How to convince companies to backup data 8

[KimberTech]

Suggestions?

I routinely refuse to work on systems and servers because the backup is either absent or not verified.
Most of the time I end up doing a backup myself before I start to protect myself from liability.

Does anyone have any ideas for policy or a "script" for convincing people to protect critical data?

I have tried the "what if" scenarios on them, but they always think it is going to happen to someone else.

I am all ears! There is no such thing as a dumb question. Only a dumb mistake because you didn't ask...

 

[edfair]

Ah,yes. But if you have the last xyz 30mb tape drive in existence it doesn't matter how many offsite copies you have.
And if you are running a program that uses the data on only an IBM PC or other older machine that is no longer in use you might have problems in getting access to you data.
And if you bought cheap media 5 years ago to store your programs on you might find that the magnetic material has debonded. Or if they are on floppies, that they are unreadable.
And if you haven't ever tried to restore one of your backups, how ever will you know if it will read reliably.
We've opened several cans of worms here and hopefully some people will heed the messages. Ed Fair
unixstuff@juno.com
Any advice I give is my best judgement based on my interpretation of the facts you supply. Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.

 

[CajunCenturion]

You're absolutely right edfair. Although I'm no longer in that position, when I was the IS manager, we did backups every day, taking off site one a week, and rotating the media. One day a week, we picked a daily backup and random and restored it to a separate location and ran a few tests just to insure its integrity. The process took approx one hour, once a week - cheap for the peace of mind. Also, once a month, instead of verifying a daily, we'd verify an incoming off-site weekly. If may seem like overkill, and we were lucky we never had to put the plan into action, but I am confident that if needed, we were ready. I never lost any sleep over our disaster recovery plan or readiness. Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein

 

[KimberTech]

Here here...

I am losing sleep over my client's data and I am trying to get them to see the wisdom of backing up. There are many of them that either do not at all...or rely on floppy for all of the accounting data (simply accounting) and documents etc
Email, which is really important for records, and also address books etc are NEVER backed up.

When I tell them I need to back up before I start, they almost seem to see it as a Techie thing, and that I am borderline incompetent because I am concerned that something I do might wipe something.
When you are messing with system files and the system is already unstable, anything can happen.
They don't get it.

Kimber There is no such thing as a dumb question. Only a dumb mistake because you didn't ask...

 

[griffindm]

An interesting story about tape backup and fire: I was the controller and supervisor over the IT group ( I had been the IT head before being controller) of a small aerospace manufacturer with a manufacturing facility in one of the world's largest wooden structures, an airship hanger in Elizabeth City, NC. The structure burned to the ground during a construction-related accident (late night welding repairs smoldered into flames after the crews had left). The fire could be seen from Norfolk, VA 60 miles away. Anyway, days after the fire, the employees found the fire-proof media safe the tapes had been stored in. Those these were not the only tapes we had (see CC's emphasis on off-site storage), but we were frankly very suprised to find that these were actually readable.

I considered writing the manufacturer to provide a testimonial, but I was too involved in the insurance claims and counter-claims that followed the accident.

Bottom line is don't count on your fire-proof media safe, but it may surprise you.

Dave Griffin
The Decision Support Group
Reporting Consulting with Cognos BI Tools
"Magic with Data"

http://www.decisionsupportgroup.com

 

[SteveTheGeek]

Sometimes it's not the non-technical users or managers that don't understand the need for backups. I recently showed up at a site that recently had a storage hardware failure on their Exchange server. They'd been doing backups from it to another server with plenty of HD space, but they lost three years' worth of user email because corruption in their Exchange store extended back more than a week (which is as old as their backups got before being overwritten) and they couldn't re-mount the restored store. I asked the admin about using a tape drive so he could take tapes offsite, and he told me he doesn't trust tapes. I asked him what happens when a small fire takes down both the Exchange server and the backup server (10ft apart) in his server room. "Ummmm....." Worst of all, they had a DLT drive and a dozen tapes sitting there gathering dust.

