Securing and protecting your firm’s data is essential. Client files, important communications and valuable work product often exist exclusively in digital format today, and thus a major data loss could have catastrophic professional and ethical ramifications.
Whether you’re revisiting an existing backup strategy or seriously implementing one for the first time, we’ve put together a five-step plan to help you make sure you’re covering your bases.
Step 1: Analyze
The first step in developing a data backup strategy for your firm is to analyze your current data usage. What data do you store, where do you store it, how often do you access it, and what are the risks and costs associated with losing that data? This is a challenging endeavor in the current computing environment, as data may be spread across numerous devices and services: computers and smartphones, firm servers and cloud-computing platforms.
Be sure to involve everyone in your firm in this exercise. You’ll probably be surprised to learn where firm employees — lawyers and staff alike — are storing valuable data. Use the opportunity to review your firm’s overall handling of sensitive data. If, for example, sensitive documents are being sent to personal email addresses so employees can work from home over the weekend, you may be facing serious security problems that will need to be addressed along with the backup issues.
In the end, your backup analysis should establish:
- What electronic data your firm currently uses;
- Where that data resides, including the specific vendor/host if it’s held outside of the office;
- The approximate amount of data (e.g. 2TB); and
- The sensitivity of data, both in terms of time (for example, urgent matters) and confidentiality.
Step 2: Plan
Once you have a firm grasp of the size and scope of the data you need to back up, you should begin developing an actual backup plan. Your backup plan should provide at least two levels of redundancy, with both data redundancy (more than one backup of any given file) and geographic redundancy (backups housed in more than one geographic location).
The exact tools and software you use will vary widely depending on the size of your firm and the complexity of your electronic efforts. In general, you should:
- Focus on business-grade tools. Popular online backup tools geared toward consumers and less-sensitive consumer data may not be appropriate.
- Plan for where you’ll be, not where you are. The quantity of data you need to back up is only going to increase as time goes by.
- Work with outside companies that hold your data. You should try to keep local copies of data you store with a third party, and you should be sure the third party has its own backup strategy.
- Keep security at the front of your mind. Data needs to be backed up, but it also needs to be kept secure.
Step 3: Implement
It may seem obvious to say that the next step is to implement your plan, but this is unfortunately where many well-intentioned backup strategies fall apart. Corners are cut both in cost and time, key efforts are entrusted to people who lack technology expertise, software and hardware is installed but never properly configured, and so forth.
Keep in mind that proper backup is critical to maintaining a healthy, stable, ethical law practice, and invest in its implementation appropriately. If your firm lacks the technology know-how to do this in-house, find an expert to help.
The keys to proper implementation:
- Don’t cut corners — follow through on the plan you developed in Step 2.
- That said, stay flexible. You may discover during implementation that you missed something. This is the time to correct the error.
- If necessary, get expert help to implement your backup system correctly.
Step 4: Test
It’s an all-too-common horror story: A business has a catastrophic data loss, turns to its backup system to recover the data and only then discovers there’s a serious flaw in its backup strategy. Maybe data was backing up monthly rather than daily, or key computers were being left out of regular backups entirely, or perhaps the backup hard drive itself has failed. There can be many causes, but the results are the same: Your backup efforts come to nothing because you’ve failed to test your system.
As a best practice, you should test your backup solution immediately after implementation and routinely thereafter. Simulate real-world disaster scenarios, from the major (total loss of a system) to the relatively minor (accidentally erasing a single file).
Not only does regular testing help identify problems in your backup setup, but it also has the benefit of training your staff to quickly and efficiently recover files in the event that it’s necessary to do so. This means that if you ever experience a real computer loss and need to restore from your backups, you’ll be prepared to do so.
Be sure you:
- Test your setup immediately to be sure it’s working as intended.
- Periodically retest your systems to ensure they’re functional and data is being backed up appropriately.
- Prepare to restore data quickly in the event of data loss to minimize impact on your firm.
Step 5: Review
Your data backup strategy will begin to be outdated almost immediately after you implement it. The reason is simple: Technology advances at an incredibly rapid rate. New tools, new software, new data — each requires that you adjust your strategy.
- Conduct a full review of your strategy at least annually — more often if your setup is particularly complicated.
- Stay informed regarding changes in technology and best practices.
- Revisit your backup strategy anytime you make a significant technology investment.
Note: A version of this article originally appeared in the October 2012 issue of YourABA, a monthly e-newsletter for ABA Members.