Disaster Recovery Basics for Law Firms

March 27, 2017

Disaster recovery is a bit of a buzzword in the IT landscape these days. With most companies running leaner, and more and more opting for cloud-based solutions and virtualization, the IT โ€˜departmentโ€™ has gone the way of the Dodo. The dedication, the skill-sets and the understanding of our powerful computing tools are still needed, but not nearly as often. Most times, in fact, what we need can be supplied by a software solution, requiring only minimal human intervention on our part. Before you take this advice to heart, though, the basics of your security and disaster recovery protocols must be in place so that if any kind of disaster strikes โ€“ whether through a massive power outage, or if the entire building burns to the ground โ€“ you can get the information you need to make decisions quickly and get back up and running in a minimum of time.

 

In Disaster Recovery One Size Does Not Fit All

Each individual firm must define their own needs for protection. What makes sense for the large litigation office may not for a smaller firm. For a small office, a single daily backup may be sufficient, but in a more complex scenario with highly sensitive data, the needs may be much greater. In the latter case, with so much at stake, backing up every hour may be more prudent, but it all depends on the volume of data being created, how often it is being updated, and what systems need to be protected.

 

Disaster Recovery Basics

The various disaster recovery tools you employ should offer some flexibility in defining your protocols. One hard and fast rule of backing up is the 3-2-1 rule: three copies of the backup should be made on two different media, and one copy stored in a separate location. This could be defined as a physical server backup, a cloud server backup, and a disc that is stored in a safe off-site. That way, all of your critical files are protected from any happenstance, and can be restored from any of the three backups that are available when and if you need them.

Next, you must determine two things: your recovery time objective (RTO), in which you must determine the amount of time that you can reasonably continue to operate without unacceptable consequences. For firms that process and disseminate a large volume of data, the RTO tolerance will likely be very low. The recovery point objective (RPO) is the amount of time you can operate before the data lost begins to seriously impact your operations.

 

Tools of the Disaster Recovery Trade: Managing by Exception

When devising your disaster recovery plan and putting the appropriate tools in place, efficiency and expediency is the name of the game. Consider the following:

 

  • Is your DR solution flexible enough to allow you to stipulate different thresholds for your various systems?
  • How is your IT staff alerted to the protection status? Do they access this data via a dashboard, and if so, does it allow them a quick snapshot or do they have to log in and go digging for the information or backups they need?
  • Does your DR system notify you when your protection falls outside of your established protocols, RTO or RPO? Or are you limited to non-specific status alerts, such as a simple statement telling you that your backup failed?
  • Does your DR solution integrate with your current systems, giving you an overview of all of your IT monitoring and management tools?

 

If you can answer these questions positively, you are in a much better position to successfully self-manage your disaster recovery protocol.

Whether you use an outside consultancy, or have in-house IT personnel, keep in mind that time is a commodity for them as much as it is for you. Having clear systems in place and dedicated people to maintain them is key. Without somebody to tend to the most basic functions, you can have every possible system in place and it may still fail.

In order to make a self-managed approach workable, your IT team needs to examine what solutions are available, and determine whether they allow the ability to specify the tolerance thresholds that you need to maintain business continuity. The establishment of these parameters combined with alerts and notifications will contribute to your ability to manage operations and protect your vital systems and data more effectively, freeing up a valuable commodity in the process โ€“ time. And as we all know, time is money.