I have written an article for an American Bar Association publication covering online backup services and the ethical duties of lawyers to protect client information from being lost or disclosed.
Staying Safe with Online Backup and Remote Access Services
With today's strong encryption technology implemented properly, no one needs to worry about the safety of online storage. Despite the fact that huge banks and bank customers rely heavily on 128-bit encryption, many lawyers do not yet appreciate how safe it is. Encrypted online backups are much, much safer and more reliable than the backup systems used by most law offices.
We have launched an online backup service specifically designed for small law offices:
www.activeonlinebackup.com
Our clientele of small firm lawyers like the idea of protecting their valuable data with an online system once they appreciate how secure it is.
End-to-end 448-bit encryption keeps backups secure from compromise by anyone or any agency that does not have the passphrase. The customer has exclusive possession of the passphrase. We never see it. This system complies with the stringent HIPAA requirements and completely protects the attorney-client privilege because no third party can possibly access the information unless the lawyer (customer) gives up the passphrase.
Attorneys put misplaced trust in flash drives, DVDs, and rotating external hard drives that they rotate off-site. How many of these home-grown backup approaches encrypt the data? Very few in our 13 years of consulting with small law firms. The client data are much more at risk of being stolen or lost as disks travel back in forth in cars and sit around in homes and offices.
The real, every day risks of most backup systems include these:
The systems depend on people to perform repetitive manual tasks and the people make mistakes. See the sad stories above.
The systems don't backup often enough. Rotating once a week can result in a week's data lost. That is extremely expensive and disruptive for a law office where deadlines are critical and pressure is high.
The systems are not checked to verify that the backups are good. Our online service continually verifies that the data in the law firm and the backed up data are identical.
The systems do not retain enough versions of documents and files. Accidents happen. Users overwrite and delete files they shouldn't. It may be weeks or months before the problems are discovered. An online service like ours can keep unlimited versions of files without bloating the backup volume. It is important for lawyers to be able to go back in time and determine what was in a particular documents. Backup systems can serve that need, too.
There is a lot more to the subject of securing a law firm's data than we can address here. But this is a good start.
One final comment: Don't trust just one backup system! They are not expensive any more. Run at least two separate systems, making sure that they are compatible with each other. Sure, rotate an encrypted backup on an external hard drive off site every week. Use a one-way file synchronization program to copy files from the server to a PC hard drive or an external hard drive or terrastation. But also use a reliable online backup service with features appropriate for a law office.
Slashdot Mirror
I have written an article for an American Bar Association publication covering online backup services and the ethical duties of lawyers to protect client information from being lost or disclosed.
Staying Safe with Online Backup and Remote Access Services
http://www.abanet.org/genpractice/magazine/2008/dec/stayingsafe.html
With today's strong encryption technology implemented properly, no one needs to worry about the safety of online storage. Despite the fact that huge banks and bank customers rely heavily on 128-bit encryption, many lawyers do not yet appreciate how safe it is. Encrypted online backups are much, much safer and more reliable than the backup systems used by most law offices.
We have launched an online backup service specifically designed for small law offices: www.activeonlinebackup.com Our clientele of small firm lawyers like the idea of protecting their valuable data with an online system once they appreciate how secure it is.
End-to-end 448-bit encryption keeps backups secure from compromise by anyone or any agency that does not have the passphrase. The customer has exclusive possession of the passphrase. We never see it. This system complies with the stringent HIPAA requirements and completely protects the attorney-client privilege because no third party can possibly access the information unless the lawyer (customer) gives up the passphrase.
Attorneys put misplaced trust in flash drives, DVDs, and rotating external hard drives that they rotate off-site. How many of these home-grown backup approaches encrypt the data? Very few in our 13 years of consulting with small law firms. The client data are much more at risk of being stolen or lost as disks travel back in forth in cars and sit around in homes and offices.
The real, every day risks of most backup systems include these:
There is a lot more to the subject of securing a law firm's data than we can address here. But this is a good start.
One final comment: Don't trust just one backup system! They are not expensive any more. Run at least two separate systems, making sure that they are compatible with each other. Sure, rotate an encrypted backup on an external hard drive off site every week. Use a one-way file synchronization program to copy files from the server to a PC hard drive or an external hard drive or terrastation. But also use a reliable online backup service with features appropriate for a law office.