|
Technical Tips
By Tom Snyder Ph.D.
How Small Firms Safeguard Critical Information - PART II
Information security is an issue for every business. The recent rash of viruses such as Code
Red and Nimda and disasters such as September 11th remind us that our data is subject to
loss or theft. These events also illustrate how much it can cost when information security is
not actively managed. But how do law firms, especially smaller ones with fewer resources
and possibly minimal technical support begin to manage these risks? You need to prevent 1)
unauthorized access to sensitive information and 2) loss of business critical information.
In Part I of this two part series we discussed how thoughtful password policies, use of a
secure platform, installation of a virus protection program and firewalls were the first steps in preventing unauthorized access. In Part II we will discuss preventing loss of business critical information. There are three parts to this discussion:
Causes of Data Loss:
- Worker error resulting in data corruption or deletion. This is THE most common
reason for data loss.
- Physical hard drive failure. This is rare but does happen. Across the board we see
about one drive failure per year per 500 drives.
- Malicious deletion or corruption of data either by a virus or a disgruntled employee
- Corruption of data on the hard drive due to software errors
- Disasters such as fires, earthquakes, or security incidents which destroy machines
or prevent workers from having access to their workplace
To prevent loss, even in the event of a disaster, you must back up your data AND store a
copy off-site.
Identifying which data needs to be backed up:
It's easy to back up the server, but where businesses get into trouble is in forgetting about
data that's not on the server but perhaps should be. So...
- Ensure that workers store data on the server, not on their local hard drive
- Do you have paper in your office? What happens if you have a fire? If this
concerns you, consider implementing a document scanning program. By the way, once you scan your documents they are also electronically searchable, which makes
finding specific information a lot easier.
- If you have workers with laptops it is possible to ensure automatic backup of their
files to the server. If they only come into the office every few weeks, consider
providing them with zip drives for data backup.
Backup Solutions:
While systems which back-up to spare hard drives are inexpensive to install and maintain,
they do not protect you from some sources of data loss. For example, if your building goes,
then your backups go with it.
On the other hand, business grade systems back up to magnetic tape which can easily be
stored in a safe, off-site location. In fact, there are companies which specialize in providing inexpensive daily pick-up and secure off-site storage. Cost depends on the amount of data
you have and whether you need to back up e-mail or database servers.
There are solutions available which allow you to back-up your data directly to an off-site
location over your internet connection. Unfortunately, most internet connections, even DSL
connections, are too slow to allow robust backups to be performed in this way.
And last, but not least, you must regularly test to ensure that the data you think is going to
tape can actually be restored. If you don't, the best back up system in the world won't do you
any good.
Having a good back-up program can easily pay for itself just by allowing you to recover from
those day to day problems where you change or accidentally delete a file and need to go back
to yesterday's copy. In extreme cases, it is invaluable. We know of a $30 mm company
whose entire financial database was corrupted as a result of worker error resulting in
hundreds of hours of manual recovery work.
=========================
If you have questions or concerns about your particular situation, please e-mail me at tpsynder@xantrion.com.
=========================
|
