Are you thinking about your game plan for tax season? This series of articles will help you meet IRS recommendations for your data security plan. doing so will make sure that your clients' data and information are safer and you reduce your risk as a practitioner. This is step four of your roadmap.
There are six components to a data security plan.
- Install and update antivirus software that scans files and memory for malware
- Use firewalls to shield your computer or network from malicious traffic or malware
- Use two-factor authentication to secure email, accounting software or any password-protected product
- Routinely back up critical files to a secure external hard drive or cloud storage service
- Encrypt files on computers and removable media
- Write down your data security plan as required by the Federal Trade Commission's Safeguard Rule 5
Step 4: Securely Back Up Files on a Routine Basis
Backing up files and data is critical to maintaining business continuity. Unfortunately, many businesses assume that their employees are routinely backing up their data to the cloud. This could potentially leave you without all of the files and data that you need. So, what is the best solution?
Each device as a whole should be backed up.
There are two types of backups. Woodard recommends using both types of backup for full redundancy when possible.
Cloud backups require an internet connection; a cloud backup constantly backs up your files and data in the background. The most popular cloud backup solutions will produce version histories of your files. This feature can be critical when you save over an earlier version and you need to return to that earlier version. In addition, cloud backups can be encrypted at both the user and the admin levels.
Cloud backups can be managed via a centralized portal for your business. Cloud backups allow the business owner to manage backups, including being able to see if a specific device is not being backed up.
There are two drawbacks to cloud backups. First, it does take time to restore a large backup over a slow connection. In addition, there is a monthly fee involved in cloud backup subscriptions.
Local backups can be fast, particularly on newer computers with USB 3.0, for both backing up and for restoring files. There is no monthly fee with local backups, just the one-time cost of purchasing an external hard drive. You can schedule the backup of each device through the operating system (either Windows or macOS), which also allows you to encrypt the external drive.
- Windows has a built-in and free backup solution, which only backs up locally to an external hard drive. Bitlocker, Windows built-in encryption tool, does allow you to encrypt the files.
- macOS also has a built-in and free backup solution Time Machine, which also only backs up locally to an external hard drive. You can also encrypt your files using system tools.
There are disadvantages to using local backups. First, most people keep the external drive with their computer, either carrying it with the computer as they move from location to location or leaving it plugged in at the desk. In both of these cases, if the computer is lost or if there is damage (i.e., fire, storm damage), then both the device itself and the backup can be lost or damaged. In addition, version histories are not being produced constantly and if you do need to restore an earlier version, you must have the drive with you. Finally, centralized management is difficult. If you have a team, you must rely on them to use best practices.
- A backup you haven’t tested isn’t a backup. Once you have set up your backup, test to make sure you are able to restore old files. Then, create a task in your task management solution (or set a note on your calendar) to test your backup every six months to make sure you are able to restore old files.
- Open databases cannot back up while they are open. Database software should be closed out at the end of the day to give it a chance to upload a current copy.
- Be sure all computers are updated to the most current version.
- Be sure your backup software is running the most current version.
Action Items for You
If you are already running backups on each device as a whole in your practice, decide if your current backup practices give you the features you need for your practice. If so, then follow these steps:
1. Ensure all devices are updated to the most current version of the operating system.
2. Ensure your backup software is running the most current version.
3. Test your backups by restoring files.
4. Create a recurring task or calendar notification to test your backups every six months.
5. If possible, use both cloud and local backups for full redundancy.
If you are not currently running backups on each device as a whole in your practice (or if you are not satisfied with the features in your current backup practices), then follow these steps:
1. Identify which features you need in your backups. If possible, use both cloud and local backups for full redundancy.
2. Ensure all devices are updated to the most current version of the operating system.
3. Implement backup procedures:
- For a local backup, follow Windows or macOS backup instructions.
- For a cloud backup, follow the instructions of the program you select.
4. Ensure your backup software is running the most current version.
3. Test your backups by restoring files.
4. Create a recurring task or calendar notification to test your backup every six months.
Note: If you have questions about the security of your business or Microsoft accounts, contact Woodard Consulting Group and our team will help you plan a successful and modern security plan.