In this age of digital innovation, protecting clients’ sensitive information has become increasingly complicated. Your data, no matter how you store it, electronic or physical, is never 100% safe. For any lawyer this can be a difficult pill to swallow. But can you ever guarantee your client a win or even a specific outcome with 100% certainty? Of course not, you couldn’t! What you can do though, is weigh the options, formulate a strategy and set yourself up to get the result your client wants!
Ensuring sensitive information is protected is the same concept. As a legal professional, certain ethical duty is expected. A reasonable effort to prevent unauthorized access or disclosure of client data is expected. While every firm must have security measures in place, security and risk prevention will look different from practice to practice. So where can you start? With FIVE basic steps, you can take your firm from vulnerable to prepared. Help minimize your risk of a breach, and any potential violation of ethical duties. It is no longer acceptable to plead ignorance about technological privacy threats.
FIVE basic steps, you can use to take your firm from vulnerable to prepared
1. Assess your current IT defense
Being prepared for a data breach is a tricky process. Often times unless a law firm is uniquely large, it’s unlikely that their IT department, would possess all the capabilities to have a secure operation center. This includes being capable of inspecting all traffic, classifying it as benign, malicious, or questionable, analyzing questionable traffic rapidly to determine whether it is malicious, stopping all malicious traffic and taking the necessary steps to remediate any damage.
Keeping current with new attack strategies requires more time than most small and medium enterprises can give their security staff. There is simply too much to do and not enough time.
2. Encryption Encryption Encryption
Encryption is becoming a staple in security management. Demonstrate extensive use of encryption of data in transit and at rest and show that the firm employs two-factor authentication to secure remote connections to the firm's infrastructure.
3. Beef up your passwords
Far too often, passwords such as 1234abc and even 123456789 are too often used in the office setting. A unique password can be the fine line between security and a costly breach. No one password should be used for more than one account. To keep track of all your passwords a password manager can be a great tool. Essentially, a password manger is an electronic program that saves all your passwords in an encrypted vault and requires only one master password to gain access. Password managers can also generate random long multi-character passwords, which are the strongest types of password.
That being said two-factor authentication is a great tool to use when possible! On most big platforms it’s easy to setup and use. It requires both a password and a physical device to receive a code. From there if you get locked out of your account or there appears to be suspicious activity on your account, you can easily regain access and secure your account.
4. Proper training!
Believe it or not the biggest gap in security in any organization are its people! Proper end user training could save you countless hour and thousands of dollars. A simple class simply won’t cut it any longer. The cost is steep, and studies show the information is not retained long enough for it to be of any real value. Adding training in regularly including engaging content like humor boosts effectiveness and when sent out on a somewhat regular basis can not only teach and entertain users but also cut savings drastically!
5. Back up your data, the more the merrier
Backing up your data in at least one location is a smart and easy way to ensure the security of the sensitive information entrusted to you. A backup will save you in the event of a hard drive failure, stolen or lost laptop, accidental overwrite of data, or a malicious attack. It certainly is the best way to handle ransomware and maintain all of your information without paying a huge fee. Not only that but it can save you a headache and a huge chunk of your time!
Don’t stop there though! It’s not enough anymore to have backups but it is crucial to have redundant backups as well as test your backups regularly. In the case that something goes wrong, you want to ensure the plan you have in place will actually work in the case of a crisis. Speaking of plans having a location offsite is also a must, in case of any potential disasters that could take place.
With these steps under your belt, take an hour or two to learn about computer and internet safety. Remember, rely on local experts in the field to tackle any data security measures, don’t take on the fight alone! If you’d like additional information about implementing law firm data security and privacy measures, we welcome you to reach out via phone or email with any questions you may have. While these best practices will not make your data 100% secure it will deter hackers and give you some much needed peace of mind.
LACyber is a division of Lincoln Archives providing comprehensive Data Breach Defense Services. Lincoln Archives and LACyber are proud to be a part of Lincoln Family of Companies serving the Western New York Community since 1914.