As regards consulting for small businesses, we put a "don't blame us for data loss" clause in our service contract before we did accounting software upgrades, and insisted on making our own "soft" backups (stopping the appropriate services and doing a xcopy backup to a separate drive preferably on a different machine) as well. If people got really upset about spending the time to do it (and were unimpressed by my warnings about data loss), I'd explain that I needed the old files to know what config changes to make after the upgrade process replaced them with new files. A white lie, but it was that or I wouldn't do the upgrade. I would never ever do any significant work on a system without looking at the logs and determining the status of the backups (to include whether they were restore-tested), I learned my lesson the hard way several years ago. Just as they don't think it'll happen to them, you can be doing something as harmless as adding user accounts and if the server happens to go down, they'll think it's your fault.
-Steve

 

[KimberTech]

HORROR STORIES

Too true, I have had a client that blackballed me because I went into his small office in his home and set up an old dot matrix printer.
It was already installed, but the margins weren't printing in the right place on his preprinted forms.

Apparently, (through the grape vine)the hard drive failed completely a couple of weeks later and they lost everything.
I could have provided them with backup, and I offered. Problem was that I couldnt honestly justify it because I was changing settings ON the printer and doing nothing but test print on the system itself.

They are blaming me, and trying to explain to them that absolutely nothing I did could have caused that would be futile.

More recently, I inherited a computer repair because the tech that set up the system kept breaking appointments and was rude with the client. He implied that it was HER fault that her computer kept freezing up, and that she had gone through THREE new printers so it was something she had done to the unit.

She even offered to PAY him for his service.

When I was called in, I asked about warranty. I got a waiver stating that she was responsible for payment, and that if she wanted anything from him it was up to her to chase him. For the record, she was great.

I booted the system and got a CMOS power on password which she stated was set up by him. The password she had been using didnt work to clear it. I spent an hour on the phone with HIM and we couldn't get in with any of his standard ones either.
He promised to pick up the system for her in the morning, and told me that he would void any warranty if I opened her computer...and that it had a sensor. (Already fishy)

Next day he got the system and billed her for 2 1/2 hours for the "damage done to the computer by another company" that he had to fix.
She didnt pay him, and hired me to do a system inventory which gave her legal avenues, including no OEM copy of O/S or software which she paid full price for. He had thrown in some IBM server ram and the whole thing was a mess. (Once again, I HIRED an independant consultant to witness the inventory from open to close and provide a written statement.)
I am trying hard to protect myself and having a hard time.
Quite frankly I would rather learn from other's mistakes than my own, and offer mine for advice in return.

I am really getting a lot out of this post, thank you ALL for your valuable input!

Kimber There is no such thing as a dumb question. Only a dumb mistake because you didn't ask...

 

[petermeachem]

What normally convinces people to do backups is the cost of recovering data from a bad disc when the inevitable crash happens.
One of my customers, who should have been backing up but just hadn't bothered for a year is now a good little backer-upper after having to pay £600 to get the data back.
Someone I know in a similar position made the customer pay £3000 for data recovery just to teach them a lesson after having unsuccessfully badgered them for a year about the importance of backing up.
I read a story in a computer magazine about a consultant who took a chainsaw into a meeting and announced he was going to saw the server in half. They thought that their backups were just fine and he didn't. They changed their views fairly promptly.
I really don't understand why small firms will not backup. You can explain until you are blue in the face and they just smile and ignore you. Explaining it is like insurance doesn't cut much ice either. Don't understand it, they all happily pay house flood insurance or whatever with little likelihood of being flooded. But then apparently there are a lot of people in Eastern Europe at the moment who live next to big rivers (currently live in big rivers), who do not have adequate insurance. Perhaps it's just a reluctance to pay anything to guard against what they think will never happen to them. Peter Meachem
peter @ accuflight.com

 

[SteveTheGeek]

What has generally worked for me is a non-technology-related example - preparing for the building burning down. "You have fire insurance, right?" "Of course!" "Well, picture trying to get your business going again without any of the accounting data, documents, or email on that server." Or another tack: "$2K will keep that data preserved no matter what. How much money and how many man-hours would you lose if the data went away tomorrow?"

