The Law Firm’s Guide to Testing a Disaster Recovery Plan
November 17, 2016
Like all small businesses, law firms need disaster recovery plans. In fact, due to the sensitive and critical nature of the data kept by law firms, a solid, proven disaster recovery plan is even more essential for you! Don’t make the mistakes made by too many law firms — don’t simply draft what sounds like a good plan and leave it at that. Worse, don’t just get a backup system and call that disaster recovery. Here are the steps to a DR plan that actually works.
Determine What Scenarios to Prepare For
The chance of your law firm being hit by exactly the disaster scenario you draw up is about one in a million. What will happen is some drastically altered version of the situations you dreamed up during your planning sessions. Realistically, your plan should be flexible enough that you can adapt your imagined scenarios to what actually unfolds in real life.
Also, be reasonable about what disasters you plan for and test. All law firms should be prepared for the most common situations, such as fires and data breaches. But why plan for and test separately for a tornado, hurricane, flood, and severe thunderstorm? These situations are so similar that there can be one single plan to cover all of those.
Don’t worry about a disaster recovery plan for those ridiculous long shots, like planning for an earthquake in Virginia or New York. Could it happen? Yes. But testing plans is time consuming and expensive. If you’ve got a good hurricane plan, chances are it can easily be adapted to an earthquake situation, because you’ll be dealing with similar issues, such as power outages and structural damage.
Plan for Multiple Levels of Disaster
Not all disasters come in worst-case-scenario form. Thankfully! So don’t plan for only full-scale disasters. Create disaster recovery plans that address a variety of levels. For example, you can have a low-level plan for addressing a malware attack or a storm that leaves your power out temporarily. Then, develop a plan for mid-level emergencies, such as those that cause damage but are not devastating. Lastly, plan for a full-scale disaster, such as a well-orchestrated ransomware attack involving all of your data, or a hurricane or storm that causes partial or total loss of your facilities.
Levels of plans are far more easy to tailor to a specific disaster than are fully-scripted plans for individual scenarios, such as a plan only designed to address a fire or only designed to address a cyber security breach. Surprised to see security breaches in an article about disaster recovery plans? Cyber security issues are among the greatest threats to law firms and other businesses today. Learn more when you buy the book ‘Easy Prey: How to Protect Your Business From Data Breach, Cybercrime and Employee Fraud’.
Partner with a Disaster Recovery Plan Specialist
Frankly, lawyers and other small business professionals are rarely qualified to create and execute their own disaster recovery plans. There’s just so much that can go wrong if you haven’t been through it before. Just as you would recommend that your neighbor see a contract lawyer before signing an agreement, or advise your best friend from high school to talk to a divorce attorney before separating from a spouse, you should consider consulting a disaster recovery specialist before putting your business on the line.
Ready? Set? Get the disaster recovery plans you need today.
Subscribe now and stay up to date with News, Tips, Events, Cybersecurity, Cloud and Data Compliance.