Do you know if ALL of your data is safe and accessible in case of a natural disaster or even something as simple as a power surge? As an information provider to the Debt Collection Industry, today The National List shares input on backups from two of our member firms, Roosen Varchetti & Oliver and Balekian Hayes, PLLC, and from our off-site backup and recovery firm, Vault 1440, LLC. If this information helps even one of our clients &/or members to save and recover valuable data, it will be time well-spent!
Richard Roosen of Roosen Varchetti & Olivier
“The history of our firm goes back to 1910. We believe you have to know where you’ve been so you know where you’re going. We are ‘wide awake’ when it comes to collections. We are a very proactive organization that believes in and practices crisis planning and disaster recovery.
- We back up our data every night and have off-site storage 20 miles away.
- We have two IT guys on our staff.
- We only buy from and use vendors that can give us back-up service and state-of-the-art technology.
- We have a fireproof file room, but the only paper we have fits in two 4-drawer file cabinets. Everything else is scanned.
- We have two Operational Managers—another form of backup. We are fully-staffed at all times, and our goal is to return calls and emails within two hours.
Carl J. Varchetti of Roosen Varchetti & Olivier
For us, a specific type of backup is kept as a snapshot or a single image of the system as of the particular time that it gets archived. The backups are as granular as is needed to capture file level changes. They are not a completely new creation every time. The backup software identifies all the files that have been accessed/changed and essentially only copies those files to the backup image.
For replication, we have a secondary hardware server that is always up and running and capable of being switched over to, in the event that there is a hardware failure. By using VMWare (hyper-v), we are able to host multiple servers from a single piece of hardware.
We currently use VEEAM for our backup and replication. It has a fairly simple-to-navigate user interface. We can restore a whole server or just look for specific files. The data is backed up and stored on a separate, secured, network-area storage device (NAS). These backups are also copied over to DVRs monthly for permanent, long-term storage. Copies of the DVRs are stored under lock and key in the office. Our servers are maintained in a data center that has multiple power and network connection redundancy options.
Primarily we rely on third-party IT support for the setup and maintenance of the backup schedule. However, we do monitor and check the backups. We know how to access the data and test it with staff in-house. Our backup procedures are really client-driven. That means to some extent they are industry-driven. Without disclosing specific clients, I can say that banks, as we all know, are heavily regulated, and they require the same regulations be followed by their local counsel as they are expected to follow.
Given the increased complexity and reliance on IT systems these days, it is best to make sure that you have more than a single backup plan, and also written plans documenting secondary and tertiary strategies. As the size of the company grows, the reliance on IT systems also grows exponentially, and every minute of downtime carries a greater loss. It is important to know and monetize how much downtime costs, and to employ an appropriate number of back-up strategies to balance the cost of backups vs. the cost of extended downtime or even complete data loss.
Kris Balekian Hayes of Balekian Hayes, PLLC
Balekian Hayes specializes as a full service collection law firm that represents clients from many industries in both the consumer and commercial environments. Balekian-Hayes has chosen to work from a collection agency platform which allows for flexibility and enterprise-level band width to handle large clients and millions of accounts with the comfort of having a law firm at the forefront of the process. Our collection software system has a robust database backend which allows data to be easily accessible and efficiently reportable.
We back up all critical data daily in “file level” format. We have a multi-tier backup process that includes onsite and offsite storage of all critical data. We have an extensive disaster recovery plan that includes not only redundant backup procedures but also powerful recovery strategy compliant with FDCPA, HIPPA and CFPB laws and regulations.
Darrin S. Lee, CEO, Vault 1440, LLC, and provider of off-site backup services for The National List
All NL data is backed up nightly, but some critical data and core business applications are backed up multiple times throughout the day to minimize data loss. I just heard about a business that used an image-based backup to protect their data. (We don’t think that’s the best way to protect your data.) They got hit with the “ransom” virus, and it rendered their image-based backups useless. They couldn’t restore any of their data. With a file-level data protection approach, like we suggest, restoring data would have been easy.
We make the data easily accessible by storing it on the NL network as well as in two separate data center locations. This ensures NL can restore their data 24 x 7, or 1440 minutes of every day. Data retention length is completely customizable to our clients’ needs. We work with NL to identify more critical and less critical data and retain each accordingly. Your IT provider should be able to help you meet legal, contractual, and insurance requirements that may all drive how long the data needs to be retained. A number of creditors and law firms are requiring that those they do business with have backup standards that are the same as their own.
We are a cloud provider, but we realize that our clients may lose Internet connection periodically. So we store a copy of the backed-up data locally, as well as in two geographically diverse data center locations. Redundancies are important, whether they be Internet links, power supplies, servers, etc. It’s all about the recovery.
There are four critical components that we have found are especially important to the debt collection industry: security, availability of data, automatic data protection, and data retention:
Security: NIST FIPS 140-2 Certification: this hard-to-obtain certification by the U.S. federal government certifies that the data is fully encrypted from cradle-to-grave.
Availability of Data: It is important for your backup to have a local and remote copy. That way, if you lose an Internet link, you can still restore your data.
Data Integrity: We continually run data validation (we call it “autonomic healing”) to ensure data integrity.
Data Retention: We can store various types of data for as long as our customers require it. We have options for Archiving as well.
We had a client where a staff member accidentally deleted about 50 active collection files. They were devastated and panicked. But because we were protecting their data, we had their data back within 13 minutes. They were very happy and never went back to their old USB drives and tape backups. National List had a laptop that crashed. We were able to quickly restore the data from that laptop unto a replacement—it took about 15 minutes from start to finish. National List was relieved to have that data back so quickly and reliably. Realize that, as in most other partnerships, you get what you pay for when it comes to protecting your critical business data.
Vault 1440 can protect data that is already in the cloud. Even if you use cloud services such as SalesForce.com or Google Apps, you are responsible for backing up your data. Companies like Google perform their own backups to ensure that your data is available at all times, but they are not responsible for helping you retrieve deleted, edited, or corrupted information. Because they use Vault 1440, NL can protect servers, desktops, laptops, and all mobile devices—all with the same security and reliability.
We work with firms who value their data. They may have their own IT person or outsource their IT. Regardless, our data protection just happens in the background, without human intervention, and our clients can rest easy that their data is safe.
National List Disclaimer
The information in this blog is not to be considered legal advice. We encourage all of our members and clients to find a data backup solution that meets their needs and the needs of those they do business with. We are satisfied with the backup service we get from Vault 1440, but you may have an internal or outsourcing solution that works equally as well for you. Another round of devastating storms reminds all of us once again that data security should be a top priority in our business strategy.
by Marti Lythgoe, National List Editor