According to a recent report from IT security provider LogicForce, hacking attempts were made on over 200 U.S. law firms between 2016 and 2017, 40 per cent of which didn’t even know that they had been breached.
Regardless of size, your law firm has valuable, sensitive information that cybercriminals want to get their hand on. Law firms are subject to strengthened confidentiality obligations, professional secrecy and third party data protection, which should lead to better efforts to prevent and avoid data loss. However, in the same report, 95% of assessments conducted by LogicForce found firms are not compliant with their data governance and cybersecurity policies. And, to make matters worse, 100% of those firms are not compliant with their client’s policy standards!
So why do we still think that our databases are not so valuable and that our companies’ confidential information is not at risk?
The consequences of data loss
Depending on the type of data loss that occurs, the consequences can range from complete paralysis, thereby endangering the firm's continuity, to significant reputation damage to significant losses in the event of claims by third parties, as well as fines and penalties resulting from not applying due diligence to protect it.
Average cyber attacks and everyday data breaches are less talked about but can potentially be equally devastating: intellectual property and commercially sensitive information can be very attractive to hackers and, if stolen or lost by insecure user behaviour, can cost quite a lot to your clients in terms of ideas loss and innovation cannibalism.
But external attacks are not the only threat: according to Legaltech News, “80% of the intrusions we see are the results of employee carelessness”. NetWatcher recently published an interesting analysis on the top causes of data loss in both companies and law firms: user behaviour and internal poor security hygiene are among the top internal security pain points.
To prevent data loss from happening, law firms need to reduce risks but what if it happens anyway?
If your law firm does fall victim to data loss here are are some tips:
- Keep calm. This may seem like a very "Zen" recommendation, but the fact of the matter is that we are not aware of how much time we can waste when we get nervous and stop functioning. It is better to move on to the next step.
- Assess the real situation. If possible, we should try to find out what happened, what the possible cause of data loss was, and ensure that we have updated backups and information recovery protocols.
- Do not insert anything into the hard disk on which you want to recover a lost file. It may not have been physically erased and recovery software could find it again, but if we create and save new files, there is a strong likelihood that we will overwrite it, which will make it impossible to recover.
- Start the emergency data recovery protocol as planned!
The importance of back-up and recovery
Ensuring you have a functioning recovery tool is the only way you're going to be able to get back to business quickly. There are many on the market, both for sale and free of charge. However, as each one has its own method, they do not all have the same ability to recover the exact data that we have lost in our specific case, which will lead us to hours of trial and error to try to figure out how they work.
If possible, outsourcing such services or subscribing to data storage with a solid system that ensures a high recovery rate is always the most recommendable action to take.
Companies specialising in database hosting services and recovery methods are able to extract again data from laptop hard drives; information stored on databases that remain on networked file servers; server data; files hosted inside virtual disk containers; data stored in the cloud, etc. These companies usually manage priorities by retrieving data locally and remotely, offering uninterrupted technical service which undoubtedly always takes into account the fact that the situation of relational systems and databases is very fragile and, therefore, that they require the firm support of a comprehensive and proven backup plan, through which they themselves usually support us.
Given this scenario, having storage, management, protection and data recovery service provider affords us numerous advantages in minimizing the risks indicated, since, in addition:
- They ensure preparation and monitoring of information security protocols and proper functioning of backups.
- They have data recovery specialists that may be identified in the plan for the recovery of company data and business continuity.
- They review and advise on the terms of the agreement entered into with the provider which are related to data recovery, their formats, destruction of copies; potential liabilities for data loss, etc.
In any case, and I could not finish off on any other note than by pointing out that absolute security does not exist: no data loss prevention system is perfect. However, with the right measures, we can, and should, minimise the risk of exposure to the information we manage.