Fire proof cabinets, safe deposit boxes, dead bolts, and registered mail (to name a few) were the tools lawyers formerly used to protect their critical data, but in the computer age new tools are needed. Tape backups, uninterruptible power supplies (UPS), anti-virus software, and firewalls are just a few of the many tools that law firms are implementing to protect their critical data today. In this installment of my Tech Tips column, I intend to provide you with a brief overview of the tools, their uses and why you need to deploy them.

The first tool that you need to deploy is a digital tape backup system. A tape backup system is designed to restore critical data in the event of data corruption (i.e. when your time/billing data is corrupted by a system crash during monthly billing), hard drive failure (more common than you think) or some catastrophic loss (i.e. fire or flood). It is my experience that many firms balk at the cost (ranging from $600 to $2,000 for most Vermont firms). Some try to get by saving documents to floppy disk. Others use a CD-RW, zip, jazz or second hard drive. Any of these alternative solutions, when combined with due diligence and good fortune, can work but none are designed for the job and each have significant liabilities that you typically do not recognize until after the fact. The best solution, even for the smallest law firms, is a digital tape backup solution set up to automatically backup all of your data each night with a proper tape rotation schedule, provision for storage of some of the tapes offsite and centralized data storage on a single hard drive.

These last four points are particularly critical. First, by automating the backups you reduce the possibility of human error, making it unlikely you will miss a day. Second, by implementing a proper tape rotation schedule, you generally are assured of having a backup for each of the previous five working days as well as one for the previous month. This minimizes losses in case of a bad tape or failure to catch an error immediately (i.e. failing to recognize for several days that your time/billing system has been corrupted). Third, offsite storage is critical to preserving your data in the event of a catastrophic event, such as a fire, theft or flood. Finally, centralized data storage is a critical, but often overlooked, aspect of protecting your data. It is my experience that many firms that have a tape backup system installed have a false sense of security because many attorneys and/or staff continue to save documents, email and/or financial data to their local computers. This is a prescription for disaster as it means that critical data may not be backed up or easily recovered. Therefore, always make certain to implement and FOLLOW a policy for centralizing the storage of data to a single hard drive for easy backup to and retrieval from tape.

The second tool that you need to deploy is an uninterruptible power supply or UPS on every computer and peripheral in the office. A UPS plugs into the wall, but runs off a battery, so it provides you a steady source of power to your computer, monitor, printer and other peripherals despite brown outs, blackouts and power spikes. Such devices are particularly useful in Vermont where power supply can be quite uneven.

As with tape backups, however, many firms balk at the cost (typically $100 to $200 per computer workstation depending upon functionality, voltage requirements and battery life), but if you save just one hour of down time a UPS pays for itself. Larger firms may want to invest in a separate UPS with smart software for their server(s) so that they can be automatically shut down when power is out in order to better maintain data integrity. Any workstation connected to a computer network or modem should have a UPS with network and/or modem jacks to prevent power surges – frequently caused by lightning during electrical storms in Vermont -- from traveling over the network or through the telephone lines to cause damage to workstations.

In my experience a UPS is a good investment for three reasons. First, each generation of computer hardware has become more sensitive to variations in voltage and therefore a UPS protects your investment in computer hardware. In fact, some manufacturers' warranties are voided by a failure to deploy a proper UPS. Second, a UPS helps to prevent data corruption and/or loss by providing you with a steady stream of power during brownouts and spikes and by providing you the time necessary to save your work before shutting your machine down during outages. Third, a UPS will typically pay for itself in reduced interruptions and down time during just one Spring and Summer electrical storm season.

The third tool that you need to deploy, if you are connected to the Internet or ever use disks that have been used outside your office's network, is anti-virus software. Electronic viruses, such as the notorious "I Love You Virus," can wreak havoc with individual computers and (particularly) networks. One of the common problems associated with being infected is replication of data on your hard drive until you run out of space causing your computer to crash and (possibly) the loss of all your data. Anti-virus software scans email attachments, data on floppy disks and even programs that you may download over the Internet for certain attributes that are common to most viruses. The insidiousness of viruses, however, is that there are constantly new varieties being introduced. Therefore defending yourself against viruses is a constant battle.

To best defend yourself against this scourge, I recommend the following. First, purchase a good anti-virus software (i.e. Norton AntiVirus or McAfee's) from a reputable company that you expect has the resources to respond quickly to new threats. Second, update your software daily using the Internet. For firms having two or more attorneys, I recommend purchasing a network anti-virus software that automatically checks for updates daily and distributes them seamlessly across the network without requiring user intervention. Third, you need to implement firm wide policies for use of floppy disks, downloading of files over the Internet and for handling attachments as it is through such functions that viruses tend to spread. A simple policy would require (1) that all floppy disks used on computers outside of your network be scanned for viruses by a designated person, (2) people to obtain permission before downloading any program (i.e. screen savers, audio players or demos) over the Internet and (3) any email attachments coming from unknown persons or without any text in the body of the message to be deleted or virus scanned by a designated person before opening.

The fourth tool that you need to deploy is a firewall, if you have a dedicated connection to the Internet (i.e. xDSL, cable modem, frame relay, etc...), as contrasted with an intermittent dialup connection to the Internet (i.e. modem or ISDN). A firewall is a device that protects your private network from unauthorized intrusion by outsiders who might try to "hack" in via the Internet. Lawyers should not underestimate the dangers of this threat as disgruntled clients, opposing parties, and other malcontents would have plenty of motivation to "hack" your system. The firewall solution that best fits your firm will vary dramatically depending upon the functionality you desire.

At its most basic, you can pick up a router for a couple hundred dollars that will provide you with a level of protection akin to placing a lock on your door. Specifically, these routers provide IP masking or translation services that make it so that the IP address (essentially your Internet street address) of the machines on your private network are unlisted. For firms desiring to use the Internet to access their office's computer network from home or while otherwise away from the office a more sophisticated solution will be needed, the cost of which will typically run you $2,000.00 or more. This may sound pricey, but the productivity gains from extending your computer network via the Internet can swallow up those costs quite quickly. For firms desiring to make certain of their data available to clients, expert witnesses, and/or other interested parties over the Internet the costs may be yet higher. Still, client demands coupled with cost savings and productivity enhancements is driving more and more firms to implement sophisticated security systems to enable them to use the Internet's capacity to improve collaboration and work remotely.

In conclusion, let me simply make a few points. First, the four tools identified and described in this article are by no means all of the tools that may be relevant for you in your practice. There are many other tools that may prove necessary (i.e. email encryption software), depending upon the nature of your practice and the sophistication of your clients. Second, alternatives to some of the tools that I have identified are emerging (i.e. offsite secure storage of critical data and virus scanning of Internet email), especially in the offerings of Application Service Providers or ASPs who are delivering many applications, formerly available only to Fortune 500 companies, to the small business market via the Internet. Third, if you do not take the bull by the horns and properly protect your critical data do not be surprised if you are snake bit by a significant financial loss related thereto or even a malpractice lawsuit, should a client be injured. Finally, understand that my recommendations are not on the cutting edge of technology, but rather simple, common sense solutions to every day problems facing lawyers across the nation. Therefore do not hesitate, but rather act now to protect your critical data.

Copyright [2003].  All rights reserved, except any article may be copied in its entirety, for non-profit usage, with proper attribution so long as a copy of said article, as reprinted, is sent to Mr. Atherton at P.O. Box 90, Northfield Falls, VT  05664.

Steven H. Atherton

The Digital Lawyer