As the number of cyber attacks increases, firms are increasingly at risk of a breach. Law firms hold a mass of valuable client data and funds, all of which make them a very attractive target for criminals. And it isn’t just cyber-crime that can result in data being lost or compromised. There’s the risk of physical damage to servers, lost equipment that’s not adequately protected and we’ve even heard of a situation where a junior member of staff deleted the case management server.
The reality is, at some point, your firm will be subject to a data breach – if you haven’t been already. Beyond the initial loss of data and funds, there is the risk of fines and the reputational damage which can be significant. Therefore, the plans and policies you have in place to protect your data are essential to your chances of recovery.
When looking at your breach recovery, you need to ask the following questions:
How long can you afford to be offline?
What is the cost of downtime per hour?
Can you roll back the clock?
How much data/work will be lost?
How do you action the roll back?
Has this been proven through testing?
If you can’t answer these questions, then check with your IT Department to be reassured that they have the answers and that these meet your firm’s expectations and needs. It’s vital to also test plans, to make sure that the plans and policies you have in place are fit for a real-life scenario.
When it comes to testing your plan, here are our recommendations:
• Test for ‘worst case scenario’
o An annual, all server shut down, should be the minimum test you undertake.
o A half-hearted test will not satisfy the above and it should not satisfy the business – always test for the worst case scenario.
• Include a representative test group
o Junior and senior staff should be included in testing the firm’s resilience to disruption
o Ensure the test is realistic to build confidence in your business and in your staff.
• Measure how quickly law firms return to ‘business as usual’ – and adapt if necessary
o Test how well you meet your Recovery Time Objective (RTO) – the amount of time lost that your business can potentially sustain.
o When disaster strikes, being able to easily open and find crucial documents can make the difference between a few hours in lost fees or days, as well as keeping reputations intact.
Having strong policies and plans in place isn’t just about protecting you from the ‘what if’ and it isn’t something that firms should take lightly. Increasingly, panels and clients are asking for evidence of the plans you have in place and asking firms to demonstrate their ability to prevent and recover from data breaches. Good disaster recovery provision has been a real differentiator for firms and our customers have testified to the advantage this has provided over their competition.