FEATURE

Preparing for a Disaster: Data Backup and Beyond

By Joshua Poje

There has been no shortage of disaster coverage in the news over the last few years, from flooding to theft to wildfires.  While the coverage of these events understandably focuses on the human toll, such disasters also do severe and lasting damage to the businesses in their path—law firms included.

A disaster can drive lawyers out of a firm’s office, prevent access to critical client files, disrupt communications inside and outside of the firm, and ultimately put time-sensitive matters at risk. To safeguard the firm, and more importantly its clients, lawyers must plan for disasters well in advance to mitigate the impact when and if they occur.

Unfortunately, many firms have neglected to prepare a true disaster recovery or business continuity plan. According to the 2012 Legal Technology Survey Report, only 61 percent of respondents reported that their firm has such a plan.  That number drops to 57 percent at small firms with two to nine attorneys and to just 50 percent among solo practitioners. 

While a comprehensive disaster recovery and business continuity plan has many facets, one of the keys in this digital age is securing and protecting the firm’s data. Client files, important communications, and valuable work product often exist exclusively in digital format today, and a major data loss brought on by a natural or man-made disaster could have catastrophic professional and ethical ramifications.

If you’re ready to begin your firms’ planning process or to revitalize an existing plan, data backup is a good place to start.  We’ve put together a five-step plan to help you make sure you’re covering your bases:

STEP 1: ANALYZE

The first step in developing a data backup strategy for your firm is to analyze your current data usage. What data do you store, where do you store it, how often do you access it, and what are the risks and costs associated with losing that data? This is a challenging endeavor in the current computing environment, as data may be spread across numerous devices and services: computers and smartphones, firm servers and cloud computing platforms, etc.

Be sure to involve everyone in your firm in this exercise. You’ll probably be surprised to learn where firm employees—lawyers and staff alike—are storing valuable data.  Use the opportunity to review your firm’s overall handling of sensitive data.  If, for example, sensitive documents are being sent to personal email addresses so employees can work from home over the weekend, you may be facing serious security problems that will need to be addressed along with the backup issues.

In the end, your backup analysis should establish:

• What electronic data your firm currently uses;
• Where that data resides, including the specific vendor/host if it’s held outside of the office;
• The approximate amount of data (e.g. 2TB);
• The sensitivity of data, both in terms of time (i.e. urgent matters) and confidentiality.

STEP 2: PLAN

Once you have a firm grasp of the size and scope of the data you need to backup, you should begin developing an actual backup plan.  Your backup plan should provide at least two levels of redundancy, with both data redundancy (more than one backup of any given file) and geographic redundancy (backups in more than one geographic location). 

The exact tools and software you use will vary widely depending on the size of your firm and the complexity of your electronic efforts.  In general, you should:

• Focus on business-grade tools. Popular online backup tools geared towards consumers and less-sensitive consumer data may not be appropriate.
• Plan for where you’ll be, not where you are.  The quantity of data you need to backup is only going to increase as time goes by.
•  Work with outside companies that hold your data. You should try to keep local copies of data you store with a third party, and you should be sure the third party has their own backup strategy.
• Keep security at the front of your mind.  Data needs to be backed up, but it also needs to be kept secure.

STEP 3: IMPLEMENT

It may seem obvious to say that the next step is to implement your plan, but this is unfortunately where many well-intentioned backup strategies fall apart.  Corners are cut both in cost and time, key efforts are entrusted to people who lack technology expertise, software and hardware is installed but never properly configured, and so forth.

Keep in mind that proper backup is critical to maintaining a healthy, stable, ethical law practice, and invest in its implementation appropriately.  If your firm lacks the technology know-how to do this in-house, find an expert to help. 

The keys to proper implementation:

• Don’t cut corners—follow through on the plan you developed in Step 2.
• That said, stay flexible—you may discover during implementation that you missed something. This is the time to correct the error.
• If necessary, get expert help to implement your backup system correctly.

STEP 4: TEST

It’s an all too common horror story: a business has a catastrophic data loss, turns to their backup system to recover the data, and only then discovers there’s a serious flaw in their backup strategy.  Maybe data was backing up monthly rather than daily, or key files were being left out of regular backups entirely, or perhaps the backup hard drive itself has failed.   There can be many causes, but the results are the same: your backup efforts come to nothing because you’ve failed to test your system.

