Backups—The Rule of Three

No one likes to think about backups. Everyone assumes the backups are working and no one cares about them. At least not until you are at risk of losing data—then everyone is interested in backups and, more importantly, the restoration of data.

A regular backup of your data is an essential part of your firm’s daily and weekly routine. However, making sure that you can get your data restored from that backup is even more important.

It Only Takes One Click to Ruin Your Day

I’ve had to deal with the following scenario more often than I’d like to admit.

Imagine a small firm with about 12 attorneys. Their data is backed up by a managed service firm, but the firm has had problems with the data backup. They are not getting all of their files backed up on a regular basis, but are working on it. One employee opens an email attachment and, unbeknownst to them, downloads a program called Cyberlocker. This program searches their computer and all of the network drives for MS Office documents, PDF files, JPG files, and a variety of other types of files and encrypts the documents. All of them. This means that no one can open any of the firm’s files, move/copy them, or do anything with them without a key to unlock the files. That key is held being held for ransom and their data is in someone else’s control.

Cyberlocker is a new variety of software called ransomware. The software holds the firm’s files for ransom and they are given 36 hours to pay $350 or the equivalent in Bitcoins. If they do not, the encryption key (the key to unlock all of their files) will be destroyed. What do they do? Do they pay the ransom? If they do, will it even work? If they don’t, do they have a good backup of their data? Maybe, maybe not.

By having a backup that has been tested and regularly restored, there is no question. They restore all of their files from backup. It takes time, but no data is lost. If they don’t have a reliable backup, what does the firm do? This threat can quickly bring a firm to a stand-still.

You need to have regular, reliable, and tested backups.

“I’ve got a backup; my data is in the cloud.”

I work with a lot of attorneys that use cloud based storage—Dropbox,, Google Drive, [insert your favorite cloud-based storage option here], etc. These programs are great ways to store data and access files remotely on the web, from other computers, on smart phones, and tablets. But, you will notice that I call these storage because that is what they are—a place to store files.

While cloud-based storage does not eliminate the threat of Cyberlocker, it can reduce its impact. Most cloud-based storage programs do have the ability to revert to earlier versions, however, it is still not the same as backup. Yes, the data does exist in more than one location: on your hard drive and in the cloud. But the data is synced between the cloud and the local drive; this is just a convenient way to store data.

You still need to back up your data.

If you are not storing your data in the cloud, your data is local and your backups can be local too. Local backup may be an external hard drive, DVD, or some type of backup device like a NAS (Network Attached Storage) device. The backup does not have to be fancy—Windows users can use the Windows backup (Control Panel-Backup and Restore) or software that comes with external backup drives. For the Mac users out there, Time Machine is as easy as backups can be. When was the last time your data was backed up? Go check right now. I’ll wait…

If your data has not been backed in the last week or so, do a backup of your data now! If you cannot find your backup and, more importantly, restore data from your backup easily, you need to take care of this situation immediately. No one expects that a fire will start in their offices/homes overnight. Take a page from the Boy Scouts: be prepared.

The Rule of Three

As anyone who has lost data due to a failed backup, or been infected with something like Cyberlocker, can attest, it can happen to you when you least expect it. In order to prevent disaster, an up-to-date backup is essential. When considering backups, a good rule of thumb for any data that you do not want to lose is the Rule of Three; back up your data in three different places. The three places can be different for each firm, but there should be three. Some examples would include:

  1. Backup your data in your office—a local backup drive or another type of local backup (disk image).
  2. Use a different type of media—DVDs or a cloud-based backup system.
  3. Backup your data outside of your office—a physical backup at an alternative geographic location.

For a small office, a system might be:

  1. Data stored on the cloud is backed up to a local external drive at night.
  2. A cloud-based backup like MozyPro is backing up the same data in case the building burns down.
  3. An image of the local external drive is taken on a nightly/weekly basis and taken offsite.

Restoring your Backups

Now that your data is being backed in three places, you are good, right? Not completely. The backups are only half of the battle. The second half is the restoration of your data. Can you go to your most recent backup and restore one file from that backup? Can it be opened, accessed, and sent as an attachment? The true test of a good backup system is not the fact the data is backed up—it is that the data can be restored in a timely manner.

If you are storing your backups online is there an easy way to recover your data, or will you spend days or weeks trying to download 150GB of data (yes, it can take that long)? Can you order an external drive from your cloud-based provider? How long will it take to get up and running? Have a plan of action for the recovery of your data.

Other Backups—Email, Database, Financials and Time and Billing

When you think about backups, most people are thinking about documents, spreadsheets, presentations, and PDF files. While these documents are the lifeline of a law firm, don’t forget about backups of your email, financial system, and practice management systems as well. Do the backups of these systems allow for an easy restore of your data? What would happen if you lost access to your Quickbooks data today? Would you have a way to restore your data without any data loss? Run a test of your backup of your financial/time and billing/email/practice management system once a year. Restore your data from backup and find out if you can use it without missing a beat. You might be surprised at the amount of time it takes.

Making a Backup Plan

Having a backup plan in place is the best strategy to prevent most type of disasters, including Cyberlocker. Creating a new backup plan for your firm just takes a few quick steps:

  1. Utilize three different backups for essential data.
  2. Verify your backups to make sure they are capturing all essential files.
  3. Don’t forget to back up your financial, time and billing, and practice management systems.
  4. Test your restores frequently to make sure data can be retrieved.
  5. Sleep better at night knowing that your data is safe.

Too many firms are relying on data that is not backed up in a safe and secure way. Back up your data today so your firm will not be another victim of Cyberlocker. This type of oversight can put firm’s data at risk and will put some firms out of business. Don’t let this be you.


(Image Credit: ShutterStock)

About Pegeen Turner

Pegeen Turner
Pegeen Turner is the President of Legal Cloud Technology, a legal technology firm based in Raleigh, North Carolina. Her firm works with small and medium-sized law firms as they start-up, as well as firms that need help maintaining and integrating legal technology into their practice. In addition, she helps firms understand the risks of cloud computing and how to incorporate cloud computing into their practice. Email | Website | Twitter

Check Also

Virtual Reality

Enhanced Legality With Augmented and Virtual Reality

What would the legal consequences be if an action carried out in the virtual world had very real implications in the physical world?

  • Dani Grey

    These are fantastic tips. Even if you’re a small, local law firm, you can still enjoy the data security of larger firms. All it takes is a little research and the formation of good habits. If you don’t do those things, you may have trouble later on.