The 3-2-1 Backup Rule
The rule is: keep at least three (3) copies of your data, store your information on two (2) different storage media, with at least one (1) of them located offsite.
Here is how the “Rule of three works”. First, you have your original data (Copy 1). It is stored on a device of some kind – such as the accounting platform’s server. Since you cannot pick and choose which items you’d like to restore to a prior point in time, you turn to your backup that has been made on an external hard drive (Copy 2). Now if that backup device has failed, or your backups weren’t performed correctly or you lost that external hard drive you’ve been carrying around, you are out of luck. That’s where that third backup (Copy 3), made via Rewind for your cloud accounting information comes to the rescue. It’s offsite and managed independently of the other two sources of data.
The Center for Information Security in April of 2019 released their guide called The CIS Controls™, which “are a prioritized set of actions that collectively form a defence-in-depth set of best practices that mitigate the most common attacks against systems and networks.” In this guide, the centre recommends “all backups have at least one offline (i.e., not accessible via a network connection) backup destination.”
By following the 3-2-1 guideline above, you will significantly improve your odds of having access to information when you need it.
Your Data is Vulnerable
You’ve likely heard the news that Intuit has acquired Chronobooks and will be offering its service for QBOA users. It’s great that QuickBooks Online recognizes the need for backups BUT this does not mean that you are fully protected or secure from your data being compromised. Furthermore, QuickBooks Online’s terms of service encourages users to archive their data, even with its new backup feature, as it is the user’s responsibility for any lost or unrecoverable data.
6. CONTENT AND USE OF THE SERVICES
6.1 Responsibility for Content and Use of the Services.
a. Content includes any data, information, materials, text, graphics, images, music, software, audio, video, works of authorship of any kind, that are uploaded, transmitted, posted, generated, stored or otherwise made available through the Services (“Content”), which will include without limitation any Content that account holders (including you) provide through your use of the Services. By making your Content available through your use of the Services, you grant Intuit a worldwide, royalty-free, non-exclusive license to host and use your Content. Archive your Content frequently. You are responsible for any lost or unrecoverable Content. You must provide all required and appropriate warnings, information and disclosures. Intuit is not responsible for any of your Content that you submit through the Services.
When protecting and securing your data and more importantly, your clients’ data, you must remain vigilant. Relying on your cloud service provider’s system backups isn’t sufficient protection. More specifically, backing up your QuickBooks Online data to an Inuit company is not the most secure way of protecting your data. It’s the same thing as backing up your hard drive to your hard drive – it just doesn’t make sense. The purpose of a backup is to have a copy of your data in an external location. You need the ability to restore selective data backups, based on a date and time you specify. You need to increase your confidence that you have done everything possible to minimize the risk of data loss. That’s why you should turn to the experts at Rewind who recommend following the 3-2-1 backup rule to provide the highest level of confidence that your data is being adequately protected.
A Robust Backup Plan Reduces Risk
As I mentioned in an earlier post, it’s not just about access to the backups or making copies of your data, it’s also important to have control over the data being backed up and which pieces of data you are able to restore. This is particularly important for users of cloud accounting software. The data we are managing is incredibly sensitive, and lack of urgency towards data security can have devastating results. Following the 3-2-1 backup plan ensures that your client data is completely secure, and the process can be presented to your clients, showcasing your expertise in cloud accounting and data security.
My 3-2-1 backup plan includes Rewind as it allows me to have complete control and insight over my backup PLUS the ability to selectively restore data when needed. I recently made a drastic change to a client’s chart of accounts and would not have been comfortable making this change without Rewind in place.
In my opinion, a backup should not only be offered to Advanced users of QuickBooks Online. All businesses are vulnerable when it comes to data security, and it should be easy for owners of every type to have the peace of mind they deserve. That’s why I highly recommend Rewind’s automated backups; they offer full user control at an affordable price.
Guest Writer – Geni Whitehouse
Geni spends her time between working as a winery consultant at Brotemarkle, Davis & Co in the Napa Valley, and is an advocate for data security. She is a regular keynote presenter at CPA and Technology conferences around the country and has been named a Top 100 Influencer by Accounting Today, one of 25 Thought Leaders in Accounting, and one of the 25 Most Powerful Women in Accounting by CPA Practice Advisor.