Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1356436
40 P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | S P R I N G 2 0 2 1 system is compromised or needs to be taken down in the event of a breach. Hardware failures happen unexpectedly, but having redundancies and failover protocols can greatly mitigate risk of disruption to your firm's operations. • SLAs and RTOs. All law firms should have service- level agreements (SLAs) with their service providers that outline the availability of products and the responsibility to keep services up and running. SLAs should contain recovery time objectives (RTOs) that specify a time frame for service recovery after a disruption and a level of service that will be restored within that time. • 99.999% Uptime. Recovery depends on your systems being as available as possible. Some providers promise 99.9% uptime, which may sound great, but in reality that translates to your systems being unavailable for hours at a time a few days each year. You want your providers to offer 99.999% uptime, often noted as "five nines", which means you'll have less than 10 minutes of total downtime in any given year. • Round-the-Clock Support. Disaster recovery will require access to technical support for all of the systems, applications, and products you use. Because you can never predict when a breach or disruption might happen, it's critical that providers offer 24/7 support. • Immediate Failover Capabilities. In computing, failover is a process for switching to a standby or redundant technology if a server, system, network or program is compromised or otherwise made unavailable. If you can't afford any downtime, you need to make sure you have immediate failover capabilities in place across the board to ensure continuity. • Backups. Having backups for networks, systems, and other technology is critical to ensuring continuity and avoiding downtime, but they're only useful if you know they work. You should not only be making a point of regularly backing up your data and systems, you should also regularly test and verify your backups to make sure they'll function when you actually need them. • Termination. If you need to terminate the use of a technology or a relationship with a provider following a breach, you need to have clear processes in place. Among other things, they should guarantee a timeline for recovering any compromised data and make clear who owns that data after termination. Application Due Diligence Ensuring cybersecurity starts with choosing the right applications. A major factor that should play into any decision to use a particular application or provider is the security measures offered. Proper due diligence requires consideration of the following features. • Strong Encryption at the Database Layer. Your applications should offer AES 256 encryption, which is the most secure encryption offered commercially today. • Passwords. Any technology you use must provide strong password protection. You should also look for single sign-on, which allows you use one set of login credentials to access multiple applications. F E A T U R E S