In that way, we're like defense lawyers. We have to help the client as best we can (and operate under the presumption that they're innocent *grin*), but if the client wants to be really stupid, all we can do is try to get them a lighter punishment.
-Steve

 

[Kjonnnn]

Sometimes people will only learn their lesson AFTER the crash.

Our mainframe disk just crashed a few months ago. Fortunately, we do a backup every night. Unfortunately, the backup drive died (it didnt give an error) the two days before the main disk died. So we had two days with no backup.

That was a major issue, fortunately we had paper, and once the server was up, the days worth of orders were re-entered.

 

[DonQuichote]

I like the disclaimer in one of CajunCenturion's early post:

...If customer cannot provide a recent and verified backup, customer will automatically be charged at the normal rate of $XYZ/Time to create and verify backup before work proceeds.

If 'what if' stories don't help, financial consequences hopefully do.

 

[garwain]

I have a general contract for most just that just say that I will not be held liable in the event of data loss, or hardware failure, yada, yada, yada...

but for more dangerous work ie format+re-install I will make an image of the HDD(s) first,and my contract reads to the effect of:

It is assumed that the client will have a backup of all data on the system. The company will take percautions to retain all data on the system, but it is not garanteed that the company will find all the required data. The company is not liable for lost data. The company will make independant backups which will be retained for one week after the service, but these are not to be considered official backups as they may be corrupted, lost, or damaged.In the event of missing data, the company will attempt to retrieve the missing data, but will not be help liable for the failure to do so.

I don't have a copy handy right now, but I believe that is pretty much what is said. I would recommend that anyone servicing computers have a contract that will cover their backsides in the event of unforseen disaster.

 

[KimberTech]

Garwain....
Thank you for your input.

I would like to get the official version from you, and to know if it was passed through a lawyer etc first and if so in what State or Province.
I am thinking I may need a lawyer to do the contract for service to protect my hind end...

Sucks to have to...but have to.

Kimber There is no such thing as a dumb question. Only a dumb mistake because you didn't ask...

 

[Chopstik]

I might be able to add a little bit into this thread from the aspect of the business' that do not seem to want to backup (or worry with the possibility). A major part of it is financial. Not always, and not necessarily the only reason, but often it is financial. That, combined with a general lack of understanding of the technical process or problems contained therein, is what often prevents a lot of business' from worrying about (or even thinking about) backing up data.

These companies (often smaller) are concerned with keeping their business going. They see the computer/technology as the method by which everyone else is keeping things going, so they want to make sure they don't fall behind. They often want to have the best and the newest and the fastest with the least amount of cost/trouble (heck, doesn't everyone?). Worrying about things that may or may not happen to cause them problems in the future may be a smaller concern to whatever other issues they may be facing at the given moment.

Our responsibility is to give them our best and make sure that they are functioning with as little trouble as possible. At the same time, especially in today's litigation happy world, we want to make sure that we are protected should any problems occur. And with technology (as many of us can attest to), it can be remarkably easy to inadvertantly have a problem. Explaining this to a business owner, especially a non-technical one, can be very trying. The owner may not care, may not have the money to do anything about it even if they do care, may have other pressing matters that may take precedence over "possible future problems", may put it off and forget about it, etc.

If a business owner has to make a choice over whether to backup existing data or make investments that will possibly increase their revenue, they are more likely going to make the latter choice in spite of the possibilities as far as their data goes. The same applies if they are in a financial bind, technology related resources are going to be much later on the list of things to worry about. It may not make sense to us on the technical side, but we have to remember it is we who are serving the business side, not the business side who is serving us.

That said, the best we can do, as several people have pointed out here, is to impress upon them the necessity of backing up data, and often doing a financial breakdown of what could happen if they don't is the most effective, keep our own notes and then do the best job we can under the circumstances we're allowed to work within as defined by the business owner. I have found that being flexible within these parameters is often the best that I can do. The other note I would add is, if you want to prevent the problems (since you are external), put the conditions into your contract under which you will work. Insanity is merely a state of mind while crazy people have a mind of their own.

