Computer Chaos Calls for Proper Planning at Law Firms

The CrowdStrike Incident and Its Impact

When disaster struck on July 19, 2024, the world was greeted with choked airport hallways, computers displaying the “blue screen of death,” and cars trapped in parking lots with inoperable access gates. This chaos was caused not by cyberterrorists attacking the Internet, but by a very simple misconfiguration in an update to a component of CrowdStrike, a security software product. According to The Record, the flawed update impacted 8.5 million devices at some of the largest companies in the world, including airlines and law firms.

Effects on Law Firms and Courts

The CrowdStrike chaos had a broad impact across the legal profession as firms and courts alike were affected in various degenerative ways. Law.com reported that several large law firms saw system interruptions and experienced client-facing impact. Courts across the country were significantly impacted as well. Cases were delayed, remote attendance for proceedings was unavailable, and client work was affected. While the revenue impact on law firms is not readily available, it’s certain that billings were disrupted by the delay.

CrowdStrike’s Response and Root Cause Analysis

On August 6, 2024, CrowdStrike released its External Technical Root Cause Analysis, which highlighted the causes of the unsavory update and included a section for “Findings and Mitigations.” In the mitigation section, CrowdStrike systematically addresses what went wrong and how they plan to prevent similar issues in the future.

The Importance of Law Firm Self-Assessment

Doing a Root Cause Analysis (RCA) is always important after a major event. In this case, CrowdStrike shouldn’t be the only organization performing an RCA. All affected law firms should conduct their own detailed assessment of how they responded to the outage and determine how they can improve in the future to minimize client impact. It’s critical to consider how the response might have differed if the issue had been caused by a cyber-attack instead of a software flaw.

The Importance of Contingency Planning

As one law firm executive noted in the Law.com article, “For the legal industry, which relies heavily on seamless communication and data access, such disruptions highlight the critical importance of having robust contingency plans and diversified technology solutions.” Law firms must prioritize resilience and preparedness, which includes updating and testing disaster recovery plans, training staff on alternative workflows, and ensuring the use of diversified technological tools to avoid over-reliance on a single provider.

A Cautionary Tale for Law Firms

For any law firm that felt the effects of the CrowdStrike outage, the event underscored how reliant they are on information systems and the potential for significant disruption to client communications. For those firms fortunate enough to dodge the CrowdStrike chaos, the incident serves as a cautionary tale, encouraging them to evaluate how they would respond in a similar situation.

Steps to Improve Disaster Preparedness

In the case of CrowdStrike, there was little firms could do to prevent the interruption due to the way the software update process works. However, firms can greatly improve their response to similar software or system outages by following these steps:

• Prepare a Detailed Disaster Recovery Plan – The plan should include communication protocols with detailed contact information for anyone involved in responding to disruptive events, including Board members, system administrators, law enforcement, insurance carriers, and public relations firms.
• Understand Your Client Communication Plan – When service disruption occurs, it’s essential to have multiple communication channels available to keep clients informed, including phone messages, website updates, signage, and email distribution. Key client contacts should also be reachable by phone or text.
• Periodically Test Your Disaster Recovery Plan – Conduct both tabletop exercises and actual simulations of disaster scenarios. These tests should involve escalating communications, sending out alerts, recovering test systems, and documenting gaps in the process.
• Perform a Technical Risk Assessment – Identify your key system dependencies, assess which software or services are critical, and explore workarounds or ways to strengthen those systems. Address potential risks before a crisis occurs.

Conclusion: Learn from the CrowdStrike Incident

Don’t wait until chaos strikes to formulate a response. Planning ahead and following the four steps outlined above is inexpensive and straightforward. Just as CrowdStrike did, conduct your own Root Cause Analysis, identify areas for improvement, and document your response plan to avoid future issues. Even if you didn’t experience the CrowdStrike pain, take a lesson from history: “The wise man learns from the mistakes of others.”