Before we start – floppies were an acceptable small business back-up in 1995, when we started Octagon Technology.
I have an IT and Cyber Security checklist for my initial meetings with clients – obviously. When I get to the part where I ask about their back-up the tone of the answer can tell me a lot about where the conversation is going next…
The meeting where we talk “back-up”
Either:
The client is enthusiastic to tell me about their back-up.
They are reluctant to tell me that they have no back-up. (Yes, this still happens today.)
Or they will tell me they have no confidence in their current back-up arrangements.
Of the three answers:
I am usually happy with the first – it is then up to me to work it into an effective, written, incident response plan.
The second can be dealt with there and then – see the comments below. What we need to do here is make sure we back up everything the client will need for their incident response.
The third is the most worrying. Our team usually approaches this as a “new” back-up project, ensuring the client has confidence in the back-up services we are providing.
When we are the incoming IT company
I do not take these meetings now, but when I did, there was another answer for the “tell me about your back-up”.
“The previous IT company has turned the back-up off”.
Martin tells me this still happens and as in my day our response is still the same. We hold the meeting at that point, get one of our support team on the phone and start the process of getting a back-up started before the initial meeting finishes.
This is the same response we give when a client has no back-up.
Does your back-up come up to our standards?
Here are two questions for you to answer:
1. Does your back-up meet this standard?
2. Do you back-up everything you need to ensure business continuity through and out of any incident?
Remember a back-up is not just a defence against ransomware, it should protect you from other incidents such as the loss, theft or failure of hardware or an inability to contact or use a service etc., etc., etc. add your own disaster here!
If you have any doubts about either of these questions now is the time to contact us, not during an incident when you need that back-up.
Clive Catton MSc (Cyber Security) – by-line and other articles