When it Comes to Your Law Firm’s Data, Possession is 9/10ths of the Law

law-firm-data-security

While consulting with attorneys who seek technology solutions that improve profitability and give insight into firm productivity and financial position, I’ve encountered surprising resistance to a wholesale move to the cloud.

Firms recognize the cloud concept as a smart business move, with security, disaster recovery and conversion of capital expenses into operating costs being a net positive. However, the entrenched reticence can be succinctly stated as “I trust a server that I can see because I need proximity to my client’s confidential data.”

While on its face this statement makes sense, it belies the truth that on-site servers are less secure and carry more risk than their counterpart in the cloud as the following anecdotes demonstrate.

A Firm Split Ends in a Missing Server

A client from the great state of Texas recently described the aftermath of an acrimonious breakup of his prior firm.

Despite best efforts to unwind a failing partnership, the issue of intellectual property ownership and control led the most aggressive partner to back his truck up to the firm’s back door and cart away the entire server.

When the remaining staff arrived at work the following Monday, they found an outline of dust where their server used to be.

While an extreme case, this true story demonstrates the core truth that hardware is fragile.  It can be moved, destroyed, stolen or simply break down.

The advantages of an enterprise class cloud server and the team of IT and security professionals who monitor and manage it 24/7 becomes a necessary protection from hardware failing or, occasionally, going missing in San Antonio.

I imagine the disgruntled partner was wearing cowboy boots and a black hat, but this has not been confirmed so far.

The Aftermath of a Law Firm that Lost their Server and Data to Katrina

Another client story with more tragic results was a firm in Mississippi that had their entire office swamped during hurricane Katrina.

Their server and backup drive were in the basement of a historic property that was pummeled by high winds and torrential rains and a blocked sewer drain resulted in their sensitive electronics being submerged.

The server was a complete loss as well as the data in the backup drive.

They reached out to us in panic mode and we helped them restore a month’s old backup that had been created during a routine support call.

Their reputation with clients was damaged and their business suffered, but they managed to hold on and stay in business.

The firm is now on Abacus Private Cloud and will never put their faith in local hardware again.

Just as the risk of fire, flood, tornado or other natural disaster necessitates property and casualty insurance, a private cloud is needed to provide business continuity insurance for a firm’s data and entire IT infrastructure.

Having a backup copy of data is not the same as being back in business.

Not availing your business of disaster recovery protection with an easily implemented and cost conscious private cloud is shortsighted at best and borderline malpractice at worst.

The Ongoing Battle with Ransomware

The final anecdote that I’ll share reflects another facet of risk management, cyber-security.

A current private cloud client of ours fell victim to a phishing attack.

An email was distributed firm wide that spoofed a communication from the firm’s IT manager and, in an ironic twist, requested that everyone visit a website to help test the firm’s secure communications.

An office administrator, with the best intentions clicked on a link in the email and downloaded cryptolocker malware that propagated throughout the firm’s network. It subsequently encrypted and locked down data on every workstation and the firm’s server.

That meant no one could access their computer except to see a ransom note demanding payment in Bitcoin with a clock ticking down to the point that the data would be destroyed.

The firm called us in a panic and we were able to restore their data AND each user’s individual desktop within 30 minutes.

I’ve read stories of hospitals and financial management firms paying hundreds of thousands of dollars to get a decryption key when victimized by these types of attacks. Instead, we could wipe our client’s breached environment, restore their last good backup in minutes and educate them on how to avoid this exploit going forward.

This is a best case scenario and reflects how a fully managed environment with multiple redundant backup systems is a core advantage of doing business in the cloud.

Let’s Put an End to Unsecured Data

There are private cloud stories from the humorous to the tragic and everywhere in between.

The common theme being that rising into the cloud provides better security, better information management, makes better economic sense, and instantly delivers global access to your “work desktop” and all the programs and data protected therein.

These days, it is not as difficult to convince an attorney that their long held beliefs in the safety associated with local hardware they can see and hear are flawed.

Clearly, the historic risks associated with a local server now outweigh the benefits because there is a better alternative.

On-site hardware exposes a firm to hackers, phishing and malware scams, ill positions the firm into a hugely inefficient, expensive, and reactive maintenance model, and puts the firm at the mercy of weather, system failures, and natural disasters.

Transitioning to the cloud elevates security, reduces capital expenditures and is the single best way to future proof a law firm.

I advise my clients to stay focused on the practice of law, and shift their IT burden to a private cloud provider that delivers a modern, virtual work-space, and the peace of mind in knowing that their clients’ data is guarded 24/7.

About The Author – Tomas Suros  

Tomas Suros Abacus Data Systems

As Chief Solutions Architect at Abacus Data Systems, Mr. Suros applies his technical, legal and business acumen to achieve workflow automation solutions for clients. He is adept at defining business, technology, financial, security and usability user requirements in the Abacus Private Cloud platform, specific to legal practice areas. Tomas has been working at Abacus for over 11 years.

Mr. Suros earned a B.A. at Tufts University and a J.D. at the University of California, Hastings College of the Law. He is a member of the State Bar of California.