Backup or Perish

by Lloyd Borrett
Today's Computers, PC Australia, April 1985

Lloyd Borrett

Just how safe is your business? If, like many other small businessmen, you have moved key business functions on to a computer, your business may be seriously at risk. Have you sat down and thought about what you would do if your computer was stolen, damaged, or the data on it corrupted?

Put not your faith in the computer Murphy's Law should be engraved in big, bold letters on all computers — because mismanaged computers can, and do, cause businesses to go under.

The real problem is that no matter how much you read items stressing the importance of security precautions and data backups, you are unlikely to do much about it, and will in time become yet another victim of computer complacency. Several events that highlighted the problems with computer security have happened to me recently. In the first case I was both the cause and the victim.

Yes, after years of experience and many hours spent lecturing people on the risks of not doing backups, I, yet again, fell victim to that computer-age problem of no backup. It was to be such a simple job, installing a memory card with an additional 256K of memory into my home computer. This computer has a 10 megabyte hard disk, and normally runs 24 hours a day, seven days a week, as the PC Connection bulletin board system.

The 10 megabyte hard disk is almost full, which means it takes 20 or more diskettes and an inordinate amount of time to do a backup, which is the last thing you feel like doing at I I pm. And it was such a simple change. I do it all the time. No problem.

But I had one problem after another. The full story is too long and complicated to relate, but I ended up having to use a soldering iron to fix my keyboard, rebuilding the 10 megabyte hard disk without a full backup, using files scattered over about 150 diskettes. I got to bed at 5am.

The lesson is simple. Always do a backup before doing anything major with a computer. If you are going to in any way physically change a computer (relocate, additions, maintenance, etc), do a backup. If you are about to make any major change to the software, such as adding a new version of a program, do a backup. If you are about to make significant changes to your data, such as an end-of-month run, do a backup. (Perhaps Red Buttons could do a variation of his "never had a dinner" routine using the tag "do a backup".)

And even then, doing a backup may not be enough. The second case involved a customer who came close to losing his business, and yet appeared to have taken all the right precautions.

The phone rings. We are told that the customer has accidentally started the end-of-year run instead of the end-of-month run of an accounting system. Naturally there are a lot of prompts and questions designed to prevent this, but, like the best laid plans of mice and men, things can still go wrong.

A few quick questions, and we know there was a backup done last thing the night before and the end-of-year run was the first thing to be done that morning. The advice is to abort the run and restore the data from the backup set. I breathe a sigh of relief. At least some people are aware of the need for adequate backups, and do them.

But soon the customer is back on the phone. The restore from the backup set has aborted at diskette 10 of 18. Oh no! The advice is to try to make a copy of diskette 10. This works. Now use the new diskette when recovering the data. But it still doesn't work. There is another backup. It's two days old, but is promoted to No. 1 option. It aborts at diskette 4. Other sets of backups are tried. All fail.

The situation is now desperate. A medium-size firm has just lost all access to its accounting information, and it would take months of work to rebuild from scratch. The system, complete with backups, is delivered to our office, and the resident technical genius is able to rebuild the data files from the corrupted backup diskettes. And this wasn't as simple as it sounds: it took well over a day to do.

Here we have a customer who has taken what would seem to be all the right precautions. Certainly there were plenty of backups, and more than enough different sets of backup disk¬ettes. All gave no indication that they were corrupted. Have I frightened you? I can assure you this case frightened the hell out of me. The customer came extremely close to having to spend months rebuilding the data files from scratch, and I doubt whether the business would have survived such a disaster.

When I relate this incident to others they all say that of course this can happen if the PC DOS command Verify On isn't issued before running the BACKUP program. I then watch their face drop as I explain it was.

The format of the diskettes was corrupted. The disk verification CHKDSK would pick it up, and so would the RESTORE program, but not the BACKUP program. The solution is to run CHKDSK over every diskette after it is used as a backup (an extremely odious task), or to regularly run the FORMAT program over a set of backup diskettes before using them. The latter solution is preferable, and it is now a feature of my "How to do backups" lecture.

Shortly after these two events, I heard Kevin Fitzgertild, Australia's leading authority on computer security, speak to a Melbourne PC User Group meeting. I had attended several talks by Fitzgerald and read many reports of his activities, but it was worth being reminded of the problems (as if the previously described events were not enough).

Questions asked by others in the audience and discussions in the bar afterwards highlighted how little thought most people give to computer security, and the significance of the risks they are taking.

I have always appreciated the problem, and spent a great deal of time lecturing about it, but I still fall victim from time to time. There is always some risk, and complacency always seems to eventually set in. Thankfully I often see the problems of others, which gives me a much-needed jolt.

However, I have never been in the position to put anything as important as a valuable business and the livelihood of others at risk. If you are in that position, estimate what it could cost to recover from some of the nasty situations you could find yourself in. How much time, effort and expenditure is it worth to avoid that situation? Are you prepared to do it, or do you like gambling with big stakes?

Lloyd Borrett is president of the Australian PC User Association, founder of the Melbourne PC User Group and support coordinator for HiSoft Australia.