My firm’s data is only backed up by QuickBooks Online… is that enough?

Geni Whitehouse | Last updated on November 24, 2022 | 5 minute read

best apps for cloud accounting

Utilizing the cloud-based QuickBooks Online is convenient and fast for a growing number of firms. Yet, questions remain regarding backups of the data created and stored in QuickBooks Online client files. On QuickBooks Desktop, it was simple to download and create regular backups of your files. But if your firm’s data is only backed up by QuickBooks Online, that’s not enough. To maintain secure backups of all client files that can be restored quickly in the event of data loss, IT best practices recommend the 3 2 1 backup rule. 

The 3-2-1 backup rule

The rule is: keep at least three (3) copies of your data, store your information on two (2) different storage media, with at least one (1) of them located offsite.

Here is how the “Rule of three” works: First, you have your original data (Copy 1). It is stored on a device of some kind – such as the accounting platform’s server. Since you cannot pick and choose which items you’d like to restore to a prior point in time, you turn to your backup that has been made on an external hard drive (Copy 2). Now, if that backup device has failed, your backups weren’t performed correctly, or you lost that external hard drive you’ve been carrying around, you are out of luck. That’s where that third backup (Copy 3), made via Rewind Backups for your cloud accounting information comes to the rescue. It is offsite and is managed independently of the other two sources of data.

By following the 3-2-1 guideline above, you will significantly improve your odds of having access to information when you need it.

3-2-1 backup strategy

External backups for compliance

Regular backups that can be restored quickly increase your firm’s compliance with various global regulatory requirements, including FTC Safeguards, IRS 4557, NY Shield, GDPR, and more. 

In April 2019, the Center for Information Security released its guide called The CIS Controls™, which “are a prioritized set of actions that collectively form a defense-in-depth set of best practices that mitigate the most common attacks against systems and networks.” In this guide, the center recommends “all backups have at least one offline (i.e., not accessible via a network connection) backup destination.”

The IRS publication Safeguarding Taxpayer Data recommends in their FTC Safeguard Rule compliance checklist, “A routine backup means you will have a copy of your data. A data loss or ransomware attack (as well as a hurricane or flood) will not destroy all your files.”

The speed at which you can recover from data loss or corruption, known as recovery time, is a common audit requirement. A third-party, independent backup and recovery tool for your financial data is the fastest and most reliable method to ensure your client files are always secure and available in the cloud. 

Your data is vulnerable

You’ve likely heard the news that Intuit has acquired ChronoBooks and will be offering its service for QuickBooks Online users. It’s great that QuickBooks Online recognizes the need for backups BUT this does not mean that you are fully protected or secure from your data being compromised. Furthermore, QuickBooks Online’s terms of service encourages users to archive their data, even with its new backup feature, as it is the user’s responsibility for any lost or unrecoverable data under the Shared Responsibility Model.

6. CONTENT AND USE OF THE SERVICES
6.1 Responsibility for Content and Use of the Services.

a. Content includes any data, information, materials, text, graphics, images, music, software, audio, video, works of authorship of any kind, that are uploaded, transmitted, posted, generated, stored or otherwise made available through the Services (“Content”), which will include without limitation any Content that account holders (including you) provide through your use of the Services.  By making your Content available through your use of the Services, you grant Intuit a worldwide, royalty-free, non-exclusive license to host and use your Content. Archive your Content frequently. You are responsible for any lost or unrecoverable Content. You must provide all required and appropriate warnings, information and disclosures. Intuit is not responsible for any of your Content that you submit through the Services.

When protecting and securing your data and, more importantly, your client’s data, you must remain vigilant. Relying on your cloud service provider’s system backups isn’t sufficient protection. More specifically, backing up your QuickBooks Online data to an Inuit company is not the most secure way of protecting your data. It’s the same thing as backing up your hard drive to your hard drive – it just doesn’t make sense. The purpose of a backup is to have a copy of your data in an external location. You need the ability to restore selective data backups, based on a date and time you specify. You need to increase your confidence that you have done everything possible to minimize the risk of data loss. That’s why you should turn to the experts at Rewind who recommend following the 3-2-1 backup rule to provide the highest level of confidence that your data is being adequately protected.

A robust backup plan mitigates your risk

As I mentioned in an earlier post on the myths about cloud data backups, it’s not just about access to the backups or making copies of your data, it’s also important to have control over the data being backed up and which pieces of data you are able to restore. This is particularly important for users of cloud accounting software. The data we are managing is incredibly sensitive, and lack of urgency towards data security can have devastating results. Following the 3-2-1 backup plan ensures that your client data is completely secure, and the process can be presented to your clients, showcasing your expertise in cloud accounting and data security.

My 3-2-1 backup plan includes Rewind, as it allows me to have complete control and insight over my backup PLUS the ability to selectively restore data when needed. I recently made a drastic change to a client’s chart of accounts and would not have been comfortable making this change without Rewind in place, capturing backups as I worked.

In my opinion, a backup should not only be offered to Advanced users of QuickBooks Online. All businesses are vulnerable when it comes to data security, and it should be easy for owners of every type to have the peace of mind they deserve. That’s why I highly recommend Rewind’s automated backups; they offer full user control at an affordable price.

Backup QuickBooks Online today


Profile picture of <a class=Geni Whitehouse">
Geni Whitehouse
Geni spends her time between working as a winery consultant at Brotemarkle, Davis & Co in the Napa Valley, and is an advocate for data security. She is a regular keynote presenter at CPA and Technology conferences around the country and has been named a Top 100 Influencer by Accounting Today, one of 25 Thought Leaders in Accounting, and one of the 25 Most Powerful Women in Accounting by CPA Practice Advisor.