Could your firm recover?
Post by Andrew Taylor |
Law firms hold a wealth of valuable client data and funds, all of which make them a very attractive target for criminals. As the number of cyber-attacks increases, firms are increasingly at risk of a breach. And it isn't just cyber-crime that can result in data being lost or compromised. There's the risk of physical damage to servers, lost equipment that's not adequately protected and even human error which could cause system disruption and failure.
The reality is, at some point, your firm is likely to experience a data breach – if it hasn't already. Beyond the initial loss of data and funds, there is the risk of fines and the reputational damage which can be significant. Therefore, the plans and policies you have in place to protect your data are essential to your chances of recovery.
But many firms erroneously believe that simply backing up documents, emails and case files is a job well done, a disaster averted, the compliance box ticked.
A well thought through disaster recovery plan that considers every possible scenario is essential and your plan needs to be robustly tested. You need to understand and be confident in how well the system stands up to threats, how people within the business respond, how you will communicate with clients and the general public, and most importantly, to check exactly what data and applications can be retrieved along with the time taken to recover.
But where do you start when it comes to testing systems to destruction? Here are our recommendations.
Test for 'worst case scenario'
An annual, all server shut down, should be the minimum test you undertake. A half-hearted test will not satisfy your clients or quality standards and it should not satisfy the business.
Include a representative test group
Junior and senior staff should be included in testing the firm's resilience to disruption and how quickly they can return to fee earning work. Run the test when it is least disruptive, but ensure the test is realistic to build confidence in your business and in your staff. Gain feedback from staff about the success and weaknesses of the test.
Measure how quickly law firms return to 'business as usual' – and adapt if necessary
Test how well you meet your Recovery Time Objective (RTO) – the amount of time lost that your business can potentially sustain. If you fail to meet your RTO, look at ways to reduce it and test again. When disaster strikes, being able to easily open and find crucial documents can make the difference between a few hours in lost fees or days, as well as keeping reputations intact.
More and more law firms are moving to a cloud environment where disaster recovery and business continuity are built in, avoiding the need to invest in, or maintain, your own off site IT disaster recovery solution. After all, having strong policies and plans in place isn't just about protecting you from the 'what if'. Increasingly, panels and clients are asking for evidence of the plans you have in place and your ability to prevent and recover from data breaches. Good disaster recovery provision is seen as a real differentiator for firms and our customers have testified to the competitive advantage this has given them.
About the Author: Andrew Taylor
With over 10 years of experience of IT infrastructure and datacentre solution management, Andrew leads the highly-skilled team of technical consultants and analysts at Converge Technology Specialists. His wealth of knowledge has proved invaluable to clients in terms of network design, harnessing ‘best of breed’ technology and creating infrastructure roadmaps that are aligned with business strategy. Operating solely in the legal sector, Andrew is well-placed to advise on the technical nuances attributed to law firms with particular expertise in application performance improvements linked to infrastructure. Often asked to speak at sector-leading events, Andrew has recently focussed on the growing threat of cybercrime and the risks posed to law firms, offering practical guidance and advice on how to mitigate against the likelihood of attack.
Converge Technology Specialists
As the only Cloud Computing Provider dedicated to UK law firms, Converge Technology Specialists have over 10 years’ experience advising law firms on how to align their IT roadmap with the firm’s overarching business strategy. Delivering a suite of hosted and managed infrastructure services, including Hosted Desktop, IaaS, DRaaS and Infrastructure Support, Converge Technology Specialists work closely with firms to facilitate key business goals including improved productivity, mitigating the risks of cyber-crime and achieving growth.