Good Backup Is Good Business Continuity
Securing and protecting your firm’s data are essential. Client files, important communications, and valuable work product often exist exclusively in digital format today, and thus a major data loss could have catastrophic professional and ethical ramifications. Whether you are creating a plan for business continuity that contemplates natural disasters, fabricated disasters, pandemics, or other things that go bump in the night, set up good backup procedures so you can recover faster.
Planning
The first step in developing a data backup strategy for your firm is to analyze your current data usage. What data do you store, where do you store it, how often do you access it? Data may be spread across numerous devices and services: computers and smartphones, firm servers and cloud computing platforms, etc. Be sure to involve everyone in your firm in this exercise. You’ll probably be surprised to learn where firm employees—lawyers and staff alike—are storing valuable data. Use the opportunity to review your firm’s overall handling of sensitive data. If, for example, sensitive documents are being sent to personal email addresses so employees can work from home over the weekend, you may be facing serious security problems that need to be addressed along with the backup issues.
Once you have a firm grasp of the size and scope of the data you need to back up, you should begin developing an actual backup plan. Your backup plan should provide at least two levels of redundancy, with both data redundancy (more than one backup of any given file) and geographic redundancy (backups housed in more than one geographic location).
It’s an all-too-common horror story: A business has a catastrophic data loss, turns to its backup system to recover the data, and only then discovers there’s a serious flaw in its backup strategy. Maybe data was backing up monthly rather than daily, or key files were being left out of regular backups entirely, or perhaps the backup hard drive itself has failed. There can be many causes, but the results are the same: Your backup efforts come to nothing because you’ve failed to test your system.
As a best practice, you should test your backup solution immediately after implementation and routinely thereafter. Simulate real-world disaster scenarios, from the major (total loss of a system) to the relatively minor (accidentally erasing a single file).
File Backup
Files are the lifeblood of a firm, and it is crucial that they are backed up adequately. In a perfect world all your firm’s files would be saved in the same place. You may store files initially in one of several locations—locally on a computer, on a server, or in an online repository. Consider first how you can ensure that you actually back up your files wherever you (and your team) store them. Create a policy to describe the process for where files are stored so they can be adequately backed up. Let your team know that if they circumvent this procedure, their files could be lost and irretrievable.
Local files. If you choose to store files on the hard drive of individual computer(s), you can back up those files in several ways. Users of Microsoft Windows 10 or 11 will find ways to back up files built into the operating system. Files can be backed up to an external drive or a network location. Simply type “Backup” into the Start menu search and follow the prompts. You can choose to automatically back up files to the location you select, though if that is an external drive, it will need to remain plugged into the machine. The default backup is every hour, but click on options to change that setting. You can also include or exclude folders to include and set how long to keep the files. You can restore files through the operating system. Mac users have similar options through Time Machine.
Windows users can and should also set restore points on their machines. If you make an update or have an issue, you can often restore to a point in time where your computer was running properly.
If you have more than one computer or if you want the belt-and-suspenders approach, consider adding an additional cloud backup. Providers such as Carbonite and CrashPlan provide a wide range of support and services.
The online backup services are “cloud” services and should be well scrutinized. You will want to get the business backup plan and see if a restore disk will be shipped in case of a need to restore all your files. The business plans usually cover multiple machines as well as servers, and the prices are very reasonable.
Note that file synchronization tools such as SugarSync, OneDrive, Dropbox, etc., are not online backup. Online backup services offer encryption in transit and storage, versioning, and process automation, as well as server backup and other sophisticated functions needed by businesses.
Files on servers. If your firm has networked file servers on premises, then the servers will need to be backed up. The server may have built-in backup capabilities, including backup to RAID (redundant array of independent disks) or network-attached storage. You can also duplicate the server to the cloud via Amazon Web Services or Microsoft Azure. Or use a business backup plan from a company such as Carbonite, Barracuda, or Acronis. Make sure that there are backup logs that indicate success and test a restore. Plan for extensive growth in the number of files you will store—pick a method that will grow with your firm. If your firm uses a local document management system, such as Worldox, check with them for the best way to back up your files.
