Page 13

Birmingham Bar Association Bulletin Fall 2016

Information Technology Creating backup copies of client data without encrypting that data can jeopardize the confi dentiality of the information, and potentially expose the client and the fi rm to regulatory sanctions and/ or lawsuits. To avoid these risks, look for a BDR solution that encrypts backups at the time they are created and for as long as they are stored with an encryption key that is unique to your fi rm. Is actively-monitored and routinely tested Given the complexities of modern technology and the high costs associated with data loss and downtime, law fi rms need to utilize a BDR solution that is actively monitored to ensure that backups are running successfully and on schedule. In addition, fi rms should choose a BDR service that regularly tests the integrity of the backups to confi rm that they will work if and when they are needed. While threats like ransomware are very real, they can be neutralized through proper planning by your fi rm. A BDR solution that off ers the features discussed above should ensure that your fi rm’s data will always be backed up and readily accessible. G Tommy Mayfi eld, an attorney, serves as General Counsel and Director of Business Development for ShadowSafe, a technology fi rm specializing in data backup and disaster recovery for small to mid-size businesses. (Endnotes) 1 See, e.g., Joe Dysart, ‘Ransomware’ software attacks stymie law fi rms, ABA Journal (Jun. 1, 2015), http://www.abajournal.com/magazine/ article/ransomware_software_attacks_stymie_ law_fi rms; Haley Sweetland Edwards, A Devastating Type of Attack is Costing People Continued on page 27 a quality backup and disaster recovery (BDR ) solution. Unfortunately, not all backup solutions are created equal, and many fi rms have implemented BDR protocols that still leave them highly vulnerable. For fi rms seeking comprehensive protection against these threats, below are fi ve features that fi rms should look for when choosing a backup and disaster recovery solution. Backs up entire computers, not just files While creating backup copies of your electronic data fi les (e.g., Word, PDF, Excel) is critically important, a solution that only backs up those fi les cannot fully protect your fi rm from experiencing at least a full day of downtime in the event of a hardware failure. Why? Because, in addition to your fi les, your computers also contain your operating system and software applications. If your server fails and all you have is a fi le-based backup, you will have to manually reinstall and reconfi gure your operating system and applications before you can regain full functionality, a process that almost always take at least a full day to perform. To ensure that your fi rm will never experience more than a few hours of downtime, look for a solution that creates complete copies of everything that is on your computers, not just your fi les. Keeps a full year’s worth of daily backups both onsite and offsite While off site (i.e. cloud) backup solutions are becoming increasingly common, many lawyers don’t realize that trying to download large amounts of data from a cloud backup solution can take days, even with the fastest internet connection available. If your fi rm only has an off site backup, you will not be able to recover quickly from a hardware failure or ransomware attack. On the other hand, if your fi rm only has an onsite backup, you will not be able to recover from a catastrophic event such as a fi re or fl ood, since the onsite backups would be destroyed along with the rest of your offi ce’s computers. Look for a solution that keeps 365 days’ worth of daily backups and stores those backups both at your offi ce and at multiple off site facilities. Runs automatically and without interruption to normal operations Any BDR solution that isn’t automated is virtually guaranteed to fail over time. Employees tasked with creating manual backups take vacations, go on medical leave, or simply forget. Look for a solution that does not require your staff to do (or refrain from doing) anything in order for backups to run successfully. Encrypts all backups Th e 2012 amendments to the ABA Model Rules highlighted the need for lawyers to protect and preserve the confi dentiality of clients’ electronic data.7 In addition to this ethical obligation, fi rms performing work for fi nancial institutions, schools, and healthcare organizations may also be subject to additional statutory security requirements imposed by Sarbanes-Oxley, FERPA, and HIPPA. Birmingham Bar Bulletin/ Fall 2016 13


Birmingham Bar Association Bulletin Fall 2016
To see the actual publication please follow the link above