340 likes | 363 Views
Learn how to prepare your law firm for disasters, including crafting a business continuity plan, adequate insurance coverage, and computer security practices. Assess your vulnerabilities and establish policies and training to enhance your firm's security posture.
E N D
Disaster Preparedness: Getting Your House In Order AND Preparing Your Attorneys Panelists: David Nguyen Catherine Sanders Reach David Bienvenu
Today’s Agenda • Preparing For Disaster • Getting Back Up and Running After a Disaster • Helping Lawyers (LRIS panelists) and the Public After a Disaster
Failing to Plan = Planning to Fail
States and U.S. Territories Requiring Disaster Legal Services July 24, 2006 – June 2, 2011
Planning For Disaster • Crafting a business continuity plan • What is your mission? • Gather information • Vendors, insurance, real estate/landlord • Staff, panelists, clients • Document processes, people • Risk management • What are vulnerabilities that can be mitigated
Mitigate Risks • Adequate insurance • Computer backups • Computer security
Adequate Insurance Coverage • Property insurance • Contents insurance, including extra riders • Commercial general liability • Third-party bodily injury or property damage • Business interruption insurance; • Crimes coverage; and • Disability, life, or other appropriate personal coverage.
Property: Identify, Protect And Insure • Create a detailed inventory of ALL office contents • Consider pictures or video • Get proper insurance coverage • Make your office safer • Have plan for an alternative office
Review and Evaluate the Adequacy of Your Coverage • Review policy limits, stipulations, exclusion clauses • Are consequential losses are covered? (likely are not) • Consider the following coverage options • Replacement value • Valuable papers coverage, including cost to recreate files
Adequacy of Your Coverage (cont.) • Loss of income • All risks, including flood and earthquake • Cleaning/restoration costs • Payment of interim rent • Sprinkler/water damage and • Personal items (review if your homeowner's coverage covers these items).
What To Backup • Servers • Laptops • Desktops • Smartphones • SaaS
Backup Best Practices • Do full backups • Do backups daily • Review the backup log • Make sure open files are being backed up • Regularly do test restores • Identify offsite storage location • Backup also co-location?
Backup Best Practices • Keep all software license numbers and installation discs • Use Belarc Advisor to take snapshot of harddrives • Create a disc image • Native in Win7, MacOS X 10.4 and up • Acronis TrueImage, Norton Ghost, ShadowProtect
Backup Media Options • CD-RW: low capacity, fair speed, med cost, not automatic • DVD: med capacity and cost, not automatic, many formats!!! • Tape: high capacity, slow speed, fair cost, automatic • Portable hard drive: high capacity, fast, low cost, automatic
Backup Best Practices • Rotate and keep generations of media • Replace tapes regularly • Create written instructions for restoring
Online Backup • Home versus Business versions • Examples: Carbonite home or business • Good option for files • Storage gets expensive • Only backup active files? • Make sure backups are working properly
Assessing SaaS • Who can access data? • Is there co-location and where? • Business continuity plan • Is data encrypted (strong) in transit and at rest • What is the privacy policy, TOS • Corporate maturity (freemium?)
Assessing SaaS • Are there offline options • Service level agreement • Export/Data migration
Threats from Without • Hackers, script kiddies • Viruses, worms, Trojan horses • Storage of data offsite – ASP’s • Harden the system to reduce vulnerabilities – no wireless networks!! • Firewalls, A/V software • Good passwords, Δ’d frequently
Threats from Within • FBI/CSI reported 70% of all attacks on a network occur via the Internet, but • 75% of all dollar losses come from internal intrusions • Gartner Research estimates that 90% of all security breaches will originate inside companies • We have the most to fear from those already inside the moat….
Policies and Training • Develop a security attitude • Understand that restrictions and rules are for the safety of the firm and the firm’s clients • Stress security practices the same way you would with a child – “Stranger, Danger!” • Your firm is your castle – lock the doors, bar the windows, and dig a moat
Policies and Training • What security policies should be in place? • Computer acceptable use policy • Email use policy • Internet use policy • Social media use policy • Other useful, related policies • Employee privacy policy • Email/document retention policy
Policies and Training • Make policies available • Shared network drive • Intranet • Enforcement • Review and signed at least annually • Training sessions to reinforce understanding • Make FAQ available • Repercussions for non-compliance?
Assess Your Vulnerabilities • Some vulnerabilities can be minimized or eliminated • Vulnerabilities worksheet at www.practicepro.ca/disasterrecovery
Recovering from Disaster • Human life and safety come first • Review disaster recovery file and implement your plan • Report to authorities • Rescue critical records/valuable property • Mobilize emergency response person/team • Make maximum withdrawal from ATM • Move to the recovery process
Lessons Learned: Recovering from Disaster • Location • Displaced from: • Office • City • How has it affected other services? • Are you ready to relocate/work remotely?
Lessons Learned: Recovering from Disaster • Communication • Getting the word our to staff, panelists, clients • Phone list • Alternates • Text/SMS • Web forums (Quick Topic) • Social media (Twitter, FB) • Website/blog
Lessons Learned: Recovering from Disaster • Restoration • Prioritization • What is your mission? • Follow the business continuity plan
Legal Help After a Disaster • Helping Lawyers (LRIS panelists) • ABA resources • State bar resources • Small Business Administration • Helping the Public • ABA YLD DLS