Data loss will happen at the worst possible time.
It will happen when you have an urgent deadline or are in the middle of that all important negotiation with your client. Maybe your laptop is stolen and your documents were saved on the desktop. Maybe your office has a fire, and files are destroyed. Or maybe your screen goes black as you realise your firm is the latest victim of a cyber attack.
What is data loss?
A data loss incident occurs when we cannot access our data from our computer system, network or backup. Generally, data loss incidents are caused by human errors or carelessness (accidental or intentional deletion of a file, overwriting, unstructured or insecure saving of documents or files; lack of maintenance or upgrade of systems and applications; dropping the computer or device or contact with water, exposure to dust or salt; opening a link from an email or SMS which gives access to malware that infects the computer or network, etc.).
However, in many cases they are also caused by the system or software errors of an application, or device failures (damage to the file by abnormal operation of the computer; a failure in the storage system configuration on the server, etc.), or even by exposure of storage equipment to adverse environmental conditions (overheating, short circuits, power system failures, etc.).all the information that you had not appropriately saved since the last backup.
Things can get even worse like in the video above where your law firm's data could be held for ransom.
Mechanical and electrical failures, damage to software, intrusions and attacks by malware and human errors, accidents and carelessness play a major role in data loss and problems accessing information. As employees use mobile devices and laptops more and more, the likelihood of data loss increases due to increases exposure to risks like loss, theft, damage, viruses and hacking.
Here are 9 important precautions your law firm can use as a checklist to minimise the risk of data loss:
1. Move to the cloud. Security is actually increased when using cloud solutions due to strict security standards that cloud providers must adhere to, in addition to the regular security audits and reporting. This means no more worrying about lost laptops with confidential data and treacherous hacking threats, or lost backup.
2. Ensure the safety of your servers. If you decide to build your own IT infrastructure, safeguarding your servers in the event of disaster, including power shortage, fire or hacking should be a priority. On the other hand, if you use a cloud solution, like Kleos, look for farms (where your servers are) that are continuously monitored 24/7, with restricted and controlled access to buildings, and protected from intrusions and accidents.
3. Backup, backup, backup. Perform backups of files, emails and databases contained on all devices and computers, in accordance to rules that have been established in your information security plan. Also install and maintain updated backup software for servers. A best practice is ensuring that any database storage and/or computer service provider is backing up on a daily basis (one bidirectional copy) or more.
Commercial grade cloud storage solutions (like OneDrive, Dropbox and iCloud) have the disadvantage of low storage capacity they provide us with, as well as the insecurity of these clouds, depending also on how we save such copy (encrypted or not) and how our account privacy and security settings are configured. To ensure that your law firm is covered, use a cloud storage solution with certification attesting to security. For example, Kleos software is not only compliant with EU privacy rules, but certified to the highers market standards (ISO 27001, SAS 70 Type II). We also encrypt backup and disaster recovery replicas on a remote site, further safeguarding you against cyber threats or data loss.
4. Before updating software, it is recommendable to create a full backup and test it, so that we can ensure that we will be able to restore the information in the event of failures. This is especially important for website updates.
5. Protect access to files with passwords and user access settings. Avoid that data gets into the wrong hands by using software that allows you to set permission levels for employees. Also, if at certain times of the year, we hire temporary staff, such employees should be provided with a temporary password with which to access files, so that we can deny access at the end of their employment at our firm
6. Take precautions with file transfer. If you're using email to transfer files you could be opening yourself up to viruses and malware. Instead, with a cloud solution like Kleos, you can set up secure file sharing between employees and external third parties. With Kleos, data transmission is encrypted with a 2048 bit PKI Certificate and certified by Norton, ensuring peace of mind that transferred securely. Furthermore, Kleos is monitored 24/7 for intrusion detection and encryption data transmission is continually monitored by Norton Symantec for vulnerability.
7. Take care of your tech. Computers, devices and storage units should be replaced at the end of their expected useful life, as using them for a longer period can lead to inaccuracies in storage, thus causing data loss. Keep the place where computers are located in appropriate environmental conditions, as instructed by the manufacturer / installer (stable temperature, humidity and cleanliness). Servers and storage array units should be physically protected from access by unauthorised personnel. What are known as "refrigerators with keys" are usually the most common method of protection.
8. Have a disaster recovery plan. The most reliable preventive measure is to subscribe to such a recovery service from the database storage and/or computer maintenance service provider, who has expertise and recovery tools that operate with a variety of methods, seeking to ensure a better recovery than we ourselves could attempt through trial and error. As a cloud provider, Kleos ensures high availability, business continuity and disaster recovery, and nightly backup to ensure data resilience in the face of any incident.
9. Promote an internal culture of responsibility in information security, with a tendency towards minimising the risks of data leakage:
- Take a note of the IMEI number of hand held devices to block and report purposes in case of loss, robbery or theft.
- Change the PIN code of hand held devices regularly; activate the lock code during short periods of non use.
- Change the password of the router and, if possible, ensure it does not contain our name or corporate signs that easily identify access to our WiFi.
- Protect access to computers and devices, as well as to all accounts in applications with strong and different passwords, also change them with relative frequency.
- Download applications only from official websites and pay close attention to authorizations and permission that we grant to downloaded applications regarding access to data contained on our devices and the potential processing of our data that we are allowing.
- Warn employees of the danger of using the firm’s files and data in connection with public and open WiFi networks, since if our connection is not encrypted, we run the serious risk of becoming victims of password or data theft.
- Provide updates on the most common cyber attacks or computer viruses, so that the whole team is fully aware that they are not to open links from SMS or emails sent from unknown accounts, or fall into temptation from offers and discounts on products that have not been purchased from entities which we have not authorized to send us commercial information (spam).
- Avoid announcing through automated messages that you are going be out of the office during the holidays and avoid posting photos on social networks from holiday destinations. This gives thieves the message that the coast is clear!
- Raise awareness about the of USB flash drives and similar of unreliable or unknown third parties. Access to our computer by malware via USB flash drives, even by what are known as key loggers, is one of the most common risks associated with USB flash drives, since they easily detect passwords used to access confidential information almost without us realising. In fact, the best advice would be to keep access to USB flash drives out of reach if the physical layout of our workstation so permits.
To minimise the risk of data loss, it is important that your law firm takes a proactive approach to when keeping data safe. Don't be the next victim of data loss! Implement secure practices for data management starting today!