Data Loss Disaster Recovery Backup Plan Sauvegarde des Donees
In most of the scenarios, data is the most valuable for all companies. This kind of data can be of all types, accounting data, then the sales data, customer data and so on. As soon as the first pc is set up company data starts to be created and to spread. Servers start to be filled up with files, from insignificant to top priority ones.
A very large number of my customers have various systems set up, from easy to very complex. Some have no Disaster Recovery plans, or simply believe IT is overrated.
In this context, I have seen a retirement home in France close its doors because of a ransomware attack. They had a contract with a service provider for their IT, they paid expensive servers and the systems worked well over 10 years. During that time, no major issues occurred, the service provider has never been proactive, they did monthly maintenance and got the monthly check.
As the customer, did not have an internal IT Manager, they ware under the impression that Servers on and Programs can be accessed equals all is well.
Than in 2016 for some reason a ransomware made it to a domain controller and took it down. The encryption key was very strong and all the data on the server (patient data, history, accounting and so much more for 10 years of activity) has been compromised. There was no backup plan set up, No restore possible, even worse the Digital archiving System was hosted on the main server.
The contract with the service provider did not mention anything in concerns to data loss, they were only supporting the Retirement home on It Incidents.
Only when I think about it I get goose bumps…. A long line of misfortunate decisions.
Two weeks after the Server has been compromised all patients have been moved and the retirement home has announced its Bankruptcy.
Even today it is a nice place to visit by Urbex Fans.
This is a story that has a sad ending, but what did we learn from it?
The answer is straight forward. Even when you have a contract with a service provider you need to know what that agreement means and what are your rights.
Than if the service provider never comes with suggestions or improvements, you should immediately ask yourself, is he worth the money? Is their price /service justified?
Not to mention that a service provider that never invests in building a Design Documentation or simply a Technical Documentation, will never be able to explain changes or clearly state what works have been executed. Possibly they are also overcharging you.
A service provider should always try to make benefit, but try to put customer first and offer a quality solution.
Without analysing customer needs at every step, the customer could end up bankrupt, this is something we avoid at all costs.
Better spend more time on planning than doing a quickie and be sorry afterwards.