Computer hardware failure and human error are still more likely the causes of data loss than flooding and other natural or man-made disasters for most Canadian law firms. Between the everyday-mundane of employees losing their personal devices, hard drives crashing, and outside hackers wreaking havoc, the protection of personal and professional information is on everyone’s minds.
And as more practices head to the cloud for synchronized file sharing (such as Dropbox and SugarSync) or software-as-a-service (SaaS) lawyering packages, keeping local backups in the event of a cataclysm at the other end becomes even more important.
Without specialized IT departments to navigate the way, small and solo firms often take a much more holistic approach to shoring up the digital integrity of client files, important communications and valuable work product.
Risk Analysis
Take a look around. Your firm’s data backup strategy must begin with a good hard examination of your data: the type (emails, case notes, schedules and billable hours, confidential marketing of the law firm, documents that pertain to the law firm's vendors and suppliers, etc.); size (in GB or TB); where it resides; its frequency of use; and the ultimate risks and costs associated with losing it.
Incorporate a portable, location-agnostic security strategy by ensuring that your plan protects your information regardless of where it’s residing. Implement a tight end-to-end chain of custody process for all data, including any backup media already in place.
Now think about which data you need to retrieve first, how fast you need to retrieve it, and how you want to retrieve it. This exercise not only helps you prioritize your data so that you don’t lose time retrieving the wrong info after an emergency, but it also gives you a good idea which storage and data recovery options are best suited for your style of practice.
For example, maybe you’d like to retrieve the data immediately using any mobile device handy to you at the time of a disaster or business interruption. This could be handy if your entire facility is destroyed, and you have no servers at the moment to which you can download the data.
And with the sudden rise in popularity of Bring Your Own Device (BYOD) policies at many small firms, don’t forget to include the valuable data likely residing on employees’ smartphones, tablets and laptops.
Redundancy is The Plan
So often you’ll hear experts talk about planning your data backup regime around particular hardware and software requirements, only to tack on the notion of making multiple copies almost as insurance. Instead, both data copy- and geographic-redundancies need to be integrally designed into your backup and recovery plan from the get-go.
This is especially true for those using blended data backup solutions and online SaaS. When the cloud “goes down,” having a physical copy that is local to you, wherever you are, is key.
Likewise, when choosing cloud providers, you should try and stick with services specifically designed for business – preferably the legal, banking and accounting industries. Many of the free consumer cloud storage solutions do not offer the level of security, or the historical (incremental) backups, required by law firms.
Take the smart approach: understand what your options are, the pros and cons of each, how each affects your security and compliance concerns, and what precisely you can expect should you ever need to actually recover your data and use it. In other words, due diligence is required.
Burning Binary
Small practices are in a unique position when it comes to adopting new backup technology. As larger enterprises struggle with over-provisioned and inefficient primary storage and server backups, smaller offices can benefit from hybrid primary storage systems to protect their valuable data. Even if you’re already heavily invested in legacy tape backup systems, there are several modern and extremely cost-effective methods worth considering.
With external USB/Firewire hard drives now costing little more than a box of DVD-Rs – yet capable of storing thousands of times the data much more reliably – small and solo firms on a tight IT budget could pick up a few multi-terabyte drives to satisfy their data and geographic redundancy needs.
Still, hard drives and their moving parts are eventually prone to failure – not exactly a trait you’re after in a backup storage solution. Solid-state drives (SSDs) use a form of non-volatile memory to store data. They offer far better performance and reliability than HDDs, but at a much higher cost per GB.
Then there’s the Purpose-Built Backup Appliance (PBBA). These are devices that combine the software and disk space needed for backups. A PBBA makes it easier for small firms to simplify the backup process, since the box auto-discovers the items on the network (or in the cloud) that need backup, and it guides you through the process of establishing backup processes and procedures. A PBBA also incorporates de-duplication software to minimize disk space.
Regardless of choice or combination, if you lack the technical know-how to properly setup a hybrid backup solution, you’re best to invest in outside expert help. Cover your ethics!
Stress Test
With your backup strategy developed, documented and communicated, it’s time to start testing it – far better to discover any kinks in the plan before you actually need it.
Try simulating everything from catastrophic total-system loss (such as during a major disaster) to partial system failure (hard drive crashes; network outages; etc.) and errant folders or files missing due to accidental user-deletion. Make sure to include both data backup and recovery in your evaluations.
You may even want to attack the system by introducing live threats and glitches to measure and refine recovery times. It’s crucial that you involve partners and co-workers, who’ll be using your plan daily, in all these steps. Only in this way will you discover the need for more user education or documentation.
Regular Maintenance
It’s easy to fall into a set-it-and-forget-it mentality. But, particularly as technology advances, backup systems must be actively monitored for changes in the data environment and for errors that need to be addressed quickly. Even a single fly in the digital ointment can spell disaster to an otherwise rock-solid backup schedule.
Small firms with dozens of interacting parts should reevaluate their data backup and recovery strategy and test its effectiveness at least quarterly, or whenever major changes are made to hardware (including BYOD), software (including versioning) or cloud services. Solo practitioners may address it semi-annually, or as new acquisitions or data workflows are made.
Jason Scott Alexander is an Ottawa-based freelance writer specializing in frontier-media and technology law topics.
HotLinks: Your Disaster 4-1-1
Public Safety Canada – Government publication provides a summary and general guidelines for business continuity planning (BCP).
CBA PracticeLink – “Not If, But When: Prepare a Disaster Recovery Plan Today (TO DO)”; an all-encompassing guide to disaster planning and business recovery.
CBA PracticeLink – “Surviving Chaos in Times of Crisis”; includes a comprehensive recovery checklist, emergency contacts list and sample computer inventory.
PracticePro – An excellent 30+ page booklet outlining many proactive and recovery steps, including important client-relations tips during an emergency.