Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to convince companies to backup data 8

Status
Not open for further replies.
KimberTech

KimberTech

MIS
Oct 18, 2001
846
CA
Suggestions?

I routinely refuse to work on systems and servers because the backup is either absent or not verified.
Most of the time I end up doing a backup myself before I start to protect myself from liability.

Does anyone have any ideas for policy or a "script" for convincing people to protect critical data?

I have tried the "what if" scenarios on them, but they always think it is going to happen to someone else.

I am all ears! There is no such thing as a dumb question. Only a dumb mistake because you didn't ask...
 
Sort by date Sort by votes
Lots of times, to get into that part of the company's files you have to log in. Once you are logged in lots of what you do can be traced. I don't know how specific they get, but they might be able to see which user created,deleted,moved,modified the file. There is something called permissions, also. If only a few users had permission to change the file, the boss would know that it was one of you.

Rick It's a pleasure to know that I've helped you. If I have,
please click the link below to let me know. :)
 
Upvote 0 Downvote
thatrenowned and ristmo2001
NOT A GOOD IDEA - The intentional deletion and/or removal of a customer's files is not only unethical, but certainly in the case of the deletion, could be considered vandalism, and therefore illegal. The removal could be consider theft. No to mention the potential civil liability that you'd face with respect to the cost of recovery, business down time, etc etc. Or the potential impact to your professional reputation.

The data and files that belong to the company are assets of that company, and you only do with them what your job requires you to.

If a bank leaves the vault door open, you can warn them all you want, but if you, even if just to teach a lession, decide to take money out of the vault - guess who's butt is going to be in hot water? If not in jail!!

KimberTech - I urge you in the strongest possible terms - NOT to follow the advice given or suggested (even if in jest) in the previous posts.

Turning our attention to what is a serious problem - how to convince the customer that they need to be prepared. Unfortunately, there are some customers that no matter how much you warn them, how many "what if's" you play, how many documented accounts of no-backup disasters you present, they will still not heed the advice. They (like my teenage son) believe they are exempt from cruel twists of fate - that it will only happen to someone else, and ultimately, they will only learn this lesson one way - the hard way.

My advice to you is to stop worrying about it. Let nature take it course. BUT - always continue to do what you're doing - make your own backup before proceeding. Now, charge the customer for your time and media required to perform the backup.

If you can, write a paragraph into your service contract
that conveys the following thoughts. The actual wording is best done by an attorney.

Backups are standard and normal practicies within this industry. Service provider will only be responsible to restore any system to the state of the most recently created and verified backup. Service provider will NOT be held responsible for any data loses, nor for the costs of recovery, manual or otherwise, for any data obtained after the creation of the most recently created and verified backup. If customer cannot provide a recent and verified backup, customer will automatically be charged at the normal rate of $XYZ/Time to create and verify backup before work proceeds.

You get the idea - you might find some samples on the web too.

In any event - continue to do the backup before you do your work and charge the customer for your time/media. Maybe you could add backup creation services as a new revenue stream. Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Upvote 0 Downvote
Kimbertech
Initially I thought you were a domain admin i.e. you work at the site permanently. However after reading again, it sounds like you're external. If this is the case I wouldn't recommend doing what I suggested above. Just explain to them that if something does go wrong there is little you can do with regards to file restoration.
CajunCenturion
We're not robbing a bank and its not even a good comparison.
If Kimbertech actually works for the company i.e. on its books, I would definately consider moving one or two important files just to convince them to get something in place.
Moving files is not harmful as they can be put back, and if it convinces them to get a backup in place I would be all for it. Who do you think is going to get all the blame when files go corrupt? They're not going to say 'ah well...thats life'. They'll be after Kimbertech telling them that the storage should be more stable\secure.
ristmo2001
Things can be traced and permissions set, but its not likely that some manager who doesn't even want a backup put in place will be able to do so. Good point though...

I understand that this is a forum for ethical discussions and what I'm suggesting might sound unethical, but if it gets something this important in place, I think its justified.

Regards
 
Upvote 0 Downvote
thatrenowned My point about robbing the bank is that intended education is no justification for illegal behavior. If you do not beleive that deleting someone's files, or moving them such that they're not available is not illegal then we can discuss that point elsewhere. Another term that comes to mind is sabotage.

If as an employee, KimberTech deleted/moved some files to make a point - most likely she/he would be fired.

Moving files can be harmful depending on how and when that file is used. And to make your point, you'd have to use a file that has some meaning. Time is money, and if your actions cause a delay in the normal conduct of business - then you've cost the company some money. Try and tell the CEO that you caused the company to lose this money to convince them of a problem that they've already decided they don't have. Costing the company money is harmful, and since it was intential, we're back to paragraph 2.

