A Complete Guide to Data Backup for Law Firms
The stakes couldn’t be higher. At a time when ransomware is more destructive than ever, a single infection can threaten a legal firms’ critical operations (and its survival).
If your firm is evaluating backup options, here are some things to keep in mind.
Why data backup for law firms matters
Law firms rely heavily on data for all aspects of their operations: email, case work, billing, time- and expense-tracking and so on.
A loss of data in any one of these areas can disrupt the entire firm. And the longer it takes to restore it, the more costly the disruption becomes.
Each hour of downtime can cost attorneys tens of thousands of dollars, due to factors like operational delays, idle employees and work stoppages. In situations where the data isn’t retrievable at all, the consequences can be catastrophic.
Ransomware attackers going after law firms
Data loss is common at law firms, due to factors such as accidental deletion, hardware failure and data migration mistakes. But ransomware is especially destructive in how it encrypts large swaths of data across a network, rendering it unusable without a decryption key.
Last month, a coordinated ransomware attack simultaneously hit three U.S. law firms, sidelining more than 60 lawyers and their staffs. The hacking group behind the attack also claimed to have access to the firms’ data and threatened to release it publicly if their ransom demands weren’t met.
The same group was behind another attack on two additional law firms just a few months earlier.
A 2019 investigation found that hundreds of firms have faced similar attacks over the past five years, “ranging in size from global giants to small, 20-lawyer firms with one office.”
Backups keep your firm open
In a ransomware attack, only a comprehensive system of data backups can ensure you’ll be able to fully restore your files without paying a ransom.
Similarly, after other forms of data loss—whether it’s one file or an entire server—backups help attorneys keep their firms running with minimal disruption or downtime.
Today’s best disaster recovery solutions offer significantly higher backup capabilities than those from a few years ago, not to mention faster recovery methods. By deploying the right solutions, law firms can achieve stronger levels of business continuity, while also reducing risk.
How often should you back up?
Backup frequency is one of the most important capabilities to evaluate in a business continuity solution. While each firm has its unique continuity objectives, you need to be sure that backups can be performed often enough to minimize the loss of new data that has been created or modified since the last backup.
For most law firms, daily backups are not nearly enough: restoring a backup from the previous day would mean losing a whole day of data.
Today’s advanced backup solutions, like the Datto SIRIS, enable a backup frequency of up to every 5 minutes. This is an essential capability for firms who cannot afford to lose their data.
Additionally, unlike old-fashioned backups, a high backup frequency today doesn’t have to mean a long, time-consuming process that eats up your server resources. This brings us to our next point…
Ensuring fast, efficient backups
Incremental backups have been the standard for a while now, and they are still largely the most efficient way to back up your data. You start with a full backup, and each backup thereafter is an incremental backup containing the new or modified data.
The problem is that each new incremental is dependent on the whole chain. So if data gets corrupted at any point in the chain, the backup will fail.
Newer advancements like Datto’s Inverse Chain Technology solve this problem by removing the dependence on the chain. Each new incremental is stored in a fully constructed state. This translates to an efficient backup process that is very fast, easy on resources, and extremely resilient. That is the kind of dependability that law firms need.
How quickly can you recovery lost data?
- If someone at your firm deleted an important folder, how quickly could you restore it?
- What if ransomware infected all your computers and servers? How long would it take to recover everything?
- How much of an impact would it have on your most critical operations?
These are the questions every firm needs to ask when evaluating a data backup system. A high backup frequency is useless if you can’t recover data from those backups quickly enough.
The speed of recovery will also largely depend on two factors:
- The specific circumstances of the data-loss event (i.e. cause of the loss, amount of lost data, etc.)
- What recovery options are possible within your backup system
This is why the following consideration is so important…
How can data be recovered?
Each type of data loss requires its own unique recovery procedure. For example, a file-level recovery is essential for recovering individual files and folders, whereas a full backup restore would be needed after total data loss.
But those are just two examples. There are many other scenarios to consider, such as whether the protected devices are booting, what caused the data loss (i.e. ransomware, O/S errors, etc.), whether the protected machine is a physical or virtual server, and so on.
Attorneys need to be sure their backup system has an appropriate restore option for each situation, ensuring the fastest recovery possible.
Datto has a great disaster recovery guide that illustrates this point, identifying the various recovery methods available in its backup solutions and when to use them.
Extra protection for ransomware
As the legal services industry continues to be a target for ransomware hackers, firms need to deploy BC/DR solutions that incorporate added layers of protection.
While other defenses, such as antimalware and network firewalls, can fend off many attempts, infections can still slip through. Backups are essential for being able to restore infected data. But also, some solutions take ransomware protection a step further.
Datto’s backup solutions, for example, have a few features that can vastly mitigate the impact of a ransomware attack:
- Built-in ransomware detection: Every backup is actively scanned for signs of a ransomware footprint. If one is detected, administrators are alerted so that they can take action even sooner, before the infection has a chance to spread.
- Rapid Rollback: Datto’s Rapid Rollback is a fast recovery option that is specifically designed for ransomware infections or other situations in which widespread file changes have taken place. Rapid Rollback essentially lets you “undo” these changes, reverting the filesystem back to the state it was in prior to the changes taking place.
Beyond ransomware attacks, Rapid Rollback is also useful for restoring uninstalled software, restoring damaged files and restoring an O/S after a failed update.
Cloud backups are a must
Too many law firms are still storing their backups at their location, leaving them vulnerable to on-premise disasters such as fire or natural disasters.
Backups should be replicated to a secure cloud, so they can be accessed if on-site infrastructure has been destroyed.
For the best of both worlds, look for systems that provide hybrid cloud backups, which combine the use of an on-site backup storage device with continuous mirroring in the cloud.
The case for virtualization
Today’s best disaster recovery solutions capture a complete snapshot of your infrastructure, creating an image-based backup that can be booted as a virtual machine.
Why does that matter? Continuity.
Virtualized backups allow for the continuous operation of a protected machine. With a system like the Datto SIRIS, virtualizing the backup takes just seconds, letting you access the operating system and applications, so that you can maintain your mission-critical operations.
For added protection, look for solutions that offer off-site and hybrid backup virtualization. This will ensure that you’re able to get “back to business” right away, no matter where you are.
Don’t forget SaaS data
If your law firm uses cloud services like G Suite or Office 365, then you need to back up that data as well.
This is especially important if you’re using those services for email, file sharing and other functions that are critical to your day-to-day operations. Data loss can occur in these platforms for a number of reasons, including:
- Accidental or malicious deletion
- Ransomware or other malware infections in synced files
- Accidental account deletions / suspensions
- Mishandled data migrations
Providers like Google and Microsoft have very limited backup capabilities for instances like these that occur on the user end. This is why it’s important to deploy an independent SaaS backup solution that can replicate that cloud data to a secondary cloud or backup device.
Datto’s Backupify provides SaaS backup for G Suite, O365 and Salesforce, automatically creating backups up to three times a day, stored in the Datto Cloud.
Get the protection your firm needs
Learn more about implementing a business continuity solution that will protect your law firm against data loss, ransomware and downtime. Request a free demo of today’s advanced data backup solutions from Datto, or contact our business continuity experts at Invenio IT: call (646) 395-1170 or email success@invenioIT.com.