With climate scientists predicting that extreme weather is on the rise, events such as the Calgary flood, the wild winter in the Maritimes, or ice storms and tornados in Ontario could become more commonplace. But despite the potential for catastrophe, many law firms don’t have an up-to-date disaster recovery plan — or any plan at all.
Susan LeDrew’s former law office in St. John’s kept the majority of its newly closed files in the basement. So when it flooded several years ago, it was all hands on deck to see what could be salvaged. “We had to go through soggy, wet, smudged papers to see if there was something that could be saved or needed urgently to be saved,” says LeDrew, now with LeDrew Law.
Taking the time to deal with the crisis “definitely sidetracked us, and it consumed the time of our staff too. It was really an ugly job. It was disruptive, upsetting and worrisome.”
When Calgary’s Bow and Elbow Rivers flooded in June, 2013, the city’s downtown core of 350,000 people had to be evacuated.
Like most law firms, Field Law didn’t have a written disaster plan in place before the floodwaters hit. It does now. Partner Doreen Saunderson says the experience “prompted us to develop one to document all of the things we did learn about what worked and didn’t work through this.”
She sprang into action after a late-evening email from her assistant alerted her to the fact that the city “was telling people not to come into the core.” After ensuring that colleagues and staff were safe and knew not to come into work, and then making sure the files were secure, her focus was on continuity of service to clients.
Most firm members were able to work remotely. There were daily conference calls with the key team members, and a daily email to staff kept them abreast of the status of the office and of operations.
Saunderson says her firm “lucked out” since its servers were housed in Edmonton and they were still functional. “But had this happened in our Edmonton office, the whole firm would have been down. So since that time we have now moved our servers to a secure data centre.”
Saunderson’s colleague Vance Langford says IT is the most critical part in planning for disaster. “If you have your stuff backed up and stored, if you can access all of your client data on a server, then you can’t be hurt too bad even if your physical premises is wiped out.”
He adds that a firm’s ability to prepare for disaster could be an indicator of its overall strength. “Your preparedness is a demonstration of not only your character and your competence, but also your ability to do business.”
Disaster planning 101
Creating an emergency plan is a complex, time-consuming chore. Here’s how to get started.
• Identify any risks that your business could face.
• Ensure your business insurance will cover your needs.
• Create an emergency response team and decide who has the authority to make decisions.
• Make a contact list of all firm employees with phone numbers, emails, addresses and emergency contact names and numbers.
• Create a list of important firm contacts, including clients, opposing counsel, courts, landlord, insurance broker, suppliers, vendors, etc.
• Set up an employee hotline that would provide everyone with information on an ongoing basis.
• Identify an office space to work in and meet with clients in case your office is destroyed.
• Compile a detailed inventory of all office contents, including make, model and serial number.
• Install and update a firewall and antivirus software on computers and networks.
• Ensure that computer backups are done regularly and use off-site storage.
• Update the plan on a regular basis.
Unexpected bad weather isn’t the only potential disaster that puts law firms in jeopardy — the risk of cyber-attacks is on the rise as well.
Law enforcement agencies have warned large American law firms that “their computer files are targets for cyber-spies and thieves in China, Russia, and other countries, including the U.S., looking for valuable information about potential corporate mergers, patent and trade secrets, litigation plans, and more,” says a March 2015 Bloomberg article. It adds that at least 80 per cent of the biggest 100 American law firms have had some type of computer breach.
Covering your losses
Examine your insurance policy and know what’s covered and what’s not. Make sure your business insurance will adequately cover the costs of potential damage — not only to the building and its contents, but the information that’s stored on the firm’s computers.
There’s a developing market of cyber insurance policies available, says Dan Pinnington, vice-president, Claims Prevention and Stakeholder Relations at Law Pro in Toronto. They can include “coverage for inadvertent disclosure of confidential information, for intellectual property or business secret infringements, damage to reputation, liability relating to damage to third-party systems, or impairment access to systems or other information.” Such coverage can cover “things like the cost of sending privacy notifications out to people if you’ve had a breach of privacy and crisis management activities and so on.”
To prevent the catastrophic loss of computer files, ensure a full backup of all your critical data is done regularly, Pinnington says. It should be offsite in case anything happens to the firm’s building. “The ideal is a full backup nightly so you’re never more than a day behind.” Test the backup to ensure it’s working properly. He also advises lawyers to consider one of the cloud backup services. “They can get you interesting options, security and all.”