Online file storage. Your firm may store all documents in the cloud. There are a variety of ways that may be accomplished. You may be using an online document storage product such as OneDrive, Google Drive, or Citrix ShareFile. You may be using a web-based practice management application or a cloud document management system. The exact tools and software you use will vary widely depending on the size of your firm and the complexity of your electronic efforts. Work with outside companies that hold your data. You should try to keep local copies of data you store with a third party, and you should be sure the third party has its own backup strategy. Keep security at the front of your mind. Data needs to be backed up, but it also needs to be kept secure.
For more general business online documents or office suites, there are third-party tools that focus on backing up your online files. Companies such as the aforementioned Barracuda, Backupify, or Datto can help back up MS 365 or Google Workspace. For legal-specific products, you may consider whether you want all your files in one basket and synchronize the files (instead of storing them) and use a more traditional backup approach.
Databases
Whether your firm uses a server-based practice management application such as Time Matters or a cloud service such as Clio, how are you backing it up? If you are synchronizing calendars and contacts, you may have that information in a service such as MS Outlook. You may synchronize your files with local or online document storage. Some data may be synchronized with other applications such as QuickBooks. However, are these real-time, bi-directional syncs? Is the information really a mirror image?
Other information in your practice management application, from time records to phone notes, may exist only in the product. What would happen if you lost it? Explore backup options with your time/billing or practice management vendor to see how best to back up the data. Remember that the ultimate goal is recovery from a failure. You may be dismayed that some applications do not offer much more than the ability to manually export information in reports in .csv format. Ask the cloud vendors about their backup and restore procedures, including geo-redundant servers, how often data is backed up, and what are their failover methods (i.e., the process by which secondary equipment takes over when the primary equipment fails). Many cloud vendors rely on Amazon Web Services, and when it goes down, everyone is down. What recourse will the firm have?
Software and Subscriptions
What software applications are used in your firm—and thus may need to be reinstalled after a system crash or other disaster? Unless you prevent people at your firm from installing any software on their machines, you should ask them this question explicitly and document the name, manufacturer, and version/edition for all software they use, as well as the number of licenses you pay for. For older software, you may even have installation disks. If you are running outdated and unsupported mission-critical software, your only hope of recovery is a good backup and the installation disks. If you must “rebuild” after a disaster, proper documentation will give you a handle on what needs to be replaced.
Belarc Advisor provides a computer profile summary for free for an individual computer for personal use. It is very handy to have if you need to reinstall software or work with IT support. However, to manage this information for a number of computers, there are better solutions, such as BelManage, which is priced by the number of computers and servers you are seeking to monitor and provides organizational asset management including software license optimizations and server and individual machine software discovery. BelManage also identifies attached printers, IP phones, and any mobile devices attached to the network. It helps document this complex information, plus identify unlicensed, unauthorized, or obsolete software. It also identifies missing security patches and service packs, and way more. Profiles are built for Windows, Linux, and macOS.
Of course, you can also track this information in an Excel spreadsheet. The point is to have it captured and keep it updated.
Password Management
You may have heard of LastPass, KeePass, RoboForm, or 1Password to manage your personal passwords—using one of these password managers is a terrific way to generate new, complex passwords that are vaulted and recorded if you are a sole practitioner. The password for your password manager will need to be available to your successor. However, if you want to manage the passwords for the entire firm, many of these services provide “enterprise” options as well to manage passwords for all the users in the firm.
Password management is a good practice for a complete disaster recovery or business continuity plan. If people leave the firm, you can remove their user accounts and change their passwords. If you discover that firm passwords are on the dark web, you can change them for everyone. You can enforce best practices such as long, strong, unique passwords and two-factor authentication. And you will reduce the hassle of maintaining firm passwords in a spreadsheet.
You can also store software license keys in an encrypted vault in your password manager, so if you need to reinstall a piece of software via online download, you will have all the information you need to do so.
Enterprise password managers from LastPass, Keeper, Dashlane, Zoho Vault, and more help the firm administer, change, and manage passwords for the entire firm. If employees leave, the administrator can access their accounts and update their logins. Most of the enterprise password managers let users have their own “personal” vault as well.
