tech enabling business keeping critical information safe...3 torageraft ue keeping critical...

Keeping critical information safe:Backups and data protection for Australian accounting firms

A StorageCraft guide

c3grouptech enabling business

ContentsIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Accounting for backups and data protection . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Meeting compliance requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Backup challenges for accounting firms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Supporting many accounting applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The service provider opportunity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Best practices for accounting data protection . . . . . . . . . . . . . . . . . . . . . . . . . .

From backup to business continuity in accounting . . . . . . . . . . . . . . . . . . . . . . .

Recommendations for accounting firms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

About StorageCraft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

03

04

05

06

07

08

09

11

12

13

14

2A StorageCraft GuideKeeping Critical Information Safe




IntroductionThis report is a guide to the growing importance of backups, data protection and business continuity for accounting and financial advisory businesses.

Accounting firms deal with sensitive company information and any compromise of this data can result in a serious impact to the business, including loss of client confidence. A data loss incident can occur in many ways – from a computer hardware failure to a malicious code attack. A sound backup strategy and capability protects accounting firms from these unforeseen threats to their client’s information.

The increased popularity of cloud-based accounting applications has added another layer of complexity to the data protection challenge as most firms must continue to protect a combination of on-premises and cloud information.

Best practice backup and data protection processes in the office, combined with cloud-based offsite storage, eliminate the risk of a catastrophic failure and prepare accounting businesses for a long-term future.



Accounting for backups and data protectionAccounting firms have a range of information assets required to service their clients. Applications for practice management, customer relations, time and billing, document management and specific payroll, accounting, taxation and reporting tools are common across firms large and small.

These applications are constantly generating sensitive data for the practice and its clients in many different formats, from documents to databases.

Figure 1: The extensive range of data sources in accounting and financial services firms.

Accounting Industry

apps & data

Spreadsheets

Writtendocuments

Practicemanagement

software

Accountingsoftware

Reportingapps

Industryspecific

(e.g. auditing)

CRM

Time &billing

Email &groupware

When dealing with customer financial information and billing based on time, the need to backup frequently is imperative for accounting firms, which are increasingly data-driven. In the event of an outage, the entire business can be disrupted.





Meeting compliance requirementsA failure to take regular data backups can prevent the business from operating effectively (or at all); however, it can also result in a failure to meet certain regulatory compliance requirements.

In Australia, the Australian Taxation Office (ATO) has strict requirements when it comes to retention of company data and the accounting industry is obliged to keep records for auditing purposes.

Table 1: Certain company data is subject to retention compliance requirements.

Company Information Retention Period (Australia)

Taxation 5 years

Audit 7 years

Trust 7 years

Superannuation 10 years

Financial 7 years

Additionally, financial services firms have privacy obligations to protect client information from misuse, interference and loss. Any unauthorised access, modification or disclosure of client information can have serious implications for the firm. Another consideration is securely destroying data when no longer required.

Despite the requirement for data protection, many accounting firms are no performing backups regularly (or at all) and, if backups are being performed, they are done daily or weekly. Achieving best practice involves changing the business mindset from nightly backups being acceptable to more frequent backups throughout the day. Frequent backups are important as there are new risks like ransomware, which can strike at any time and do not respect hours of business or compliance requirements.

With regular backups being taken, accounting business leaders must also ensure the data can be recovered quickly in the event of a problem. Frequent backups that take hours to restore can still be costly.



Backup challenges for accounting firmsAccounting and financial services firms are facing new challenges protecting their client’s information.

In addition to data growth, the range of applications and options for how they are delivered are becoming more complex. A modern financial services firm will also have data in numerous locations, both on-premises and hosted by cloud service providers. And most accounting software vendors now offer their products as-a-Service so new data is being created in the cloud with the use of these applications.

This growing complexity is calling for a modern, structured approach to backups and disaster recovery (DR) if a problem does arise.

Brian Townley, Director of managed IT services provider C3 Group, says the backup challenges faced by accounting firms relate to successful capture and recovery of data wherever it is located.

“For on premises there can be challenges around obtaining successful database backups while the applications are being used and it is important that databases can be restored independently of full image-based server backups when required,” Townley says.

For public cloud solutions, Townley says, although data is normally made available via geo-redundancy, client data is not typically backed up by default. Making sure data resident in a SaaS application is backed up is as important as backing up an on-premises application.





Supporting many accounting applicationsAccounting firms have a wide variety of options when it comes to choosing a practice management application and the market for general purpose accounting apps is growing strongly, which is leading to more a diverse client base.

“Accounting firms use both on premises and public and private cloud solutions for their practice management requirements,” Townley says, with the major vendors being MYOB, CCH, Reckon, Sage and Xero.

“Additionally, firms are leveraging public cloud for specific workloads such as hosted Exchange with Compliance and Archiving support, as offered with Microsoft’s Office365 Enterprise plans.”

Protecting emerging applications is made more challenging by the range of legacy apps and productivity documents, including spreadsheets, which also need backing up.

