Dear CPA, Are You Too Confident in Your Disaster Recovery Plan?
November 29, 2016
CPA firms hold large volumes of sensitive customer information. Whether it’s April 14 at 10pm or a late date in November, their customers are depending on them to have that information and to be doing everything in their power to keep it safe and secure. That means having a good disaster recovery plan.
Disaster recovery is the plans that you have in place to restore data and continue operations no matter what disrupts your operations. Most small businesses, including CPA firms, are defunct within a year or two if they undergo a significant disaster and do not have adequate DR plans.
About 42 percent of businesses say they would face significant disruption or even catastrophe if their computer systems went down for even a few seconds. If that downtime creeps into minutes, that percentage goes up to 69.
But it’s quite possible to have disaster recovery plans, only to learn at the worst possible time, that those plans are inadequate. What are the most common reasons that CPA firms are overconfident in their DR plans?
CPA Firms Simply Pick an Off-the-Shelf DR Product
Disaster recovery plans must meet the specific needs and conditions of your CPA firm. That means personalized plans that accommodate your computer systems, data stores, software applications, small business network, and your employees. Generic, off-the-shelf plans simply lack the pertinent details to restore your business in the event of large-scale disaster. While backups are the foundation of disaster recovery plans, a backup alone does not a DR plan make.
CPA Firms are Overly Focused on Major Disasters
Another common mistake is planning only for the worst-case scenario, and failing to plan for small-scale problems that can also lead to downtime, lost revenue, and lost productivity. Most businesses aren’t hit by headline-news makers like earthquakes, tsunamis, tornadoes, and massive wildfires. The majority of downtime comes in much simpler, but just as devastating packages, such as:
• 53% are caused by systems failures
• 52% are caused by human errors
• 32% are caused by cyber attacks (including ransomware)
• 20% are caused by environmental issues
Don’t focus all your disaster planning on the biggies and leave out preparations for the more mundane types of disasters, like a leaky pipe that floods your offices or a server that gives up the ghost in the middle of tax preparation season.
CPA Firms Fail to Regularly Update Their Disaster Recovery Plans
Did your CPA firm develop your disaster recovery plans a year ago? Two years ago? Five? Disaster recovery plans have to be specific to your IT infrastructure, software systems, users, etc. Those things tend to change on a fairly frequent basis in most growing CPA firms. Revisit your DR plans at least twice per year to make sure you don’t need to change anything due to adding employees, changing software applications, or adding new data storage.
CPA Firms Don’t Leverage the Convenience, Reliability & Cost-Savings of DR in the Cloud
Disaster recovery plans aren’t just less expensive in the cloud, they’re also much more secure and reliable. Consider this: any disaster scenario that plays out in or around your CPA firm is most likely going to affect any tape storage, external backups, or any other backups or DR plans. Having your disaster recovery plans tucked safely away with your cloud service provider is much less likely to be taken out by the same disaster that hits your CPA business.
Subscribe now and stay up to date with News, Tips, Events, Cybersecurity, Cloud and Data Compliance.