Dave Kinsey 0000-00-00 00:00:00
It’s downright scary. In my experience it’s the exception, not the rule, that a law firm has adequate backup. Despite the best of intentions, doing all that is required to ensure good backup is typically overlooked in the sea of other demands for IT staff time. In the 1960’s classic book by Charles Hummel, Tyranny of the Urgent!, Hummel stated it best: “Your greatest danger is letting the urgent things crowd out the important”. Backups fall into what Steven Covey would call “Quadrant 2 - the Important, Non-Urgent”. Restoring data is almost always “Quadrant 1 - Important & Urgent”. If the Quadrant 2 backup work isn’t done in advance, restore becomes impossible and no level of urgency will get your files back. The “tyranny of the urgent” does not discriminate based on firm size. Larger firms tend to miss backing up critical data due to the increased complexity and number of items to manage. Smaller firms tend to have more fundamental failures. You may not be able to prevent disasters such as fire, theft or flood. You can, however, prevent a disaster predicated on the false assumption that your data is being backed up reliably. An independent third party audit is the best verification. However, here’s a much simpler self-audit approach to consider. Let your IT know that your insurance is requesting some information about your systems. Backups themselves are critical insurance, so you can say this confidently and accurately. STEP 1 – Indicate you need to supply a listing of your servers and were provided the following example: Get these results first before asking for anything else. This will help you understand everything that should be backed up without qualification. STEP 2 – Tell your IT “thank you” for getting that info. Next, let them know you’ve been asked to describe the backups of your systems. Half of the value of this exercise is to look for potential issues; the other half is making this backup review, at least temporarily, a top priority (Quadrant 1) issue. It’s important not to put the IT staff on the defensive to help ensure you get an accurate report. Some items to review: 1. List local Backup Device(s), if any, including type (tape, disk) and capacity. 2. How are your backups taken offsite: manually (disk or tape rotation) or automated (cloud)? What is the scheduled frequency of the offsite backup? Are offsite backups encrypted or not? 3. Is there any data that has been excluded from your backups for any reason? (since the answer to this question is often “yes”, this is your largest risk area to review) 4. What recovery points in time are available from local backup and cloud backup? (In other words, how many options will you have for the date and time to restore files from?) 5. How long would it take to restore an individual server from backup in the case of hard drive corruption? 6. What are your plans to restore business operations after complete loss of your office (hot site, order equipment & perform restore, etc.)? 7. Are backups file or image based? (image backup is recommended as you will typically get better answers to all the other questions above) STEP 3 – After they complete answering the questions in Step 2, thank them and ask them if they can think of any possible upgrades to backups for better protection. If you’d like any additional advice in how to manage this issue with your IT people or if you’d like me to help validate what you’re doing, email me at firstname.lastname@example.org.
Published by Target Market Media . View All Articles.