Onsite IT: Risky Business?


As a lawyer, you are charged with protecting the interests of your clients, which includes safeguarding their sensitive data. These days, with law firms being a prime target for cybercriminals and a larger part of the workforce logging in remotely, managing partners must be especially vigilant with firm security.

For a long time, onsite IT was the only option available to law firms - servers, software and equipment was housed and managed in the office, usually in a dedicated server room or closet. Many firms continue to operate this way, as familiarity signals safety. But can onsite IT keep up with the modern threats law practices are facing?

If your firm uses onsite IT, you could unwittingly be putting your clients and practice at risk. Here are a few questions to consider:

Is your system and data protected?

Whether it’s major threats such as flood or fire, or more common disruptions such as power outages or an overheated server room, hosting your systems onsite can expose your system to physical risks. All of these scenarios will disrupt firm operations and require an IT professional to be onsite to address the problem, quite often after hours.

Cybercrime is a significant threat to Canadian firms, with more and more cases of malware infection, fraud and ransomware regularly being reported. Device theft is also a growing concern as lawyers and staff copy sensitive files to their devices to work from offsite. Mobile devices and desktop computers are also vulnerable to malware infection, and require security updates several times a year, which has to be done onsite and is disruptive to staff and firm operations.

Do you have comprehensive backups?

When was the last time you did a test restore of your firm’s backup system? Do you feel secure, knowing your critical data will be up-to-date and accessible if disaster strikes?

Many firms back up their data entirely onsite, usually by copying and transferring the files to tape or hard drive. Physical backups requires vigilance from an onsite employee, a time-consuming process that’s highly prone to error.

Another popular option is to transfer data from onsite servers to a third-party Cloud, where it’s stored in a remote sever or data centre, a process known as “hybrid”. The hybrid method eliminates the hassle of tapes, however it still requires careful management and regular testing: it’s not uncommon for firms to discover too late that their recovered data is incomplete or out-of-date, the wrong files were backed up.

Whatever the method, your backup process should be regularly reviewed and tested to ensure there are no holes in the safety net.

Can your business survive a major disruption?

No one likes to think about it, but if a disaster were to affect your office, would your firm be able to continue serving clients? And as we've recently learned, in a pandemic scenario, your employees may not be able to commute to the office, requiring stable remote access and endpoint security measures. In the case of a major office event such as a flood or fire, all of your servers would go down, leaving you unable to send, receive or open emails from onsite or off.

Assuming that your data was properly backed up, how quickly can your restoration and recovery processes bring you back up and operating?

The time it takes to restore your systems depends on several variables, such as the experience of your IT team and the extent of the problem – a major, system-wide disruption would require a complete replacement, which, for a mid-sized firm, can easily take weeks to get up and running. Setting up an interim system with critical elements can take anywhere from 3-5 days, at a significant cost for parts and labour.

Recovering data from tapes is a slow process, as each step must be executed in a necessary sequence. There is a higher chance of encountering problems such as data corruption and incompatible formats, which brings further delays and unexpected costs. While hybrid solutions ensure your data is kept intact while offsite, it takes a significant amount of time to download everything from the Cloud to your new servers.  

Is cumbersome IT management increasing risk?

Problems will occur with any IT environment, so having a solid plan for minimizing and handling them is essential.

When developing your firm’s IT plan, onsite equipment requires considerable foresight; unlike a Private Cloud, which can easily scale its capabilities up or down, you must predict the scope of your business and the supports you require as much as five years in advance. You may find yourself off the mark 2-3 years in, having over-invested, or worse - in urgent need of capabilities that take time and money to implement, such as stable remote access.

A secure system requires regular monitoring, security patching, software updates, firewall management, endpoint management and end-to-end testing, all of which involve multiple levels of planning and management. Onsite IT also requires desktop computers for every user, each device requiring regular maintenance and management. It's a complex process, and cracks in the system’s security can easily form, increasing a firm’s risk exposure.

Secure IT in the Private Cloud

If any of the above questions have left you feeling concerned, it may be time to re-evaluate your law firm’s IT.

Imagine if all of your IT hardware, software and data was housed offsite in a secure, professional data centre with everything professionally managed, automatically backed up, and accessible from any device with an Internet connection. All of this is possible with a Private Cloud. Learn why hosting in a Private Cloud is the securest, smartest option for Canadian law firms.

Download the Executive Summary



New call-to-action