Is Billing Clients To Test Backups Normal 2024
Billing clients to test backups and if it is a normal practice will be the subject of today's article. Another reasonably complex topic with a range of exciting possibilities.
I will focus on the main variables of cost versus features as well as mention the risks involved in trying to cover everything under a single backup agreement while also keeping the price down.
I touched on a few related topics in other articles that discuss your legal liability during a client breach as well as the risk involved during an MSP sourced data breach so take a look at those if this is not quite the right subject.
While you are here, take a look at some of our other backup content materials below that may interest you:
- Do Tape-Based Backups Still Have a Place Today
- Enterprise Drives Purchased from Amazon - Warning
- FreeNAS vs TrueNAS
- HPE GreenLake vs Dell Apex
- HPE StoreOnce Backup Appliance vs Barracuda Backup Appliance
- Is Asustor Better Than Synology
- Is Cloud Storage a Viable Alternative to NAS Storage
As a secondary goal of the main topic, I will also discuss how documentation can help IT consulting services manage and maintain data recovery solutions effectively as it specifically relates to this topic.
Knowledge management is also an essential aspect of the IT industry whether it be backup billing discussed here or recording the steps involved on how to backup a MAC desktop so that others can fault find in a time effective fashion . It enables IT contract services to manage and maintain the IT infrastructure of their clients effectively.
We have years of experience in working with service providers to document their processes and procedures and there is no area more important to a service provider than how their clients' backup and disaster recovery systems are documented unless of course your reputation is not important..
Backup Cost Versus Backup Features
Backup cost is something most clients are trying to minimize while as a service provider, you are likely attempting to include as many backup features as you can while also ensuring the client signs on to your backup solution.
I am not a legal advisor however it is a really good idea to always offer potential clients backup upgrades to whatever backup solution you have chosen for them. The backup framework should not change, you do not want your technical staff to have to be familiar with 10 totally different backup solutions however you do want to design it so that your solution is scalable.
This allows you to offer the same solution to either small potential clients or larger clients. Backup documentation is the same across the board meaning less need to create 10 different documents and maintain those 10 documents.
Withholding Backup Features
Most service providers do not consider that withholding backup features is actually a great risk management strategy as far as likelihood of being sued for incompetence.
As an example, say you offer an all in one backup solution called the Jurassic park platinum plan that spares no expense and that is the only backup solution you offer.
First it makes it a tough sell to all potential clients as the backup cost is likely to be high but more importantly, if something goes wrong and the client seeks legal compensation for something you promised yet did not deliver, it will become a serious headache for you and your cyber insurance company.
You think you are doing the right thing throwing everything into the best possible backup you can, however if that best backup solution is found to be lacking and there is no evidence that you offered the client backup addons to plug in whatever hole they believe is there, then you will need to brace yourself.
Always, always have expensive backup addons to your backup solution. Have evidence that you offered the client these addons ideally with a client initial next to each addon that was presented and turned down.
Why is this important?
This recommendation, and you can take it to the bank, by offering expensive back up addons, you have gone a long way to demonstrating if it gets to court, that your organization offered your soon to be ex-client the very solution that would have prevented whatever situation caused you all to end up in court in the first place.
Do you see that by offering an all in one backup solution that leaves nothing left that it opens you up in a big way to being sued. The client will say something like “this problem was caused by that nasty looking man in the dock over there, he never gave us any options to avoid this situation and we paid him for his expertise”
The judge will look over at you as will a non technical jury if it gets that far with a look of mild annoyance that you have made them sit through days of stuff they really do not understand or care about.
They will likely put themselves in the client's position which is the person who paid a so called expert to look after every conceivable technical threat and through those eyes and regardless of how unfair it might be, you will lose because all they heard was “this expert did not offer any solutions to this issue happening” You may as well drop your trousers in advance.
Test Backups - Bill For Them?
So hopefully you are following me here. Testing a client's backups especially if it is done manually and regularly is a relatively expensive evolution requiring experienced staff to carry out.
Do not be shy with the cost either, how long is a piece of string when it comes to prices however $300 or up per manual restore test would not be unreasonable.
Remember, they do not have to take it, you just want evidence documented that you offered it. If you do not offer it and do not carry it out and it results in client damages then you will have zero defense.
This feature is just one example so my advice is absolutely do not offer this as part of your entry level backup solution. Have yourself a mother beautiful brochure created and test it on non technical friends and family to see if they can follow it.
Now I am not going to tell you what backup inclusions should make up the basic backup offering, that is up to you but it should include enough so that you can sleep at night.
Remember though backups are not insurance, you are not guaranteeing anything here, you are offering a service.
I would absolutely recommend separating test restores as an optional extra with some exceptionally written plain wording explanation targeting non technical people so it is more than obvious what saying no to this option could result in.
Cybersecurity Insurance
Whatever you write and that includes brochures and agreements, make sure you pass it by your insurance providers before you sign a client up. It really is so important these days.
Hypothetical Court Date
Ok so you are sitting in the dock again in an alternate reality only this time when you are asked if you had offered any advise on how to avoid whatever issue led you to be in court, you can whip out the agreement and 3 emails that demonstrated that you offered the client a disaster recovery solution that would have completely avoided this situation.