If this company is not already convinced of the needs for backup, then a contrived action by an inside employee will not convince them of anything with respect to backups - exactly because its contrived by an insider. It will however convince them of two things:
1 - That employee is not a professional.
2 - That employee cannot be trusted.
That employee is now the subject of paragraph 2.

If you want to try and argue "The End Justifies the Means", that's fine - we can have some fun with that - but not here, and under no circumstances would I ever suggest that as justification when the status of someone's job may in fact be the read End. The ramifications of this type of action can go in way too many directions to even be sure of just what Ending you're trying to justify.

One thing that would End - see paragraph 2 Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Upvote 0 Downvote
Before I would touch one in such a way that data was at risk I would have a sign-off by someone with legal authority at the company absolving me of responsibility for data loss.
IT managers will tell you that they take responsibility but they are not the legal authorities. And legal authorities are not generally aware that their IT managers aren't doing their jobs.
And when the problems come, who gets blamed? Who gets sued?
This isn't a hypothetical question for me. I recently went through the legal process for one like this and it was pretty interesting watching the lawyer and the company people paint me as totally incompetent. Ed Fair
unixstuff@juno.com
Any advice I give is my best judgement based on my interpretation of the facts you supply. Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.
 
Upvote 0 Downvote
WOW...I had no idea I opened a can of worms like this...don't fight guys ok?

I am VERY ethical in my practices, for the record. It causes me a lot of pain in the hind though. ie I dont agree with licencing a lot of the time but I enforce it because I have to.

I AM external , but since my company is
"small business serving small business" trust is HUGE.
Most of the time I am the ONLY one working on anything. I could not possibly conceive doing anything underhanded like that and then issuing an "I told you so" for any reason, even temporary. I guess the bottom line is that I have to live with myself. They like me, and they trust me.

I am well paid for my services and my clients are very good to me. I could not begin to complain about them for a moment.
I am trying to protect them from what I see as an eventuality.

The short version is though, if I MOVE FILES, then they will just think I am trying to get more money out of them by trying to get them to purchase hard and software for backup purposes. They will then ONLY see that because I am a "tech head" that I can do this to them. I have physical access to the data only because they trust me. They wont see that it could happen by many other means.

They grumble a little, but they admit that they know I am right and they all ....bar none....have consented and paid for me to perform the backup as required.

I do offer backup routines with my own hardware and storage of that data as another revenue stream, however there are SO MANY people that, until they are burned, refuse to take part.

If these companies are ever audited they are in massive trouble because critical data is just plain GONE.

Sending data for recovery is a very expensive option after the fact, and in case anyone DIDN'T know, it doesnt always work. Sometimes they can't get any data at all...depending on the fault in the drive and the circumstance.(FIRE)

Could we please focus on any and all methods of ETHICALLY convincing clients to backup data.

**Cajuncenturion**
.. thank you for your post, and I value any other input along these lines. I like the idea of incorporating a disclaimer into my paperwork, sad to have to.

CHEERS!

Kimber There is no such thing as a dumb question. Only a dumb mistake because you didn't ask...
 
Upvote 0 Downvote
KimberTech - You did not open a can of worms - your question about having to convice customers and clients is quite valid and one which we all have had to deal with at one time or another. One that I wish did not have to learned the hard way all too often.

The can of worms is the totally misguided suggestion that you use some quite unethical and ill-advised methods (at great personal risk) to make your point. Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Upvote 0 Downvote


I haven't read much here yet but I want to comment of this one

Delete some of your boss's really important files. Then explain to him\her that if you had a backup you could easily restore them. That should convince them.

This is for one thing borderline red flagging material to me. Who actually would come up with a thought like this and then go out to somewhere like Tek-Tips to actually reference it to another IT professional and call it a helpful post. Do you have any idea of the repercussions of being caught for something of this manner? At this point hacker and IT workers are the same in one if this is the way some of them are thinking.

KimberTech
Gather data from past examples of consequences of companies not backing up their data. Hacker articles etc. If you gather enough examples of this and present it in a good fashion it will get your management thinking about what could happen. IF they don't listen go back and find more examples and also bring to the table costs of backing up etc. There isn't really much else you can do but keep trying to pursued them with statistics and past examples from data recovery companies and companies that felt the pain of neglect.
You cannot mandate productivity, you must provide the tools to let people become their best.
-Steve Jobs
admin@onpntwebdesigns.com
 
Upvote 0 Downvote
Kimbertech
Discussions aren't any fun if there isn't a clash of opinions...its hardly fighting :)

Anyway, back to the main point...now I know you're in an external company, I would say leave it. As long as they're aware that lost files can't be restored and you're not prepared to take the blame for it then you have no worry (get them to sign something).