 

[SteveTheGeek]

Chopstik makes an excellent point, and it reminds me that a few posts here have talked about "teaching them a lesson" such as apparently charging more than necessary for a data restore. How would you feel if a building contractor charged you more to repair your house after a fire because he found out you didn't have fire insurance and wanted to teach you a lesson? Or a doctor that doesn't give you medication after surgery because you hadn't been getting regular physicals that would have identified the need for the surgery sooner?

Recommend whatever backups and fault tolerance the situation calls for, and provide the background necessary to understand the need. If they don't want it, legally CYA. But at that point, back off and let them prioritize however they see fit; it's their boat and they can row it however they want.
-Steve

 

[petermeachem]

I think the chap's point was that he was the IT department for the firm. He appreciated that they had most of the companies assets on the computer, they actually had backup equipment, he had shown them how to use it, he had explained the importance of doing it for round about a year and they couldn't be bothered. If they had just got the data back for £300 they would have just carried on not backing up until the disc really screwed up. At which point they would most likely have had to close. His reasoning was that by charging them a huge amount they would actually mend their ways.
Personally, I wouldn't have done that anyway. My customer was so worried about the data they would have paid anything. I could have easily just sent the disc off to Ontrack (loads of money), but I found a local guy who gave them a discount because they were a charity. Peter Meachem
peter @ accuflight.com

 

[Zarcom]

I have to agree with Chopstick and Steve. There is no ethically sound reason to to charge someone an irregular large amount to "teach them a lesson".
If we start down that path to use and extreme example then we might as well put people who have say a genetic tendency to commit crimes in prison and enforce the death penalty on infants who show signs of homicidal behavior.

You cannot force your beliefs onto anyone else no matter how right you are.. or believe yourself to be.

Don't get me wrong I am a strong believer in backups, just that we need to go about convincing people of this in a courtous manner. One that doesn't offend but convinces.

A warrior that believes is twice as good as one that merely fights. That'l do donkey, that'l do
Mark

 

[petermeachem]

Suppose the alternative is for 5 people to lose their jobs.

What is all the rubbish about genetic tendencies and forcing beliefs about. All he was asking them to do was to stick a backup tape in a pc once a week. It's not a religion you know.

Can't think why I am defending the bloke, except reading complete claptrap annoys me.

My customer would have closed if they hadn't got that data back. And no it was not my responsibility to do anything about getting them to backup, I just wrote a couple of programmes for them. That would have meant 15 people without jobs.

So you would stand up in front of them and say 'oh I didn't think it was ethically sound to persuade to to do something sensible'.

AS you appear to be into completely stupid examples, suppose you knew someone who drove with his eyes shut. Should you 'force your belief' that he should really open his eyes.

I give up.
Peter Meachem
peter @ accuflight.com

 

[DonQuichote]

I don't believe in charging unreasonably much for repair either, but it is not uncommon to impose 'good behaviour' restrictions on a contract.

A security firm usually has a restriction that they will not turn up anymore after some amount of false alarms in a certain time.

As Peter Meachem wrote, there's quite a lot at stake. In extreme conditions, your client may not even be able to pay your bill when things break down. So it is not that strange to demand a backup policy in your contract, with a possible alternative that you do the backup yourself at extra costs.

 

[petermeachem]

This link has some relevance

http://www.silicon.com/ess55108

Peter Meachem
peter @ accuflight.com

 

[SteveTheGeek]

And here's another good one from today's Register:

http://www.theregus.com/content/7/26044.html

I guess my overall take is that I must present the risks and benefits of an adequate backup strategy (and repeat as necessary), but I'm there to provide expertise and service, not force them to learn valuable lessons. If showing them examples of how (small) businesses have lost thousands in revenue, productivity, and recovery from relatively common mishaps doesn't clue them in, oh well.

I may well be biased in my views since of a half-dozen or so companies that didn't have adequate backups when I came in, all are either closed (for reasons not relating to IT) or are running solid backups now without learning the lesson the hard way. Now, the larger-scale disaster recovery planning is a different situation entirely - I know of few small or medium businesses tackling that.
-Steve