Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
With expectations for an always-on law firm, significant challenges within the legal industry to maintain competitiveness and perform due practice for cybersecurity and other disaster scenarios come from both clients and regulatory bodies. A comprehensive approach with an end-to-end availability strategy is imperative to mitigate the threats of downtime. And yet, this is easier said than done.
What's Wrong with Insurance?
I've seen that in many recent legal publications, cyber insurance has been getting a lot of attention. This is perhaps due to the increased prevalence of security breaches, and it's good of legal publications to provide their audience with solutions to their pain points. However, this specific form of insurance isn't fully mature yet and, thus, policies need to be reviewed carefully. Ask what the insurance provider will cover and under what circumstances, because when your firm is experiencing a cyber event, an investment in something that won't fully benefit your firm is unnecessary.
Keep in mind that insurance should never be viewed as an all-encompassing solution for business continuity. And no single solution will ever fully protect your firm's operations. It's the same as having car insurance: Having it does not guarantee that you will drive safely, that you won't have a wreck, that you won't get injured or that you'll fully recover from any sustained injuries. It simply provides funds for the aftermath of any occurrence.
There's nothing inherently wrong with insurance. It's about taking a reactive vs. proactive approach to your firm's continuity strategy. The very definition of insurance implies action after something has happened — which isn't an adequate way of thinking when it comes to the protection of the modern law firm. To enable complete coverage of a law firm's assets and continued operation, a new approach is needed.
In order to accomplish a comprehensive availability strategy, IT teams must balance both preventative and restorative measures in threat mitigation. Every cybersecurity and IT disaster recovery (DR) solution are just pieces of the wider puzzle of a law firm's continuity — but important pieces nonetheless.
Proactivity is key for the restorative aspects, since these solutions must be reliable when called upon. For this reason, law firms should be testing their recovery processes and DR plans to ensure that when, not if, a breach occurs, they can effectively recover and remain available for clients. This approach should emphasize a well-tailored plan, inclusive of a firm's leadership.
Why 'Backups Only' Is Inadequate for Tackling Threats
Disasters aren't just tornadoes, floods and earthquakes anymore. With the ever-growing threat landscape, law firms must now plan for events beyond weather-related scenarios, such as power outages, cybersecurity incidents, human error, terrorism, etc. For this reason, these events must be fully integrated into your firm's response plan.
Traditional forms of DR such as “backups only” have always been reactive, rather than proactive in recovery scenarios — which means they just aren't fast enough to keep pace with the uptime demands of today's legal practice. Think of the time it takes to retrieve hardcopy backups from an offsite vault, identifying which ones are the most recent copies for recovery, then loading them onto your IT systems. It might be cheap, but at the end of the day, it takes too long.
The problem is that DR is often viewed as a form of insurance for something that will likely never happen, and thus does not receive the due diligence and attention it needs. This is a troubling trend to see, especially in the legal industry, where data and client retention are at the cornerstone of a law firm's vitality.
When you have clients depending upon the availability of lawyers for due representation, you can't leave your firm's operations to chance in the event of a disaster. Adding to this pressure are the growing regulations on industries for which law firms are often counseling. Auditors and insurers need to know your firm isn't the weak link. For this reason, law firms not only need robust DR plans — they must also have a way to prove the effectiveness of these plans to stakeholders. This why Disaster Recovery-as-a-Service (DRaaS) has emerged for adoption among law firms.
Why DRaaS Is Used by Law Firms
There are three types of DRaaS: 1) self-service; 2) assisted; and 3) fully managed. The difference between these aren't necessarily between the types of solutions available, but in the level of service the third-party provider gives the law firm during implementation, daily management and recovery execution.
No matter the service model, DRaaS keeps data and systems recoverable within a cloud-based environment for ongoing operations. It has shifted the realm of DR to a new perspective: it functions as a form of enablement.
Modern improvements in technology now mean that DRaaS tools can be used for so much more than just DR. Through the use of customizable solutions, DRaaS balances the preventative and restorative measures needed for a holistic approach.
Here's what DRaaS can do for law firms:
Modern legal practice demands full protection against threats, and DRaaS makes achieving this goal a reality. There's no longer a need to fret about cyber threats, human error, power outages and regional events, since DRaaS providers can empower firms with the latest technology innovations — and with pay-for-what-you-use and short-term contract options.
This means that firms can shed their on-premises hardware and opt for solutions that won't box them in for the future. Because DRaaS offers a range of options to meet technology requirements, IT departments can gain full coverage for any outdated applications with hybrid solutions, enable greater use of SaaS for efficiency, and leverage the secure, yet flexible nature of the cloud for increased accessibility in the client-lawyer relationship.
When it comes to the livelihood of your law firm, you need to have a solution you can depend on. DRaaS is a way to achieve this confidence, with flexible and comprehensive options to meet the unique characteristics and goals of your firm. Want greater security features for your current setup? No problem. Want systems recoverable within minutes-to-seconds? You got it. The trickiest part is selecting the provider, with a crowded marketplace of over 500 companies claiming they do DRaaS on one level or another.
Here are some questions to ask yourself in finding the right DRaaS provider for your law firm:
Conclusion
Basically, all of these questions get at a key takeaway: Ask hard questions and be critical of the answers. Your law firm is responsible for protecting sensitive information, so don't place your IT systems in the hands of someone who isn't invested in your success. The “insurance frame of mind” is no longer acceptable in meeting modern continuity demands, so be sure to find a provider who has unrivaled expertise and — most importantly— is proactive to the needs of your firm.
*****
Jeff Ton is executive vice president of product and service development for Bluelock, a data recovery firm.
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.
During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.
The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.
As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.