According to a recent report by Conversant Group and the International Legal Technology Association (ILTA), it has been revealed that only 11% of law firms consider data backups to be a critical security control. This lack of prioritization could potentially leave these firms vulnerable to cyberattacks, particularly ransomware incidents where threat actors often target backups and successfully compromise data stores.

With the rising threat of ransomware attacks, it is crucial for law firms to enhance their backup protocols to protect their valuable data. Backups are considered one of the most important security controls, as the loss of data could have catastrophic consequences for firms. Therefore, ensuring that backups are redundant, immutable, recoverable, and have proper controls in place is essential for safeguarding against data loss.

In the context of data backups, immutability refers to data that cannot be altered, encrypted, or deleted once stored. This feature is particularly important for law firms, as they are frequently targeted by ransomware attackers. Having immutable backups is also a requirement for many cyber insurance carriers. It is worth noting that not all forms of immutability offer the same level of protection, and having redundancy and recoverability measures in place is equally important. In the event that a threat actor breaches one data repository, having multiple immutable backups of varying types and from different manufacturers can provide additional layers of security.

Despite the importance of immutability, the report found that 38% of law firms either do not have immutable backup copies or are unsure if their backups meet this standard. Additionally, only 24% of firms reported having multiple immutable copies of all their data. The most common form of backup method used by law firms is storage snapshots, which may not always guarantee immutability. It is essential for firms to ensure that their backup infrastructure is not part of the Active Directory domain, as this could pose a security risk if the network is compromised.

To enhance backup security, it is recommended that law firms maintain five copies of their data, including copies stored on physically redundant, immutable backup storage, offsite backup storage, digitally air-gapped storage, and volumes on all storage platforms snapped immutably. This approach ensures redundancy, immutability, and recoverability, thereby mitigating the risk of data loss in the event of an attack.

Ultimately, backups should be considered a crucial defense mechanism for protecting business operations, as the loss of data could result in severe consequences for a firm. By prioritizing backup security and following best practices for data protection, law firms can better defend themselves against cyber threats and ensure the continuity of their operations.

Source link