When was our last successful, full system backup?
This one should be an automatic answer and the answer should be last night. The two key words are ‘successful’ and ‘full’. Gone are the days of incremental and differential backups. The low cost of storage both off site and on premise allow for image based, full backups daily. If you don’t receive these answers – you need to ask ‘Why?’.
When was our last full, successful test recovery from that backup?
This is different from Question 1. It is one thing to rely on screenshots, automated messages of success, and no errors reported. You can always trust – but make certain you verify.
Not performing, at minimum, a routine folder recovery test is ill advisable. You should try to schedule and perform a full disaster recovery test at least once per year. Not doing this is like driving cross-country in your car and not knowing if you have a spare tire. By the way – have you checked the air in your spare?
When was the last time our network was scanned for the existence of malware?
Many Anti-Virus software applications scan for virus signatures real-time. Yet sometimes malware enter your system through web surfing, malicious emails opened unintentionally and rogue software installs. Periodic manual scans of critical devices may expose malware not yet identified by commercial antivirus software. The rogue applications often referred to as ‘Zero Day Threats’ can wreak havoc on your data. Once discovered, sometimes your only recourse for recovery is a reliable backup. (See Questions 1 and 2)
Does our Internet connection pass through a commercial firewall with subscription-based security services?
Effective data security is a multi-layered process. Your firewall is all that stands between you and the ‘bad actors’ trying to gain access to your network. This is no place for a residential router that you buy at the local office supply store. Not only do you need a commercial firewall – you should budget for the subscription. Otherwise, even the commercial router becomes ineffective. Another option is to subscribe to Security as a Service (SaaS). This allows you to pay a fixed fee for a commercial router that includes a subscription that is maintained by your IT vendor.
Do we have a documented list of users, passwords, and access privileges?
It is important for you as the owner or party responsible for your network to know who has access to what. This includes contractors who have access to your network. The administrative user has complete control over your data. It is imperative that you have that password if none others. If you ask for that password and meet resistance from the individual or contractor who possess it – you have far greater problems.