As a best practice, you should test your backup solution immediately after implementation and routinely thereafter.  Simulate real-world disaster scenarios, from the major (total loss of a system) to the relatively minor (accidentally erasing a single file).

Not only does regular testing help identify problems in your backup setup, it also has the benefit of training your staff to quickly and efficiently recover files in the event that it’s necessary to do so.  This means that if you ever experience a real computer loss and need to restore from your backups, you’ll be prepared to do so.

• Test your setup immediately to be sure it’s working as intended.
• Periodically re-test your systems to ensure they’re functional and data is being backed up appropriately.
• Prepare to restore data quickly in the event of data loss to minimize impact on your firm.

STEP 5: REVIEW

Your data backup strategy will begin to be outdated almost immediately after you implement it. The reason is simple: technology advances at an incredibly rapid rate.  New tools, new software, new data—each requires that you adjust your strategy.

• Conduct a full review of your strategy at least annually—more often if your setup is particularly complicated.
• Revisit your backup strategy anytime you make a significant technology investment.

BEYOND BACKUP

Preparing your firm to withstand a natural disaster is about more than just backup—it’s about business continuity.  How quickly can you get your firm back on its feet and when can you get back to providing quality service to your clients?  An appropriate strategy must address:

• How you’ll continue key business functions throughout the disruption;
• Who will take lead in executing your firm’s continuity plan in the event of a disaster;
• Which assets (data, software, records, staff) will be needed and how will they be brought together;
• How the firm’s lawyers and staff  will communicate with one another, with clients, and with the courts;
• How you’ll re-establish normal practices at the conclusion of the disaster.

Even at small firms, these aren’t simple questions with simple answers.  To help guide you through each step of your business continuity plan development, the ABA Committee on Disaster Response and Preparedness has published a helpful guide: Surviving a Disaster: A Lawyer’s Guide to Disaster Planning.

The Guide includes a number of checklists firms can run through as they develop their plan, and it even includes a step-by-step sample business continuity plan as a reference point.

Joshua Poje manages the ABA Legal Technology Resource Center. 

Download Article | Table of Contents

TELECONFERENCES & MEETINGS

Don't Run Your Office Without It: The Guide to Essential Law Firm Policies LPM members save $90  April 18, 2013       Think Digital: Delivering Legal Services with Technology May 7, 2013       iPad for Litigators LPM members save $100  May 23, 2013

LPM BOOK SPOTLIGHT

PODCASTS
	THE DIGITAL EDGE: LAWYERS AND TECHNOLOGY 66th Edition - Big Data for Lawyers By Jim Calloway and Sharon Nelson

LAW PRACTICE MAGAZINE

Law Practice is the leading magazine on the business of practicing law. Published six times per year, it offers insightful advice and practical tips on marketing, management, technology and finance. Current Issue Subscribe now for only $64 $50 for ABA members (includes membership) Download the Mobile App

LAW PRACTICE TODAY

EDITOR-IN-CHIEF

Micah U Buchdahl, HTMLawyers, Inc

ASSOCIATE EDITOR

Andrea Malone, White and Williams LLP

BOARD OF EDITORS

John D. Bowers, Fox Rothschild LLP

Barbara H. Brown, Meagher & Geer PLLP

Margaret M. DiBianca, Young Conaway Stargatt & Taylor, LLP

Rodney Dowell, Lawyers Concerned for Lawyers, Inc.

Nicholas Gaffney, Infinite Public Relations, LLC

Nancy L Gimbol, Eastburn & Gray

Richard W Goldstein, Goldstein Patent Law

Katy M. Goshtasbi, Puris Image

Elizabeth Henslee

William D Henslee, Florida A&M Univ College of Law

George E. Leloudis, Woods Rogers PLC

Allison C. Shields, Legal Ease Consulting, Inc.

Gregory H. Siskind, Siskind Susser, P.C.

Ben Stevens, The Stevens Firm, P.A. Family Law Center

Send us your feedback here.