therefore, still vulnerable to the other issues of weather, fire, theft or sabotage by a disgruntled staff member.
WHY WEB-BASED BACKUP IS BETTER
Tax and accounting professionals have long been leery of relinquishing “control” of their client data to anybody, anywhere. At some level, this is a matter of self-preservation, but the skepticism regarding web-based remote backup is also due to the wrongly believed notion that the data is safer in the professional’s office.
After all, we see and read news of identity theft all the time, and no professional wants to be at fault for exposing his or her clients’ information. The truth, however, is that there are far more potential risks to your data at your office, including crashes, fire, sabotage, theft or employee negligence (like leaving the program open and exposed to other staff, maintenance or other persons).
The point is, whether or not a firm uses web-based backup, any of these things can happen to their client data. But for practices with their data securely stored at a remote location, it can be easily retrieved and staff can get back to work. With many web-based remote backup systems on the market, the data is even stored at more than one location, meaning that even regional disasters won’t result in lost data.
[Online exclusive content starts here, continued from April/May print edition above. ]
Security: What to Look For
The key to web-based backup systems is in the security protocols used. Fortunately, the AICPA essentially wrote the rules and set the standards on what “secure” means when it comes to data security. The SAS 70 Type II accreditation certification is essentially the stamp of approval that professionals should look for. To achieve this accreditation, the data centers where information is stored, and the hosting companies themselves, are inspected for the use of many layers of data protection, including encryption technologies, physical security, personnel backgrounds, access rights and even building construction.
There are many web-based backup options available, but the SAS 70 Type II accreditation is a key to identifying systems designed for professional use. Also to look for are backup systems that offer higher storage capacity than consumer-level products, and the ability of the system to automatically find specific types of files, such as QBW, QBB or your tax program’s data file extensions. Although web-based backup systems compress the files, they can still be quite large when dealing with dozens of clients and other programs, so even small practices should look for at least 40-GB of capacity.
Encryption Basics
Encryption refers to the scrambling of data into an unrecognizable and meaningless jumble of characters. Essentially a random secret code. While companies achieving the above certification must demonstrate high-level encryption of data (generally at least 128-bit encryption or higher), another issue to consider is when and where that data is encrypted, since the company only has to demonstrate that it is safe when while in their control. In other words, how safe is it when the data is being sent to them and received from them?
With web-based backup systems, data travels over the Internet. And we all know what a back alley place that can be. So professionals should use a system that encrypts the data before it leaves their computers or servers, and stays encrypted at all times until they receive it back.
Automated Backup
The weakest link in the backup chain has always been the human users. The old backup systems like CD, tape and even external hard drives were pretty good at backing up data, but because they often required complex setup and configuration, manual processes and daily operation by someone in the office, they weren’t always used as religiously as they should have been. Remember, a backup system only works if it’s used.
Fortunately, the new generation of web-based backup systems help automate the processes. After setting up the system and telling it what folders or kinds of files you want it to save, the systems can automatically search and backup that data to the secure data center, and usually when the computer is not being used, which means it won’t slow down client work.
With the smarter backup systems on the market, the brief setup tasks are all that the user ever has to do, although tools are available if the user wants to verify backups and test the system. So, after setting it up, there’s no continuing need to remember to perform the backup or wondering how up-to-date the backups are. This hands-off approach is the best approach, because it removes the possibility of human error or forgetfulness, while automatically ensuring that backups are performed.
Backing up client and firm data no longer has to be the chore it once was. With automated web-based backup, professionals can basically “set it and forget it,” while knowing that if technical or natural disaster visits, the data is safe and can be retrieved.
Copyright 2010 Cygnus Business Media
