Securing and protecting your firm’s data is essential. Client files, important communications, and valuable work product often exist exclusively in digital format today, and thus a major data loss could have catastrophic professional and ethical ramifications.
Whether you’re revisiting an existing backup strategy or seriously implementing one for the first time, this five step plan will help you make sure you’re covering your bases.
Step 1: Analyze
The first step in developing a data backup strategy for your firm is to analyze your current data usage. What data do you store, where do you store it, how often do you access it, and what are the risks and costs associated with losing that data? This is a challenging endeavor in the current computing environment, as data may be spread across numerous devices and services: computers and smartphones, firm servers and cloud computing platforms, etc.
Consider why you are backing up your data. Server or hard drive failure, internet outage, ransomware infection, accidental file deletion or catastrophic weather event. Different threats mean a thorough plan to maintain business continuity. The ABA has a sample Business Continuity Plan to help you prepare for different eventualities.
Be sure to involve everyone in your firm in this exercise. You’ll probably be surprised to learn where firm employees—lawyers and staff alike—are storing valuable data. Use the opportunity to review your firm’s overall handling of sensitive data. If, for example, sensitive documents are being sent to personal email addresses so employees can work from home over the weekend, you may be facing serious security problems that will need to be addressed along with the backup issues.
In the end, your backup analysis should establish:
- What electronic data your firm currently uses;
- Where that data resides, including the specific vendor/host if it’s held outside of the office;
- The approximate amount of data (e.g. 2TB);
- The sensitivity of data, both in terms of time (i.e. urgent matters) and confidentiality.
Step 2: Plan
Once you have a firm grasp of the size and scope of the data you need to backup, you should begin developing an actual backup plan. Your backup plan should provide at least three levels of redundancy, with both data redundancy (more than one backup of any given file) and geographic redundancy (backups housed in more than one geographic location). A 3-2-1 strategy means having at least three total copies of your data, two of which are local (or quickly accessible) but on different mediums (e.g. an external hard drive in addition to your computer’s local drive, a server or NAS), and at least one copy offsite. A good way to think about this is a setup where you have data (files) on your computer, a copy of that data on a hard drive that resides somewhere not inside your computer (commonly on your desk), and another copy with a cloud backup provider.
The exact tools and software you use will vary widely depending on the size of your firm and the complexity of your electronic efforts. In general, you should:
- Focus on business-grade tools. Popular online backup tools geared towards consumers and less-sensitive consumer data may not be appropriate.
- Plan for where you’ll be, not where you are. The quantity of data you need to backup is only going to increase as time goes by.
- Work with outside companies that hold your data. You should try to keep local copies of data you store with a third-party, and you should be sure the third-party has their own backup strategy. Online files that are synchronized with your local machines are a way to have a copy but is not backup.
Keep security at the front of your mind. Data needs to be backed up, but it also needs to be kept secure.
Step 3: Implement
It may seem obvious to say that the next step is to implement your plan, but this is unfortunately where many well-intentioned backup strategies fall apart. Corners are cut both in cost and time, key efforts are entrusted to people who lack technology expertise, software and hardware is installed but never properly configured, and so forth.
Keep in mind that proper backup is critical to maintaining a healthy, stable, ethical law practice, and invest in its implementation appropriately. If your firm lacks the technology know-how to do this in-house, find an expert to help.
The keys to proper implementation:
- Don’t cut corners–follow through on the plan you developed in Step 2.
- That said, stay flexible—you may discover during implementation that you missed something. This is the time to correct the error.
- If necessary, get expert help to implement your backup system correctly.
Step 4: Test
It’s an all too common horror story: a business has a catastrophic data loss, turns to their backup system to recover the data, and only then discovers there’s a serious flaw in their backup strategy. Maybe data was backing up monthly rather than daily, or key files were being left out of regular backups entirely, or perhaps the backup hard drive itself has failed. There can be many causes, but the results are the same: your backup efforts come to nothing because you’ve failed to test your system.
As a best practice, you should test your backup solution immediately after implementation and routinely thereafter. Simulate real-world disaster scenarios, from the major (total loss of a system) to the relatively minor (accidentally erasing a single file).
Not only does regular testing help identify problems in your backup setup, it also has the benefit of training your staff to quickly and efficiently recover files in the event that it’s necessary to do so. This means that if you ever experience a real computer loss and need to restore from your backups, you’ll be prepared to do so.
- Test your setup immediately to be sure it’s working as intended.
- Periodically re-test your systems to ensure they’re functional and data is being backed up appropriately.
- Prepare to restore data quickly in the event of data loss to minimize impact on your firm.
Step 5: Review
Your data backup strategy will begin to be outdated almost immediately after you implement it. The reason is simple: technology advances at an incredibly rapid rate. New tools, new software, new data—each requires that you adjust your strategy.
Conduct a full review of your strategy at least annually—more often if your setup is particularly complicated.
Revisit your backup strategy anytime you make a significant technology investment.
Backup becomes increasingly complex as you backup multiple computers, servers and other storage.
An effective business continuity/backup plan is essential. It is also your ethical responsibility under Competence 1.1, Confidentiality 1.6 and Safekeeping 1.15. Backup is good business and can help your firm weather any storm.