Where Business Meets Perfection.
Follow Solfecta! Like Solfecta on Facebook! Follow Solfecta on Twitter! Follow Solfecta on LinkedIn! Follow Solfecta on Google+!

Is Online Backup Right for a Law Firm?

During yesterday’s Hanging Out a Shingle CLE in Madison, the topic of backup came ups serveral times.  While I certainly recognize the benefits, I have never really been a fan of online backup for my law firm clients.  I have always been wary of not only placing but also transmitting confidential client information on the Internet.

Nerino Petro commented that this is really no different than placing critical documents in the hands of a courier or storing paper files at an offsite location.  In each case, you are entrusting confidiential information in the hands of another party with the reasonable expetation of security.  Both of those statements are true but I would point out that there are millions of really smart technology bad guys all over the world that are always looking for something to hack into.  They would never break into your storage warehouse in West Allis, Wisconsin or mug your bicycle courier in downtown Chicago, but they may very well hack into your online backup provider just to say they did it.

Another point brought up by Nerino, that I do agree with, is the fact that most office servers are probably not all that secure.  You need to make sure your server is as secure as possible.  Check with your technology consultant if you are not sure.

I suppose online backup really comes down to reasonable expectations.  This means you should carefully read and understand the security procedures and policies of your online backup provider.  If you have a reasonable expectation that your data is secure, a court will probably agree with you if it ever comes to that.

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+
Tags: ,

4 Responses

  1. Alison says:

    Jeff: I absolutely agree with you about security of data being a major concern for law firms and similar professions. In fact, it should be a major concern for anyone no matter who they are. I work at Carbonite and I can assure you that security of your data is our number one priority. We double-encrypt your data before it ever leaves your computer, ensuring that you are the only one who can ever access your files. We do not support file sharing because we never want to handle unencrypted data. Although some other online backup companies were recently found to be vulnerable to Man In The Middle attacks, I’m happy to report that Carbonite was one of the only two companies that did not fall victim to the test attacks. You can read more about our security practices at our company blog. Please feel free to leave our CEO comments or questions about our security measures.
    Thanks,
    Alison

  2. Peter says:

    I agree with Alison that some sites are secure than others.

    Carbonite is also ranked at top spot at the review site, http://www.BackupReview.info.

  3. Martin says:

    Hi Jeff:

    Thanks for an interesting post. I think you’re right to be concerned about the online services level of security, but I also think there is a huge value to solving the “separate site” problem. The ability to automatically achieve geographic redundancy is major improvement in terms of preparing effectively for disaster.

    Per Alison’s note above, Carbonite appears to be a fine service though it is mainly targeted at consumers.

    I would check out the following for business use:

    Mozy (part of EMC now)
    ElephantDrive (uses Amazon S3)

    Good luck!

  4. Nerino Petro says:

    Thanks for putting out this information Jeff. I just want to make sure that the other critical point that I made is included: you must read the terms of service and pay special attention to the privacy and confidentiality provisions to determine if there is a reasonable expectation of privacy while using the service. In the situation where the service provider clearly provides in its user agreement or other license that the information will be monitored and audited, then this removes the privacy expectation. many of the online service providers have an option where the user is the only party that has the password do the encrypted data which means that no one else can access it. The potential downside to this is that if you lose or forget your password, neither the service provider or anyone else can provide it to you and your data will remain locked and inaccessible.

    As attorneys, we should not turn over files to a messenger or file storage provider unless we have done our due diligence review and assured ourselves that the provider is legitimate and will exercise due care and caution with our information.

    Thanks for participating in the seminar.

    Regards,

    Nerino Petro
    Practice Management Advisor
    State Bar of Wisconsin

Leave a Reply