My company has a business disaster recovery plan that we test annually. We do a “table test” in which we spend an afternoon going step by step through how we would respond to a “disaster” – looking for holes in our plan. Ironically, in 2019, we picked a pandemic for our table test. Frankly, I thought it was unrealistic because I never thought we would experience a pandemic, but we tested our pandemic disaster recovery plan anyway. And even though the COVID pandemic is much larger and long lasting than we had planned for, we are much better off for having thought through and tested the plan. Disaster recovery planning made it easier to respond when the pandemic arrived.
We should all make it our New Year’s resolution to plan for the next disaster, whether it be a flood, tornado, fire, social unrest, or something more common, like a computer system being hacked.
Part of disaster planning is taking steps to avoid the disaster. Just as handwashing, social distancing, and wearing a mask can help prevent COVID infections, we can all take some simple steps to avoid the most common of business disasters: having our computer system compromised. This is crucial because attorneys are required to not disclose our clients’ information, which can happen if computer systems are compromised. So here is my short, non-techy list of steps to take to avoid having your computer system hacked.
External disk drives and cloud storage are inexpensive, so back up your computer system regularly. Set up an automatic backup program. My company backs up our computers daily, but set up a plan that works for your practice. Check your backup system to make sure you can actually restore your computer files from your backup storage.
Use a biometric or a strong password to access your computer. If you use a password, it should be at least 12 characters and you should change it at least every three months. Consider using a pass phrase, for example, “I Love Wisconsin Attorneys!,” rather than a short password.
It is easy to fake an email sender name, so if you get an unexpected request via email, hover over the sending email address to verify who really sent it. Don’t click on any email attachments if the email is not from your sender’s email address. For example, if you receive an email purportedly from the President of the State Bar, but the sending email address is email@example.com, I didn’t send that email. If you are unsure, call the sender and confirm it’s a legitimate email.
When using your laptop in public, resist the urge to use the free public Wi-Fi; using your cell phone hotspot or a virtual private network for Wi-Fi is much more secure.
Sign up for the State Bar’s Practice411 electronic list, and call Practice411™ if you need additional assistance. Both are benefits of your State Bar membership.
If we have learned anything from the pandemic, it’s that disasters do happen and we need to plan for them. Taking these simple steps can help you and your staff avert the next disaster.
Questions about practice management? Confidential assistance is a phone call or email away:
(800) 957-4670, or org practicehelp wisbar wisbar practicehelp org
Cite to 94. Wis. Law. 4 (January 2021).