Business Continuity and Disaster Recovery: Why Law Firms Need It

Uploading data to the cloud as part of a business continuity and disaster recovery plan

Business continuity and disaster recovery (BCDR) helps organizations keep their data safe and secure, even in the face of modern cyber threats. BCDR minimizes the impacts of several types of cyber threats as well as network outages.

As a law firm, your team deals with sensitive information and documentation. BCDR keeps that information safe from accidental loss. Understanding what BCDR is and how it can best benefit your practice can save you from a potential cybersecurity disaster.

What Is Business Continuity and Disaster Recovery?

Business continuity and disaster recovery consists of two practices that keep your technology up and running in the face of a disruptive event. Business continuity is the series of strategies for keeping your business running in the event of an emergency, whereas disaster recovery covers how the problem will be solved.

Your BCDR strategies should include standard operating procedures for what employees should do in the event of disruption so data is not lost and financial risks are minimized.

Tips for Building a Business Continuity & Disaster Recovery Plan

When you’re building a BCDR plan, there are a few key points you should include in it. You should craft these similarly to the other standard operating procedures in your law firm.

IT Development Team working in office

Tips for a Business Continuity Plan

Your business continuity plan should cover:

  • Employee contact information
  • Change management procedures
  • How to implement the plan
  • When to implement the plan
  • Step-by-step operating procedures
  • Schedules to review, test, and update the plan

Tips for a Disaster Recovery Plan

Your disaster recovery plan needs to outline:

  • Who is on the DR team and when they are available
  • Employee responsibilities
  • Guidelines for when to implement
  • DR policy statement and goals
  • Response and recovery steps for different incidences (i.e. ransomware, malware, IT downtime)
  • Multi-factor authentication tools and processes

4 Use Cases Where BCDR Can Help Law Firms

BCDR plans come into play during a cyber threat or in the event of unplanned IT downtime. Ultimately, your goal should be to minimize financial losses, respond quickly, and to maintain compliance with legal regulations. 

BCDR plans are beneficial for law firms of any size; in 2019, 43% of security breaches involved small business victims. Here are four use cases where BCDR can help your law firm.


Over half of security breaches involve hacking. There are four types of hackers that you need to look out for:

  • Script Kiddies: These hackers usually have minimal knowledge in hacking, so they use code scripts they did not write. However, script kiddies can still cause damage, despite their low skill levels. They can still exploit weaknesses in your cybersecurity, much like the famous Love Bug and Anna Kournikova viruses of the early 2000s.
  • Insiders: The term “insiders” refers to hackers that come from your own organization. Insiders usually want revenge on a company they worked for in response to a perceived wrong. IF you’re familiar with Edward Snowden, then you know an insider hacker. 
  • Hacktivists: Hacktivists can range in skill level, but work towards exposing individuals or organizations they feel are corrupt or unjust. Anonymous and Wikileaks are both well-known examples of hacktivism groups.
  • Cybercriminals: As a law firm, these types of hackers are the type you should be most concerned with. Cybercriminals have one goal and one goal only: to make money. They target organizations like law firms, banks, and enterprises in order to exploit sensitive data on weak security systems.

Hackers will often perform a distributed denial of service (DDoS) attack, where users can’t access their server due to an increased spike of traffic. Having a BCDR in place can help you recover lost or stolen files and get your systems back up and running if anything gets shut down. 

Hacking also typically involves another type of security breach: ransomware.

Professional Hacker at Work in Front of His Tree Displays Hacking Center.


Ransomware is a specific type of malware that involves holding your information for ransom. Ransomware attacks either threaten to publish or release important, sensitive data or they lock down access to it. Sometimes, the cyber attacker will threaten both.

Ransomware attacks demand payment, either in the form of money or cryptocurrency. Sometimes, they require multiple payments depending on how much information they have locked down and acquired.

Due to the sensitive nature of the information they store and process, law firms are high at risk for ransomware attacks. Larger companies and firms are not the ideal ransomware target, as the attackers do not want to draw legal attention to themselves. Smaller and mid-sized firms, however, are much more at risk.

We always recommend having a remote data backup in case your information is lost. Ensure that you have two-factor authentication whenever you can, and apply patches as soon as possible to stop vulnerabilities. These are steps we can include in your BCDR plan so your information is never fully compromised.


Malware is short for “malicious software.” There are many different types of malware, including ransomware, that are structured to damage your computer, network and/or files. Other types of malware include:

  • Spyware, which collects information about your network and device. Spyware often looks for passwords, credit card numbers, and personal information.
  • Adware spams your computer with advertisements that bring in revenue for the ad’s developer. The adware also collects your personal information so they can tailor the ads to what you are more likely to click on.
  • Worms infect your computer similarly to how they infect our pets. They spread and multiply, moving to additional devices and taking up a lot of your bandwidth. Sometimes, worms can carry additional malware and spread it across your network.
  • Trojans are named after the Ancient Greek tale of the Trojan Horse. Trojans are especially sneaky by posing as normal software. Trojans then activate once you’ve downloaded the software, and sometimes spread additional malware once downloaded.  

You should also be wary of botkits. Attackers can infect your computer with bots, which carry out remote commands. These allow the hackers to begin attacking your computer by stealing data, downloading malware, and implementing DDoS attacks.

Regardless of the type of malware, a common cause of data compromise is user error. Malware is typically installed when a user clicks on a link that downloads the malware program to the computer, giving the hacker access or helping them achieve their goals of corrupting your files. 

Educate your firm on phishing scams and cybersecurity risks to help prevent malware from being downloaded onto your servers. With lots of electronic file sharing happening at a law firm, it’s critical to make sure that you’re dealing with your clients, not someone posing as them.

A BCDR plan helps you minimize the data losses and damages from malware attacks. In your plan, you should be building out your exact steps for handling malware at your company, so you can feel well-equipped rather than panicked while knowing exactly who is responsible for what action items. 

Critical Equipment Failure

Critical equipment failure can be extremely costly. Unplanned IT downtime can disrupt your operations. If you have a server crash and you can’t access your files, it could cost your law firm thousands of dollars. The average cost of unplanned IT downtime is as high as $9,000 per minute.

Having a BCDR plan in place means you can get your systems back up and running as soon as possible. The longer it takes to get back online, the more it can cost you, so it’s crucial to be able to quickly and efficiently restore your servers.  

Need Help with Legal IT?

If your law firm feels overwhelmed with creating and implementing a BCDR plan, our IT services team can help. At Converged Technology Group, we understand how highly regulated the law industry is and can help you keep your data compliant and protected.

We’re proud to service law offices across Manhattan, Nassau County, and Suffolk County. We offer fully managed IT services, help desk support, and co-managed IT services for law firms with existing IT departments in place.

Our team can also assist you with disaster recovery solutions. With our extensive experience helping New York City law firms, we can ensure you are equipped with the tools and protocols you need to protect the sensitive information you work with on a daily basis. Contact us today for a free consultation!


Email Us

(631) 468-5770