Cyber attacks are continuing to cripple organizations around the world. Law firms are particularly vulnerable to these attacks because they store valuable and confidential client data, including sensitive financial information and correspondence protected by the attorney-client privilege. This problem was highlighted in June when hackers hit DLA Piper, a prominent global law firm, causing the firm to shut down its basic operations, including email, and issue a public statement regarding the potential breach of its clients’ information.
Does the threat posed by cyber attacks spread beyond the digital walls of elite firms to smaller law practices? The data indicates yes. Not only did ransomware attacks rise 250% within the first few months of 2017, but the last year has seen such attacks cause 22% of businesses with less than 1,000 employees to stop business operations immediately, 15% of which experienced a loss in revenue.
Sheets and Crossfield, a law firm of just six attorneys in Round Rock, TX that represents city governments, noted this alarming trend and calculated that cyber attacks and the potential loss of computer access left the firm vulnerable to lost revenue between ten to fifteen thousand dollars per day, and that did not even take into account the salaries for its lawyers and support staff.
This small firm determined that the costly risks posed by unplanned and sudden downtime were too great to sit back and do nothing. Aware of the challenges posed by their limited IT knowledge, Sheets and Crossfield elected to outsource maintenance of their IT infrastructure to CTTS Inc., a Managed Service Provider (MSP). Their decision to select CTTS to handle the firm’s disaster recovery and business continuity efforts proved prescient and invaluable when the primary server Sheets and Crossfield used to store their data subsequently failed.
Specific action taken by CTTS prior to the server’s failure allowed Sheets and Crossfield to continue its business operations uninterrupted. CTTS had installed a Datto SIRIS backup device that housed four terabytes of storage space. Additionally, SIRIS continued to take “snapshots,” or records, of the firm’s data. The recovery solutions provided by SIRIS meant all of the firm’s data was securely backed up, giving Sheets and Crossfield continued access to their document management system, e-mail, contact directory and other vital components during the three days it took CTTS to resolve the firm’s IT issues.
Sheets and Crossfield’s decision to safeguard against cybersecurity risks and ensure business continuity provide valuable lessons for smaller law firms. Among the key takeaways are:
Proactive Investment In BDR Is Key
Law firms—especially those smaller in size—can not afford to wait for a major disruption, like a cyber attack or internal server failure, to invest in Backup and Disaster Recovery (BDR). Firms should invest proactively in BDR solutions, prioritizing those that serve as a safety net for applications and operating systems by providing incremental backups and allow for image based backups.
By saving nearly $45,000 in revenue—not including their administrative costs—and continuing to provide uninterrupted service to their clients during the three days that their system was down, Sheets and Crossfield reaped the benefits of proactive BDR. Clearly, the firm’s up-front investment outweighed the potential financial, operational, and reputational loss the firm would have suffered had CTTS not first installed a backup and recovery system.
Leverage External IT Support
IT infrastructure needs are continuing to evolve as cyber-attacks, equipment upgrades and other risks develop. Because smaller firms do not typically have the technical prowess or time to manage their IT needs, partnering with third-party IT service providers like an MSP can prove invaluable. Operating as remote IT managers, MSPs can unburden these smaller firms from troubleshooting outdated servers and protecting themselves against the next ransomware or malware attack to focus on representing its clients and generating revenue for the firm.
CTTS monitors the IT activity of Sheets and Crossfield at all times, so when the firm’s internal server failed, CTTS knew instantly, and immediately began working with the server manufacturer to get it back up and running, while the attorneys used the data stored on SIRIS to continue their uninterrupted work on behalf of their clients.
Today’s digital age demands that organizations operate proactively and establish appropriate measures to secure their sensitive data and safeguard it against the high costs of business interruption. Law firms in particular should be conscious of the risks that come with taking a reactive approach, because not only does it lead to reduced productivity and significant financial loss, but could also quite possibly damage the firm’s reputation beyond repair.