Lex Mundi Core Standards and Recommended Practices
      Back to home
      1. Knowledge Base
      2. Cybersecurity
      3. Lex Mundi Core Standards and Recommended Practices

      Business continuity, backup and restoration

      Backing up means you can reconstruct your data (and therefore your ability to operate) if your data is corrupted, lost, or encrypted by ransomewear

      Data backup and recovery

      Backup and recovery procedures protect your database against data loss and reconstruct the data, should loss occur. The reconstructing of data is achieved through media recovery, which refers to the various operations involved in restoring, rolling forward, and rolling back a backup of database files."

      Source: https://docs.oracle.com/cd/B19306_01/server.102/b14220/backrec.htm

      Having the backup files of data held separately (both physically and digitally) from your the main (original) data source means that if there is physical damage to it (e.g. from fire or flooding) your backup data is still available to you. By keeping it digitally separate you can also restore your data (and operations) if your firm suffers a ransomware attack (for more see: http://www.zdnet.com/article/ransomware-is-now-the-top-cybersecurity-threat-warns-kaspersky/).

      Disaster Recovery Plan for Solo Practitioners and Small Law Firms (template)

      This document delineates our policies and procedures for technology disaster recovery, as well as our process-level plans for recovering critical technology platforms and the telecommunications infrastructure. This document summarizes our recommended procedures

      https://images.template.net/wp-content/uploads/2016/01/10100143/Disaster-Recovery-Plan-for-Solo-Practitioners-and-Small-Law-Firms-PDF-Free-Download.pdf

      Other “disaster” resources

      "Disaster recovery 101: Essentials for a plan that works" - from the American Bar Association

      https://www.americanbar.org/news/abanews/publications/youraba/2018/april-2018/business-continuity-plans-help-law-firms-prepare-for-and-recover/

      Data Loss Prevention (DLP) Sample Questions
      The first questions to ask are:

      1. What DLP are you trying to achieve
      2. What / where is the data loss s/he is most concerned about?

      The answers to those questions will guide the choice of software needed or wanted to address that primary data loss concern.

      There is no magic DLP bullet, or for that matter a clear, universally-accepted understanding of what DLP is or means.  For instance, monitoring exports from a DMS is a form of DLP.  Typically firms do not block all exports of data (for example, email attachments) except as expressly authorized by a client.

      Data encryption is a good first step; some options currently used by a few member firms include:

      1. Forcepoint DLP for the endpoints and network
      2. McAfee on the endpoints for removable media
      3. Symantec for removable media