April 2013 | Disaster Prep: Special Issue
Preparing for a Disaster: Data Backup and Beyond
There has been no shortage of disaster coverage in the news over the last few years, from flooding to theft to wildfires. While the coverage of these events understandably focuses on the human toll, such disasters also do severe and lasting damage to the businesses in their path—law firms included.
A disaster can drive lawyers out of a firm’s office, prevent access to critical client files, disrupt communications inside and outside of the firm, and ultimately put time-sensitive matters at risk. To safeguard the firm, and more importantly its clients, lawyers must plan for disasters well in advance to mitigate the impact when and if they occur.
Unfortunately, many firms have neglected to prepare a true disaster recovery or business continuity plan. According to the 2012 Legal Technology Survey Report, only 61 percent of respondents reported that their firm has such a plan. That number drops to 57 percent at small firms with two to nine attorneys and to just 50 percent among solo practitioners.
While a comprehensive disaster recovery and business continuity plan has many facets, one of the keys in this digital age is securing and protecting the firm’s data. Client files, important communications, and valuable work product often exist exclusively in digital format today, and a major data loss brought on by a natural or man-made disaster could have catastrophic professional and ethical ramifications.
If you’re ready to begin your firms’ planning process or to revitalize an existing plan, data backup is a good place to start. We’ve put together a five-step plan to help you make sure you’re covering your bases:
STEP 1: ANALYZE
The first step in developing a data backup strategy for your firm is to analyze your current data usage. What data do you store, where do you store it, how often do you access it, and what are the risks and costs associated with losing that data? This is a challenging endeavor in the current computing environment, as data may be spread across numerous devices and services: computers and smartphones, firm servers and cloud computing platforms, etc.
Be sure to involve everyone in your firm in this exercise. You’ll probably be surprised to learn where firm employees—lawyers and staff alike—are storing valuable data. Use the opportunity to review your firm’s overall handling of sensitive data. If, for example, sensitive documents are being sent to personal email addresses so employees can work from home over the weekend, you may be facing serious security problems that will need to be addressed along with the backup issues.
In the end, your backup analysis should establish:
STEP 2: PLAN
Once you have a firm grasp of the size and scope of the data you need to backup, you should begin developing an actual backup plan. Your backup plan should provide at least two levels of redundancy, with both data redundancy (more than one backup of any given file) and geographic redundancy (backups in more than one geographic location).
The exact tools and software you use will vary widely depending on the size of your firm and the complexity of your electronic efforts. In general, you should:
STEP 3: IMPLEMENT
It may seem obvious to say that the next step is to implement your plan, but this is unfortunately where many well-intentioned backup strategies fall apart. Corners are cut both in cost and time, key efforts are entrusted to people who lack technology expertise, software and hardware is installed but never properly configured, and so forth.
Keep in mind that proper backup is critical to maintaining a healthy, stable, ethical law practice, and invest in its implementation appropriately. If your firm lacks the technology know-how to do this in-house, find an expert to help.
The keys to proper implementation:
STEP 4: TEST
It’s an all too common horror story: a business has a catastrophic data loss, turns to their backup system to recover the data, and only then discovers there’s a serious flaw in their backup strategy. Maybe data was backing up monthly rather than daily, or key files were being left out of regular backups entirely, or perhaps the backup hard drive itself has failed. There can be many causes, but the results are the same: your backup efforts come to nothing because you’ve failed to test your system.
As a best practice, you should test your backup solution immediately after implementation and routinely thereafter. Simulate real-world disaster scenarios, from the major (total loss of a system) to the relatively minor (accidentally erasing a single file).
Not only does regular testing help identify problems in your backup setup, it also has the benefit of training your staff to quickly and efficiently recover files in the event that it’s necessary to do so. This means that if you ever experience a real computer loss and need to restore from your backups, you’ll be prepared to do so.
STEP 5: REVIEW
Your data backup strategy will begin to be outdated almost immediately after you implement it. The reason is simple: technology advances at an incredibly rapid rate. New tools, new software, new data—each requires that you adjust your strategy.
Preparing your firm to withstand a natural disaster is about more than just backup—it’s about business continuity. How quickly can you get your firm back on its feet and when can you get back to providing quality service to your clients? An appropriate strategy must address:
Even at small firms, these aren’t simple questions with simple answers. To help guide you through each step of your business continuity plan development, the ABA Committee on Disaster Response and Preparedness has published a helpful guide: Surviving a Disaster: A Lawyer’s Guide to Disaster Planning.
The Guide includes a number of checklists firms can run through as they develop their plan, and it even includes a step-by-step sample business continuity plan as a reference point.
Joshua Poje manages the ABA Legal Technology Resource Center.
LAW PRACTICE TODAY
Micah U Buchdahl, HTMLawyers, Inc
Andrea Malone, White and Williams LLP
BOARD OF EDITORS
John D. Bowers, Fox Rothschild LLP
Margaret M. DiBianca, Young Conaway Stargatt & Taylor, LLP
Nicholas Gaffney, Infinite Public Relations, LLC
Nancy L Gimbol, Eastburn & Gray
Richard W Goldstein, Goldstein Patent Law
Katy M. Goshtasbi, Puris Image
William D Henslee, Florida A&M Univ College of Law
Allison C. Shields, Legal Ease Consulting, Inc.
Gregory H. Siskind, Siskind Susser, P.C.
Send us your feedback here.