Image Backup
You have your computer backup strategy carefully planned. Your files are backed up in three locations, your servers are in a RAID system for failover, you have all your installation disks and license numbers handy, and you have a test restore for your files scheduled on a regular basis. You are ready for the day that your hard drive fails. Or are you?
The best backup plans in the world often fail to recognize the time commitment involved in a ground-up hard drive recovery, including reinstalling the operating system, software, drivers, and files, plus customization and configuration. To speed things up, consider adding disk imaging to your backup arsenal. Disk imaging (or cloning) essentially takes a snapshot of your hard drive, including software, configuration, files, and so forth, so that you can get your computer up and running again faster.
- Third-party software. You can use a tool such as Acronis Cyber Protect, Paragon Drive Copy, or Symantec Ghost Solution Suite to create a disk image. There are some free tools, such as Macrium Reflect Free, that require a bit more technical skill.
- Windows 10 and 11 Pro. Microsoft offers disk imaging as built-in functionality in all supported versions of the Windows OS.
- macOS X 10.5 (Leopard) and up. Mac users running current versions of the operating system have cloning built in through the Time Machine feature. Mac 101 has a nice set of instructions on how to set up Time Machine to create a disk image. This tutorial also includes instructions on how to restore your hard drive from Time Machine.
Although third-party tools (and the built-in functionality of your OS) will give you the option to clone your drive to a set of DVDs, this is not practical given the huge drive capacities on today’s computers. Save the disk image to an external hard drive, and you won’t have to worry about switching disks or space limitations. An external hard drive with a terabyte capacity costs around $100. These devices are available with USB and Firewire connectors and are truly plug-and-play.
Imaging has long been used by IT departments, which are constantly deploying computers to new users or restoring crashed hard drives. But everyone who wants to keep a complete working copy of their hard drive on hand should consider adding disk imaging to their backup arsenal.
Email Backup
Google’s Gmail has made news in the past by “losing” users’ email—often years’ worth. While these outages have primarily affected the free Gmail service, even access to the paid Google Apps has occasionally been lost. More egregiously, in 2008 Charter Communications (an Internet service provider, or ISP) accidentally deleted 14,000 customers’ email accounts—and all the email messages in them. For lawyers who are using the free Gmail or other webmail services as their primary email tool for client communications, one must ask, “How are you backing that up?”
With Gmail, there are a number of options.
You can run the Gmail Offline Chrome App to maintain a local copy of Gmail. This is a useful option, letting you choose which folders you want to maintain locally. Look in Gmail Settings under “offline” to set this up.
Another option is to set up IMAP, which synchronizes your Gmail to a downloaded email client, such as the free and multi-OS compatible Thunderbird or open-source Zimbra, to keep on your server or hard drive. (Which you do back up, don’t you?)
Or you can set up POP to keep a copy of your email local, but with no synchronization.
Thunderbird works with other major webmail providers such as Yahoo or AOL, and Zimbra also has built-in aggregation. For other web-based email services, including those provided by your ISP, you can hunt around for instructions or FAQs to see your options for creating a local backup.
To back up email in MS Outlook if you are using hosted Exchange, make sure the provider keeps a backup copy. There is no straightforward way to archive a folder full of emails in MS Outlook within the product. If you want to save emails from a stand-alone installation of MS Outlook, you can save each email as HTML or a text file, or all the folders as a .pst file. However, products such as Adobe Acrobat DC and Kofax Power PDF have Outlook plug-ins that let you quickly and easily create a sortable, searchable PDF archive of email messages. You can select a folder and right-click to create a PDF portfolio of all the email messages in the folder, which can be searched, sorted, and extracted. Email attachments are also saved in the PDF as well. For management of closed matters, simple e-discovery, and archiving, this is a very useful feature.
Conclusion
Proper backup is critical to maintaining a healthy, stable, ethical law practice. Invest in its implementation appropriately. If your firm lacks the technological ability to do this in-house, find an expert to help. Your data backup strategy will begin to be outdated almost immediately after you implement it. The reason is simple: Technology advances at an incredibly rapid rate. New tools, new software, new data—each requires that you adjust your strategy.
©2022. Published in GPSolo, Vol. 39, Issue 2, March/April 2022, by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association or the copyright holder