Confessions of a cyber conveyancer
With the new year well and truly behind us, I find us once more back to the subject that has been haunting law firms across the country for the last few months.
With dependence on technology only going one way and that’s UP, we’ve been obsessing over whether we’re taking enough steps to protect our business against the numerous threats waged against us on a daily basis.
And we’re not talking about disgruntled clients here.
Like all law firms, my number one worry is how to reduce risk, both in our cases but also our operations. As we’re 100% paper-free (apart from those pesky original documents we have to keep whilst we work on a case) my number one fear was a ransomware infection. This is the stuff that arrives unannounced, usually by someone clicking on a link in an email and then waits silently on your servers. They typically lie dormant for a few months just to make sure they are safely backed up, and when the moment is right, they encrypt all your files. Including your backups.
Which frankly, is a bit scary because, like most people, we create a lot of files.
To give an idea of the scale of the risk, I thought I’d share some statistics. We’ve been back in the office for just six days and we’ve already created nearly 15,000 documents in that time. And that doesn’t include emails – we’ve received and sent over 22,000 of those chaps.
That’s why we moved all our documents and emails to the cloud to provide us protection and to help me sleep at night. They are replicated across servers to protect against one failing and it also offers protection against infected files being uploaded in the first place.
Having finished that project, I realised I had always been a bit confused about what made a cloud solution different from a web-hosted offering. Which was the cause of yet another worry.
For example, from the day I started the business, I made sure that we stored all our client data on a secure remote web server. We bought the most expensive security certificate available and every month we spend a lot of money on the fastest and most secure webserver around. We’ve even locked down all access to that server so it can only be accessed from specific locations.
I thought that this was a fantastic solution and I had done the right thing.
So what was the problem here?
Well, fundamentally, it’s that it’s not a cloud solution in the true sense of the word. This is not an issue of semantics. What it means in reality, is that all our data is held on a single machine, and although we backup twice a day, both on that machine and to our local servers, this does not give us sufficient protection.
Why – because that database, just like a Word document, just another set of files held on a single machine. Even though that machine sits in a secure environment and uses technology such as RAID (a great acronym for Redundant Array of Independent Disks, in case you ever wondered) it is still subject to the same risks of failure and corruption as any other single machine.
Which is where many people, like ourselves, underestimate the risk.
Clearly something needed to be done about that.
Which is what we’ve been spending our time on and it’s not a trivial project. Especially if, like us, you use a portal rather than email, for sending documents to your clients, or indeed letting them send you documents, as they will be sitting on that single server. At risk of corruption or data loss.
When protecting data you must calculate the trade-off between the amount of data you are prepared to lose, versus how long it will take to restore.
Which is where things start to get a bit tricky.
We dug out an old fag packet and did a rough calculation on it to see how long it would take to restore our database onto a new server in the event of a total failure. We worked out that by the time we had built a new server, including installing all the supporting software and restored the database, with a prevailing wind, this would be several days. And we couldn’t even guarantee the integrity of that data.
We could not afford to take that risk.
That’s why we have now taken the next step and moved all our data to a cloud-based solution instead. It’s been a tricky project but one that helps us sleep easier at night.
The lesson we learned was although moving our documents and emails to the cloud was a massive step forward in protecting our business, it was just that – a single step. Once complete, we had look at the next change we had to make.
When it comes to managing risk, it is a constantly moving target.
Who said technology wasn’t loads of fun?
Peter Ambrose is the Managing Director of The Partnership