Disasters come in many shapes and forms.
While I’ve recently talked about the need to protect your firm from disasters caused by ransomware and other cyber threats, such threats only cause about 23% of all downtime. So what causes the rest? Well according to Datto, the data backup and recovery specialists, the causes of downtime are as follows:-
26% – Internet Service Provider or local network outage
24% – Human error
23% – Ransomware
11% – Natural Disaster
9% – Outage on cloud-based software system (SaaS)
7% – Other
Datto also report that 75% of UK SMB’s have no disaster recovery plan in place, which is very alarming given the regulatory obligations of many industries, law firms included, to protect their data and their clients’ data.
But even if you do have a disaster recovery plan, it may not be enough to protect your law firm. Another finding from Datto, and one that I have seen many times myself when we first visit new clients, is that half of SMBs backup less than 60% of their data.
Many firms have a false sense of security, thinking that they have a backup and a disaster recovery plan, and yet the reality is that however good the disaster recovery plan may be, it is not going to be able to recover data that’s never been backed up.
We find that much of this boils down to firms not fully understanding their data: where it is, what it is and who is responsible for backing it up.
To compound matters, there are different types of backups too, which afford differing levels of protection from the various different threats, along with very differing recovery times and costs. For example off-site tape backup (which is still used by 50% of SMBs), may be useful where there has been an incident that has affected all onsite copies of a file or folder, but firms should be aware that the recovery time of a full system from tape backup will typically run into days and in some cases in excess of a week, which given most firms’ reliance on IT these days may not be a viable option. Equally some forms of onsite backup, such as real-time replication to a backup server, can be ineffective in certain disasters – for example a software corruption or an encryption caused by ransomware may immediately be replicated from the live server to the backup server. It is generally therefore good practice these days to ensure that you are holding at least 3 different backups of your data, stored on 2 different types of storage, and that at least 1 of those backups is stored off-site.
Regular, full testing also forms a vital part of the success of any backup and disaster recovery plan. Yet according to Datto on average SMB’s only test their contingency plans once every 3 years, so it is little wonder that many firms find that their plans are inadequate, their backup was not complete or the recovery times they had based the plan around are just no longer acceptable to the business.
At the end of the day it is vital to know whether or not your contingency plans are going to work when used in anger. So how can law firms overcome the challenge of understanding whether they actually have an effective backup and disaster recovery plan?
Well, I would recommend getting an independent disaster recovery audit of your firm’s network, including all servers and workstations, which will provide a benchmark of your current disaster recovery position and a customised, data-driven list of recommendations for improving the backup and disaster recovery of the network. It is preferable to commission such an audit from an external third party as they will have no vested interest in the system and will also bring a fresh pair of eyes to the system configuration.
I hope this article has given you some useful insight into the type of issues to be considering around risk management in relation to disaster recovery. If you have any questions, or you would like information on Epoq IT’s range of data backup, disaster recovery and independent disaster recovery assessment services for law firms, then please do not hesitate to contact me on 01494 444065 or email email@example.com when I will be happy to arrange a no obligation conference call.
This blog forms part of our series of informational resources for senior partners, practice managers and compliance officers at law firms. To read more articles please visit my blog, IT in Law Firms.
Epoq IT work with small and medium size law firms, providing consultancy, methodologies and technologies that bring clarity and give control over IT back to the business – putting the business in the driving seat of IT spend, compliance and security. For more information please visit our website http://epoq-it.co.uk/law-firms-solicitors-and-legal-services-businesses/