How Data Backups Save Money for Attorneys and Law Offices

Data backups are a good alternative to making ransomware payments

When was the last time you backed up your data? Data backups performed on a regular, frequent basis provide peace of mind. They free you from ransomware pressures and the cost of paying a ransom to recover your data.

Ransomware attacks have skyrocketed in the past two years, with small businesses suffering almost half of all attacks. Ransomware attacks frequently use social engineering techniques, like phishing emails. These trick your employees into revealing sensitive information or clicking on links they don’t recognize.

The actions of unsuspecting employees allow cybercriminals to launch ransomware into your computer network. This freezes access to your business data and shuts down your server. It also seriously impairs your ability to conduct business. Your data may include client contact information, sensitive case files, and intellectual property. It may include billing data and employee payroll and personal information. As well as trust accounting records, budgets, and expense records. Depending on your fields of expertise it may include more specialized data. What else is in your database?

Ransomware Payments

Most business owners panic, understandably, when they realize they are the victims of a ransomware attack. Their instinct is to pay the requested ransom to get their data back. Ransoms are typically paid online via bitcoin or similar cybercurrency. And while there is no guarantee that paying the ransom will achieve the desired result, cybercriminals almost always return the data. If they didn’t, the foundation upon which this successful cybercrime is built would quickly collapse.

Ransomware is a business, and it is thriving for a reason.

Data Backup: The Alternative to Paying Ransom

Law enforcement authorities, including the FBI, strongly advise against paying ransoms. Contributing to cybercriminals’ profits only serves to perpetuate ransomware.

There is an alternative to ransom payment, and it has long been considered a best business practice among cybersecurity and information technology professionals. Backing up your firm’s data on a regular basis—daily if possible—frees you from the pressures of a ransom demand. Data can be backed up to a secure cloud storage provider. Or to an external hard drive plugged in to a USB port for the data transfer and then unplugged. You might be able to back up to a CD, Blu-Ray disc, or USB flash drive. Depending on your method, you may also be able to set an automatic schedule for your data backups. Setting an automatic backup schedule ensures that every backup gets done.

Then, rather than relying on a cybercriminal to return your data, you have access to the most recent copy of your data. This enables you to continue serving clients, billing, and doing all the important things you do each day.

Cost of Ransomware Attacks

The cost of routine data backups is a fraction of the potential cost of a ransom demand. And it can be built into your overall operating plan.

The average ransom in 2020 was $178,000, according to Cloudwards. But the ransom payment is just the tip of the iceberg. Studies indicate the average ransomware attack costs more than $4.4 million when all associated costs are factored in. These include lost business, regulatory fines and penalties, and reputational damage. Along with remediation of security vulnerabilities contributing to the attack, and other expenses.  

Tips for Your Data Backup Program

When establishing your data backup program, be sure to test the first few backups. Practice restoring your data so that you and your staff are able to access and use it. Just as testing your program periodically is a good idea, so is documenting your program. Develop written procedures so that your backup restoration can be performed efficiently without unnecessary confusion. You should also implement other security measures to protect your sensitive information online.

Of course, advice about data backups and cybersecurity is meaningless if you don’t believe that your firm’s data is worth protecting. And that is a decision only you can make.