If however someone is actually employed by a company which doesn't use a backup schedule, this is where I would do what I suggested (not so much delete as move...). As Edfair has stated:
I recently went through the legal process for one like this and it was pretty interesting watching the lawyer and the company people paint me as totally incompetent.
Now suppose you leave and go for another job. Your potential employers may contact your old employers and ask for a reference. Its illegal to give a bad reference, so they can do one of three things:

1) Say they're not prepared to give a reference - as good as saying you're the worst employee ever.
2) Give a very vague response i.e. give pathetic answers - same outcome as 1.
3) Say you're excellent and that they're disappointed you left etc etc - In other words a good review.

Now imagine that your server dies along with everyone's files in some freak accident that you couldn't possibley have been prepared for (fire or somthing...you get the picture). What do you say to the CEO? "You're the idiot who didn't want a backup schedule"? I doubt that'll work. Although its clearly their fault it'll somehow come back on you. They would most probably have a go at you for not implementing some sort of backup. Then when you leave say hello to points one or two.

Luckily it doesn't look like you're in this situation.

An alternative to this is to just go ahead and implement a backup schedule, but I think it would be pretty hard to hide the cost of drives and tapes.
I think that CajunCenturion has made some fair points, but overall, I wouldn't agree with what they have said. It would be interesting to see what others have to say on this matter.

Regards
 
Upvote 0 Downvote
Thanks Cajun....and thanks Ed for your post....I do that also.
The problems are varied, and I AM worried about being pulled through a legal process.
Regardless whether you are to blame or not, there is an increasing trend to blame the techies....especially since there is an inherent mistrust most of the time.
ALSO...if there is anyone in the org that doesnt like you, or feels threatened by your being called in to fix a mess, they can sabotage you.
It might not be such a big issue for you GUYS out there...but I am here to tell you I have been doing this a long time, and there are many guys out there that need to get a grip and realize that we all need help sometimes...even if it happens to be a GIRL that can do the job! There is no such thing as a dumb question. Only a dumb mistake because you didn't ask...
 
Upvote 0 Downvote
KimberTech - I understand exactly where you're coming from. The best that you can do is to cover your butt. Keep notes and a journal. Put recommendations in writing. And make your own backups. Documentation is your best defense in almost any clash.

With regards to the specific case where your "customer" want to sabotage your fix - my suggestion is that you document the problem, and the various course of action that you took - then get the "customer" to sign the document stating that the fix has been accomplished. If you get reluctance to get the signature (whcih will happen), then in your normal reporting mechanism, you keep that item, again with your documentation, and that will put the onus back on that individual to explain why they're not willing to sign off on the fix. If this "customer" is the top person on the totem pole, then if you can afford to, take the stance that you will not proceed any further on any other projects until this issue has been resolved. If at all possible, don't let an open item fester, it will come back to bite you. Take the initiative to get the customer to close the item, and get that signature. Now you'll always have a leg to stand on.

Again, documentation is the key - and always, always keep a copy. Should things get into the legal arena, you've got your documentation, and dated written recommendations to the appropriate party that are not followed will keep you out of a lot of trouble, and prevents them from firing back that you should've done this or that. You've got the proof that you tried. Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Upvote 0 Downvote
Some excellent points.

If nothing else I have realized that I am far from alone...and I appreciate the time to answer taken by ALL.

I always have my workorders signed etc so that is covered.
I guess I thought that I myself was having more trouble with PEOPLE than you all were. Apparently I was mistaken!

I totally agree that we have to be drowning in paperwork to protect ourselves. My quotes, service notes and recommendations etc are always done in writing also. I leave a txt file with a custom file extension in place also. It lets me know if I have worked on a unit prior on the spot quite often, and what was done.

With no intent to pry, I am curious to know what tactics the legal system tries to use to assign blame to us, and if Ed or anyone else is willing to share any GENERIC information I would love to hear it. It will help to prepare just in case.


Kimber There is no such thing as a dumb question. Only a dumb mistake because you didn't ask...
 
