Cyber-attacks have been vexing law firms over the past few years: According to the 2019 ABA Cybersecurity Tech Report, 26 percent of law firms experienced a form of data breach, while the UK’s SRA believes about 75 percent of firms have been hit. But the threat to law firms extends beyond that, with incidents like power outages, equipment failures, terrorist attacks and natural disasters threatening infrastructure and sensitive data. Leaders say a comprehensive disaster recovery plan requires both hardware competency and a sharp level of alertness.
WHAT KIND OF DISASTER RECOVERY PLAN DOES YOUR FIRM HAVE TO MINIMISE DISRUPTION AND PROVIDE A ROADMAP FOR RETURNING TO BUSINESS AS USUAL?
RAKESH KIRPALANI, chief technology officer and dispute resolution & information technology director, Drew & Napier
Our firm’s IT hardware servers are housed in a 24/7 air-conditioned server room on our office premise, with electrical power supplied via an Uninterruptible Power Supply (UPS) system so that they can still function in the event of any power outages.
Critical data is routinely backed up to tapes and sent to an offsite storage facility on a regular basis and can be readily available for us to retrieve and restore should there be a need to. The backup process is closely monitored by our system administrators to ensure that the jobs are always running, and any issues can be identified and resolved as soon as possible so that our data can continue to be backed up in a timely manner.
In the event of a disaster that impacts any or all of our on-premise hardware systems, IT will review the impact and determine the level of data restoration to the affected systems required from our data backups. Full restoration of all critical systems is estimated to require up to 48 hours.
Furthermore, our email and file transfer services are hosted on the cloud (Microsoft 365), which will enable our communication with our clients and internal staff to be able to continue as usual while our on-premise systems are being restored.
Since our users are using Citrix virtual workstations, once the systems are restored, we can start working remotely at full capacity should our office premises remain off-limits due to restoration works.
RYAN LOH, partner, Rajah & Tann
The ability to deliver services to our clients even in times of disruption is a priority at Rajah & Tann Singapore. The firm has put in place a robust business continuity plan to manage the risks of damage to our primary service infrastructure and business data. Should a disaster-type event occur, a comprehensive set of protocols and processes will be followed to identify areas that have been compromised and swiftly recover from the disturbance. This includes notifying key personnel, clients and third parties, as well as the transfer of our business applications and data to a secure secondary data centre.
In this regard, our firm maintains offsite “secondary” disaster recovery data centres which are secure and complemented by state-of-the-art data storage facilities and cloud backup services. These data centres are regularly tested to warrant their functionality and reliability in the event of a disaster.
As threats to business data and infrastructure intensify, our firm is committed to refreshing and reinforcing our knowledge of and response to these events to ensure that our stakeholders remain protected.
SKY YANG, partner, Bae, Kim & Lee
We at BKL clearly understand the importance of cybersecurity throughout our entire system and operation. As a part of our Business Continuity Planning (BCP) effort, BKL prepared redundant systems to protect all of our physical equipment and systems against various types or levels of cyber-attack and has both backup generators for power outages and UPS. Our BCP gets verified through ISO27001 audits and disaster recovery trainings once a year.
In addition, in case of an emergency where our headquarters is shut down, a secondary backup is installed off-site. We are doing our best to avoid and counteract both online and physical threats and vulnerabilities, by proactively taking preventive measures.