Backing up means you can reconstruct your data (and therefore your ability to operate) if your data is corrupted, lost, or encrypted by ransomewear
Data backup and recovery
Backup and recovery procedures protect your database against data loss and reconstruct the data, should loss occur. The reconstructing of data is achieved through media recovery, which refers to the various operations involved in restoring, rolling forward, and rolling back a backup of database files."
Source: https://docs.oracle.com/cd/B19306_01/server.102/b14220/backrec.htm
Having the backup files of data held separately (both physically and digitally) from your the main (original) data source means that if there is physical damage to it (e.g. from fire or flooding) your backup data is still available to you. By keeping it digitally separate you can also restore your data (and operations) if your firm suffers a ransomware attack (for more see: http://www.zdnet.com/article/ransomware-is-now-the-top-cybersecurity-threat-warns-kaspersky/).
Disaster Recovery Plan for Solo Practitioners and Small Law Firms (template)
This document delineates our policies and procedures for technology disaster recovery, as well as our process-level plans for recovering critical technology platforms and the telecommunications infrastructure. This document summarizes our recommended procedures
Other “disaster” resources
"Disaster recovery 101: Essentials for a plan that works" - from the American Bar Association
Data Loss Prevention (DLP) Sample Questions
The first questions to ask are:
- What DLP are you trying to achieve
- What / where is the data loss s/he is most concerned about?
The answers to those questions will guide the choice of software needed or wanted to address that primary data loss concern.
There is no magic DLP bullet, or for that matter a clear, universally-accepted understanding of what DLP is or means. For instance, monitoring exports from a DMS is a form of DLP. Typically firms do not block all exports of data (for example, email attachments) except as expressly authorized by a client.
Data encryption is a good first step; some options currently used by a few member firms include:
- Forcepoint DLP for the endpoints and network
- McAfee on the endpoints for removable media
- Symantec for removable media