Upvote 0 Downvote
In my case it was with SCO 3.2v4.2 and customer wouldn't spring for a super tar, so I did backup using tar for 4 filesystems on 4 tapes.
When the drive crashed no backup had been done for months, their 5 tapes (cheap people) were all a month out of date and the root filesystem tape wouldn't read. Plus the 4 tapes of my backup from several months before were lost.
I reinstalled OS to the new drive and told the IT guy not to do anything until the data was recovered.
The boss told the IT guy to restore the data so they could use the system, so they tried (and partially did) restore 2 gig onto a 1 gig drive and then used what they had. Later they restored the root filesystem stuff over the top, then when they called me back I reattached the second drive with current data. Unfortunately , the software was reading and writing into all 4 filesystems so they had mixed data and an estimated $40,000 data re-entry problem.
I had 2 major problems. One was another tech who didn't recognize that there was 2 drives on the system and wonder why the software was giving error messages. Another was the problem of proving that tar was a viable backup option on this system since one of the "dummy" books said CPIO was the only way to do a backup. So I got stiffed for parts and service and the countersuit tied me up in the court system for 18 months. Ed Fair
unixstuff@juno.com
Any advice I give is my best judgement based on my interpretation of the facts you supply. Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.
 
Upvote 0 Downvote
OMG....

Scary...and this is the type of thing I am trying to avoid.
Thank you for sharing Ed.....really.

Is there anything you would have done differently based on your experience?
Perhaps we can prevent others from sinking...even if we all eventually end up in something like this.

Kimber There is no such thing as a dumb question. Only a dumb mistake because you didn't ask...
 
Upvote 0 Downvote
Where i work, we had a stupid policy of backups. They thought as no one changes anything, no need of daily backups, until one day...

One day i was doing some maintenance, and for mistake i removed record number 10 instead of 11 from the Database. That (10) was one of the most important records in the DB. With the keys, half of the website was deleted. As we had only backups once a week, and by bad luck, the last one was corrupted, i didn't get any useful backup.

From that day, we do a daily backup from databases and code. Well, when us or our clients, by mistake, removes something from DB, we can recover the backup of that day or at least from the day before. Anikin
Hugo Alexandre Dias
Web-Programmer
anikin_jedi@hotmail.com
 
Upvote 0 Downvote
Excellent point Anikin.

The PROBLEM IS THOUGH.....

to get companies to understand BEFORE something bad happens and they call me screaming that they have lost all that important stuff...so they do backups NOW.

I tell them what if it happens to them...but they dont buy it.

Thanks for your input..

Kimber There is no such thing as a dumb question. Only a dumb mistake because you didn't ask...
 
Upvote 0 Downvote
Lessons learned:
When you get angry enough to yell at the owner of a company (which I did) it is time to quit servicing the company.
When a company brings in an outsider to do some work on the system it is time to turn it completely over.
When the owner won't spend $139.00 for a backup solution, it is his problem , not mine.
When an IT manager is careless enough to lose backup tapes, he'll be careless enough to lose other things.
These weren't new lessons for me, just needed an update.
And you know I didn't paint the full picture, just my side mostly. Ed Fair
unixstuff@juno.com
Any advice I give is my best judgement based on my interpretation of the facts you supply. Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.
 
Upvote 0 Downvote
I have a friend that's in a similar situation (small business serving small business) and he's successfully got almost all his clients doing nightly backups.
His method is to threaten to come around in the middle of the night and burn the place down if they dont start backing everything up. While he's obviously joking about it it does put the thought into their heads - get them to picture what would happen if there WAS a fire and how screwed they'd be without a backup.
Think of an insruance ad. They use these tactics all the time because they are the best way to jolt people out of complacency.
Its a combination of guilt and fear that will work on every business owner that had something to loose.

--cb
 
Upvote 0 Downvote
With respect to backups - often overlooked is the need for an off-site backup. Even with fire proof safes, the media may not burn, but it could melt. To stress the need for off-site backups I really have cited the following scenario - "you have X dollars tied up in receivables - we have a major thunderstorm which spawns a tornado which wipes out the building. We lose all the paperwork, all the computers, and all the backups. Will the insurance company reimburse you for the receivables. Just humor me boss - take this tape home with you."

Or just take the tape home yourself.


Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Pro50
  • Locked
  • Question
IT Management for financial services companies 6
Replies
6
Views
499
SamBones
SamBones
Mountainbear
  • Locked
  • Question
Tech tools
Replies
0
Views
2K
Mountainbear
Mountainbear
Art Lorenzini
  • Locked
  • Question
IT Stratigic Plan, How?
Replies
3
Views
450
alorenzini
alorenzini
johnherman
  • Locked
  • Question
FBI wants to know your make-up: both DNA and appearance
Replies
0
Views
400
johnherman
johnherman
jimbojimbo
  • Locked
  • Question
Did Microsoft Threaten to disrupt the Internet?
Replies
0
Views
614
jimbojimbo
jimbojimbo

Part and Inventory Search

Sponsor

Back
Top