StorageCraft Senior Solutions Engineer, Karl Thomson, says complexity with multiple apps and databases in use is also a challenge for accounting and financial services firms.

“Accounting firms need a solution that can perform a complete system recovery in addition to file and database backups,” Thomson says. “Some systems perform nightly backups of a database, but ideally a full backup is taken every 15 minutes so a firm can restore an entire system quickly to continue on with business.”

Another challenge of having so many applications to deal with is making sure the backups being taken are consistent and verified.

“Accountants are largely working with databases and files so they don’t want to restore something that is no good or corrupt,” Thomson says. “A solution to maintain compliance and archive monthly and yearly is ideal. When it comes to backup and DR, you want a solution to cater for all of that rather than having to use a different technology.”





The service provider opportunityData protection requires constant oversight and today’s service provider environment allows accounting firms to get the appropriate level of support they need in an on-demand way.

StorageCraft has an ecosystem of managed service provider (MSP) partners, like C3 Group, that can help accounting firms protect their data without the costs of building up an internal capability.

Townley says with a rising number of cloud accounting options available, accountants and financial planners need to ask is the data can be backed up.

“With practice management applications running in public and private clouds, vendors typically ‘own the burden’ of backing-up their clients data; however, I urge anyone using a cloud service to ask where the data is stored, how is the data backed-up and where the backup data is stored.”

According to Thomson, MSPs with StorageCraft technology can offer a well-rounded data protection solution – from individual applications to a whole system.

Accounting goes to the cloud

The biggest revolution in accounting software during the past decade has been the rise of accounting and other business management application delivered as Software-a-as-Service (SaaS) in the cloud. An entire suite of applications can be procured and used on demand with the data being “born in the cloud”. It is imperative that firms using public cloud solutions, such as Microsoft Office365 and Google’s GSuite, have a backup solution in place, Townley says. “For this C3 Group use StorageCraft’s Cloud Backup, which offers both complete and granular recovery,” he says.

StorageCraft’s Thomson says cloud integration for a range of applications is firmly on the roadmap and there are APIs already available to allow backups of cloud services like Salesforce.com and Box. “People need to be aware it is relatively easy to backup cloud data, but not so easy to restore it,” he says. “Our next release will include support for Intuit’s Quickbooks and we are constantly looking at range of applications to expand cloud support.”

A new cloud service does not mean the data is backed up and there are many good reasons to protect cloud data, including meeting regulatory compliance requirements.





Best practices for accounting data protectionEffective data protection is achieved with a number of best practices all accounting and financial services firms can work towards achieving. By using the best technology available and combining it with good processes delivered by staff or service providers, the risk of a data loss or corruption incident is significantly reduced.

Best practices for protecting and securing accounting data, include:

• Identify the requirements. Not all data is equal and business leaders must determine what is valuable to the organisation, both legally and practically. For accountants financial and customer data is most sensitive and commands industry-leading data protection.

• Multiple copies, including offsite. Keeping only one copy of a data set exposes it to loss or corruption. Keep at least three copies of data, including the raw data, a backup copy and offsite replication. Understand what data you have, where it is located and how to manage it. Leverage the power of the cloud for backups and disaster recovery and architect a hybrid solution.

• Application and system image support. Look for backup technology that supports individual applications and taking an image of the whole system. At the hard drive sector level an image can restore to a physical or virtual machine, including serial numbers, settings, apps and data. Being able to instantly virtualise a backup for rapid recovery is ideal for custom applications. Ransomware targets the whole disk, not just one app.

• No-disruptive backups. Backups designed for one application might do some things specific, but the advantage is minimal so it is best practice to use tools which can backup any application and are not degraded by how much

data there is. Use of real time sector tracking and tracking the data changing on disk prevents the backup from needing to interrogate the file system. Some accounting firms have large sets of data so no impact on end-users is important.

• Backup and report regularly. The frequency of online threats dictates regular, backups. The actual frequency of the backup will depend on how quickly the data is created or changed. For general day-to-day practice operations having a backup run every 15 minutes is ideal for minimising data loss. Choose a backups solution that does not degrade the performance of the system as the backup is being performed.

• Consolidate data sources. Try to limit the number of data sources you have. This will help avoid data being left out of the backup process and prevent data loss. Review all your data sources, from desktops to removable drives.

• Test backups and recovery. Modern backup tools have native testing features which confirm if a backup was completed successfully or not. Testing is very important because if a backup did not complete successfully then the data cannot be restored from that backup. The ability to get up and running with minimal downtime depends on the efficiency of the restoration process, which is often overlooked by many firms. Make sure you can restore your data quickly from a local or offsite backup.



• Secure the data and network. Backups should be encrypted for local storage and before being replicated to the cloud. To prevent ransomware and other malware attacks a number of practical steps can be taken to secure desktops and servers on the local network1. As an additional layer of security, specialist anti-malware software should be used on all clients and servers to identify any potential threats to your data.

