Ransomware attack exposes CPA to limitations of cloud backups

Ransomware Attack Exposes CPA to Limitations of Cloud Backups

Geni Whitehouse wanted an easy and accurate backup solution to protect her client files

Imagine this: with tax deadlines approaching, you learn that a cloud-based software you rely on is no longer accessible. You try to log in and your credentials aren’t working. And finally you get a message from the service provider, informing you the system has been subjected to a ransomware attack. It’s a nightmare scenario for bookkeepers or accountants working with sensitive & critical data.

This nightmare became a reality for Geni Whitehouse, CPA and international keynote speaker. Yet dealing with a system outage was also a new beginning. She successfully solved this challenge but she joined thousands of other cloud accounting experts who have realized that “cloud” and “data protection” are not synonymous. A move to the cloud did not automatically remove her responsibility to be a steward of client data, instead by recommending the move to the cloud, she had taken on an even greater responsibility.

Cloud data limitations and challenges

Cloud-based services and technology have become so commonplace that most users don’t think twice about putting data into the cloud. Users have faith that they can access what they need, when they need it. “We assume the cloud has us covered,” says Whitehouse. “That’s why we’re putting it there.”

But the majority of online services operate on the Shared Responsibility Model for data storage. Under this model, cloud services which store data, like Salesforce or QuickBooks Online, backup their system’s information and a limited selection of recent user data. It’s incumbent on you to protect any of the unique or date-specific information within client files. It’s the only way to access a historical view of a client’s set of books or to provide an auditable record.

Without a backup strategy to protect client files, Bookkeepers and Accountants are at risk of permanently losing the data which powers a client’s business. And the risks come in a variety of ways; Human error, third-party software integrations and malicious attacks like Ransomware.

Recovering from a ransomware attack

Ransomware is one of the most common cybersecurity threats facing businesses and the general public alike; from 2018 to 2019, ransomware attacks increased by nearly 500 percent. Attackers compromise IT systems and accounts before locking out the rightful owners, ransoming access to the account. Unfortunately, paying this ransom is not a guarantee that an attacker will keep their word.

Furthermore, Ransomware attacks like these can wipe out confidential client files in minutes, and account for nearly 20 percent of all cybercrime incidents, according to a report from Accenture Security. As more Certified Public Accountants (CPAs) and bookkeepers make the switch to cloud-based systems of all kinds, concerns about ransomware remain a top-of-mind issue.

For Geni Whitehouse, she had moved vital client data off her own servers thinking it would prevent these types of attacks. This included spreadsheets, copies of legal documents, invoices and all the supporting work done since the start of the client relationship. She had found trying to stay on top of data security best practices to safeguard this data, became increasingly difficult for her small practice to manage. The resources of cloud storage providers were supposed to be superior to those of individual users.

After the breach notification and some frantic phone calls with the cloud provider, it became clearer that their online backup systems had been compromised as well. While her team was able to continue to provide monthly accounting services, crucial client working papers were no longer accessible.

Ransomware Attack Exposes CPA to Limitations of Cloud Backups3

Better backups for better service

For the most part, Whitehouse was lucky, although her outsourced server had been compromised, the cloud provider was still able to salvage an older, outdated backup – five days later. “That was five days of complete panic, heart attacks, and complete shock,” says Whitehouse. Every moment she spent on the attack was a moment that could have been put to use advising her clients. “The mission of my life is to make a difference for a client,” says Whitehouse.

I want to help make their lives better. If we can help them do that with the right tools, that’s a huge win for me.
– Geni Whitehouse, CPA and International Keynote Speake

This experience also awakened her to the limitations of backups within cloud software. As many do, she assumed data could be easily restored in the event of a problem. Whitehouse was surprised to learn that her data was not consistently and regularly protected. Even more surprising; the contract she signed required her to make a separate backup, of her own data. For Geni Whitehouse, this lesson in the limitation of cloud platforms was a revelation.

Having worked closely with technology companies over her career, she knew there had to be a better solution for the issue she was facing, one that wouldn’t just address her concerns, but those of her clients as well. “I need to be able to connect any solution to a problem that I know applies to my customers.”

Installing Rewind for total control over backups

Discovering Rewind Backups for QuickBooks Online was a game-changer. “I’m always proactively seeking solutions that are going to help [my clients],” says Whitehouse. “The ability to create a backup, at a specific time, is a huge source of peace of mind. Now, I know I can always return to that selected backup I made.”

Rewind provides an added layer of redundancy while eliminating the need to manually upload unwieldy file formats. Rewind Backups for QuickBooks integrates directly into the platform, providing continual versions or “versioning”. Users can restore client files to any specific date and time. Five day uploading marathons are now a distant memory.

“I can’t imagine why anyone would want to do that,” says Whitehouse.

If I wanted to backup my QuickBooks info on a hard drive, I would have to export a whole bunch of files one at a time. And it would be a nightmare. – Geni Whitehouse, CPA and International Keynote Speaker

Rewind also follows the best practices of the data security industry. All backups are encrypted and stored in the Rewind Vault. You can read more about that at rewind.com/security. Rewind also works with QuickBooks to perform security audits on an annual basis.

Backups for QuickBooks Online also provide a more complete picture than manual export and import, capturing unique attachments and data points that otherwise might be lost, requiring further work. This control and flexibility offers additional value that Whitehouse can bring to her clients. She can automatically create a secure and fully auditable record of their books.

“I think the affordability, the ease of use, and the roadmap drew me to Rewind,” says Whitehouse. “With Rewind, I know I can go back and restore individual aspects of a file. This lets me get back to a place where I can proceed with the important work that we are doing.”