Suddenly the jury is thinking “this poor man sat their and basically pleaded for the client to follow his sage advice to avoid the risk of this happening and yet the greedy fat fingered client that smells faintly of onion who has dragged him here refused to follow the advice of this responsible individual”
It did not require the client following your advice, you just needed to ensure that you provided the advice and more importantly have evidence that you provided the advice.
Automated Test Restores - Freebies?
No - My view is the client is probably not interested in the technicalities of your backup pitch. They do not really understand the difference between an automated test restore or a manual test restore.
An automated test restore gives you another way of offering a solution to their potential problems. As long as you write what it is, how it differs from a manual test restore and then put a price on it that reflects the fact that it is not an ideal alternative to a manual test restore and pass it by your cybersecurity insurance contact and they give it the green light then go for it.
If they turn both down then there is a far higher likelihood that a court will see that you offered solutions to prevent the damages caused and the client turned them down. Not offering these items or even worse including them in a total backup solution is not a good idea in my non legal opinion.
All In One Backup Solution - Just Say No
I am a strong believer in only offering a single backup and disaster recovery solution which may involve both local Network storage components as well as 3rd party cloud vendors however I am against offering a total all in one solution for the reasons mentioned above.
Other Backup Addons
Here are some ideas that you can separate out from your backup offerings to both increase profit margins while simultaneously reducing your service providers risk profile:
Incremental Backup Coverage
Offer a basic level of incremental backup coverage and retained storage days while also offering say a couple of other plans that are more comprehensive in their coverage including a longer retained history.
This is not about boosting profit margins, that is just a nice side effect, it is about forcing the potential client to understand exactly what each one of the backup options actually means. Go through each one and ensure that you have a brochure that explains in plain English exactly why each one is more expensive than the last.
If you get to the point of signing the client up, ensure that you get them to initial every single option they chose not to take.
Disaster Recovery Work
When I ran my own MSP many years ago, I used to include up to 2 hours of labor as part of the backup agreement and beyond that and at our discretion we would require 100 hours of block time payable in advance to work on a legitimate disaster recovery scenario.
It is important to vet your clients based on if you think they are likely to dispute being billed for a disaster recovery incident and you absolutely need to make it clear that this does not form part of the backup agreement.
The reason why a 100 hour block of time in advance is something I used to require was because it is usually a highly contentious environment. It's my experience that most clients will conveniently forget it is a separate billable event and will almost say anything to get you to work on recovering their information before disputing any charges once the work has been completed.
Depending on a client's environment, the cost can easily blow out to 300 hours or more of man hours that is normally an extremely stressful and emotionally charged environment for you and your staff.
RansomWare and Data Breaches
We are no longer in the 90s anymore, ransomware incidents are increasing both in frequency and total amount. I have worked in the IT industry since the 90s and I have never been involved with an MSP or met an employee of an MSP that I would consider competent to handle a ransomware or data breach incident.
In general, technical staff at a service provider are excellent at walking into almost any computer environment and very quickly gaining an understanding of how it is all put together especially compared to say an internal tech that has worked in the exact same environment for 10 years. I am not saying they are better but they are better.
They are a different animal and neither have the capability in most cases to handle ransomware or breach of data. You need specialist staff who do this sort of thing day in day out. We are not talking about running a virus scanner or restoring from backup here. It is far more complex in today's environment.
Whatever you do, in an event where there may have been a compromise, do not just restore from backup. Everything has to stop, contact your cybersecurity insurance person and explain the situation.
They will generally have experts they can contact who will know how to examine server log files etc to find out who, what and where as well as how serious the incident is as well as working in a way that minimizes your liability as a service provider.
Having Jimbo the dude that learnt everything building computers for family and friends and eventually got a job as a level 2 support desk operator traipsing through your clients potentially compromised system, recovering from backup and overriding evidence and culpability records is about the worst thing you can do.
Yes it will inconvenience the client, yes your premiums may rise but it is the best course of action.
Conclusion
Testing client restores is perfectly normal however I like to think I have demonstrated the importance of charging like a wounded bull for extras including this. Charging more money helps your clients because you are better positioned to help them.
There is nothing worse than a weak managed service provider who says yes to every client's demand, has an empty bank account and cannot provide the advice they are fully capable of.
It improves profit margins and more importantly creates a paper trail demonstrating the wise, sensible advice that your client may decide to completely ignore.
You need to give them the option to ignore your advice, not doing so will put you into a corner where bad things will be done.
We have a number of other client based backup articles listed below that will provide you with more detailed information on a number of related topics:
https://optimizeddocs.com/blogs/backups/backups-client-index
Our team specializes in strategies for I.T support provider organizations that assist in improving profit margins through standardization and consistent record keeping strategies, so you can be confident that our content is tailored to your needs.
Please feel free to explore our other articles and click on any that interest you. If you have any questions or would like to learn more about how we can help you with your documentation needs, please click the "Get In Touch" button to the left and we will be happy to assist you. Thank you for choosing us as your trusted source for technology documentation.