Having helped create, implement, manage, and restore backup and disaster recovery plans for dozens of firms, the good news is that a solid backup plan is very doable; the bad news is that it’s not as simple as you may think. Here are some experience shares and reality checks.
1. Understand the value of your data.
Pretty much everything that lawyers do today is on their computers, from document creation, to document storage (including case files), matter management, scheduling, time tracking and billing, firm accounting, etc. If a firm’s data were to be wiped out, it would be really bad, therefore it’s worth ensuring the data is safe.
2. Definitely do cloud.
On premise backups (to a hard drive or NAS) don’t protect you from natural disasters or theft, and are more prone to problems due to issues with the drives. Removable media (DVD, CD, portable HD, tape, etc.) require someone to run the backups, take them off-site, etc. – this someone is often either the managing partner (who should be focused on billable work or managing the firm) or someone low on the totem pole, who may not be the best person to trust with this. Besides, its human nature to forget. Don’t worry about how long it would take to download your entire data set – if something bad enough happened that your entire server/office were wiped out, having to wait an extra few hours for your data will probably be the least of the problems.
3. Protect against all threats.
Backups aren’t simply there to protect against a fire or break-in. We have restored data hundreds of times for our clients, and server crashes, malware, and user error are much more common than fire and theft (but we’ve done and seen them all). More often than not, restores are just for a few files or folders which, to download over the internet, may only take a few minutes.
4. What needs to be backed up?
Documents and data are obvious, but what about databases (such as your Time & Billing, financials, and practice management data), applications, and maybe the individual apps that certain users may have on their PCs? Are server backups enough, or do you need to backup individual PCs as well? Keep in mind that even if everyone stores everything on the server, if a PC dies, replacing/re-formatting it can still involve several hours to re-install and re-configure all of the applications, settings, and restore any local data. If a server crashes, rebuilding it (the OS, applications, settings, etc.) may also take several hours or even a few days, until you can start restoring the data.
5. Who will manage the backups?
All backup systems (cloud, on premise, etc.) look great, but they’re only as good as their last backup. Too often we’ve seen companies who only learn that their backups haven’t been working for a few weeks or months when it’s time to restore data. Someone needs to ensure backups are running properly on a regular basis and not wait until it’s too late. Most cloud providers have disclaimers that they are NOT responsible for ensuring that backups are completed successfully. Look for a provider who will manage and monitor the backups for you and ensure they complete properly.
6. Don’t become the cloud.
While some may try to save money by making their house or their friend’s office the backup destination, our experiences with this have never been good. The applications that support this don’t work as promised, most people’s homes aren’t the best environment for copies of sensitive and privileged client data, and in the end, the restore success rate simply isn’t that great for this model (see my next comment).
7. Backing up is only half the battle.
Restores are the other (and more important) half. Make sure your backups are good, do test restores from time to time (again, something the provider should do for you). If you are doing your own encryption for the backups (also known as ‘local key’) for added security, make sure you have the password in a very safe place – without it, nobody, not even your backup provider, can decrypt the data.