• Retention management. Use tools which can manage incremental backups and provide visibility into many point-in-time backups. If a data corruption problem occurs it might not be noticed for months or even years. While this is rare, it is something accounting managers need to guard against. Use a backup system with retention management capability to provide details of the data as it was at a certain time. Accounting firms need solution to maintain compliance and archive monthly and yearly. Look for a backup and DR solution with native retention capability, rather than using a separate product.

By developing a detailed understanding of your requirements and following industry-wide best practices, the level of data protection will be much higher and eliminate a lot of risk to the running of the business.

1 See the StorageCraft guide: Best practices for securing backups and mitigating ransomware attacks





From backup to business continuity in accountingIn addition to meeting compliance requirements, a prudent backup capability will allow accounting firms to benefit from better business continuity. Today’s accounting firms are data-driven and a disruption to a computer system or online service can put a stop to the business the same way a broken down truck holds up a transport company.

Many mid-sized professional services firms do not have a strategy for business continuity and taking regular offsite backups is a vital first step.

Figure 2: Examples of potential for business disruption and continuity options.

At C3 Group, Townley uses and recommends StorageCraft ShadowProtect bundled with Cloud Services for superior protection of client on premise and private cloud workloads.

“We are able to create backups throughout the business day, minimising any potential data loss, and have the ability to recover quickly from either the local or cloud-based backup repositories,” he says. “Long-term archiving and retention can be configured in either location and production workloads can be run from StorageCraft’s cloud, should there be a disaster with the production environment.”

Start your business continuity strategy by assessing the most critical parts of your business. For most accounting firms this will be the client-server environment they are most productive with. Ensuring the data is backed up and can be restored quickly should be followed by redundancy in the systems and location. For example, if your practice only has one desktop for the lead accountant to work on and that computer fails the business will be disrupted until a replacement is brought online.

Apps and data• Regular backups• Tested restore process• Offsite (cloud) storage

Devices

Location

• Redundant systems• Apps and licences• Multiple options (desktop or mobile)

• Two offices• Home or office• Work remotely





Recommendations for accounting firmsAs accounting firms become more data-driven and responsive to emerging digital channels, a modern backup strategy is essential for long-term growth and business continuity.

The following recommendations can be brought before the executive team to communicate the need for flexible data protection and retention. Financial services industry leaders are advised to action the recommendations in this guide and develop backup and recovery strategies to suit the size and profile of their company.

• Understand and communicate the need. The purpose of this guide is to help accounting and finance industry leaders understand the need for a modern backup capability. It can also be used to assist communicating this need to others. All staff should have at least a fundamental appreciation of the need for data protection and the risks of not having backups.

• Better options are available. Many companies use a combination of in-house and siloed backup tools which can be difficult to restore from. A modern, dedicated backup solution, including offsite storage, is not expensive and the risk to business continuity far outweighs the cost.

• Engage with a service provider. StorageCraft has an extensive network of partners available to help assess your needs and implement a cost-effective data protection service. You do not need to perform backups on your own and experts are available to help.

• Move from backups to business continuity. In addition to protecting financial data, firms should develop strategies to get up and running as quickly as possible following a disruption to the business. To ensure your firm will continue to operate on the long-term, think about data backups in the context of business continuity.

Contact

About C3 Group

C3 Group give businesses access to a team of experts’ ready to make IT simple. From a humble beginning in a home garage over two decades ago, they’re now 30+ employees strong, managing more than 600 Servers, 3000 Endpoints & over 500 Networks. Their client base ranges from small businesses with as few as five users, right through to medium sized organisations with 500+ users – specialising in managing technology for businesses across all sectors.

Their service ranges from IT Solutions such as Cyber Security and Backup & Data Recovery, to Cloud Solutions including Private and Public Cloud, to Connectivity including Internet, Business Telephony and Wi-Fi, and their latest solutions range which is all encompassing of business branding and awareness, Websites, and SEO Management.

C3 Group are able to provide businesses with superior solutions thanks to their industry leading partnerships, including their partnership with StorageCraft.





StorageCraft Enquiries: Asia [email protected]

Australia [email protected] +612 8061 4444 www.storagecraft.com/au

New Zealand [email protected] 0800 89 1234 www.storagecraft.co.nz

C3 Group Enquiries: [email protected] 1300 661 859 www.c3group.com.au

mailto:AsiaSales%40StorageCraft.com.au%20%20?subject=

mailto:sales%40storagecraft.com.au?subject=

http://www.storagecraft.com/au

mailto:sales%40storagecraft.co.nz?subject=

http://www.storagecraft.co.nz

mailto:info%40c3group.com.au?subject=

http://www.c3group.com.au

About StorageCraft

The StorageCraft family of companies, founded in 2003, provides best-in-class backup, disaster recovery, system migration and data protection solutions for servers, desktops and

laptops. StorageCraft delivers software products that reduce downtime, improve security and stability for systems and data, and lower the total cost of ownership.

StorageCraft and ShadowProtect are trademarks of StorageCraft Technology Corporation. Other company and product names may be trademarks or registered trademarks of their respective owners.

For more information, visit www.storagecraft.com/au


http://www.storagecraft.com/au

tech enabling business keeping critical information safe...3 torageraft ue keeping critical...

Documents