If your practice is part of a large firm that works with financial institutions, you likely have already undergone at least one security audit in the last year. Regardless of the size of your firm, a growing number of state bar associations now require law firms to keep abreast of changes in technology. The American Bar Association’s Model Rules of Professional Conduct requires lawyers to “keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.”
Protecting your client’s information is more than an ethical requirement, it’s also good business. Yes, big retailers and government sites are hacked all the time. Without the seemingly limitless budgets of a big law firm, what are your options?
Talk with your IT provider and then, talk to another IT provider. Educate yourself on the fundamentals of cybersecurity so that you can make informed decisions. You may need some upgrades, and some investment in infrastructure, but it is better to be proactive than to fix a system after digital assets have been stolen or tampered with.
Identify cybersecurity priorities. Maybe you can’t do everything, but you can take reasonable steps.
People are often the weakest link in office cybersecurity. If an associate or team member leaves in a huff, do you know what they have taken with them? Are they still accessing files through the network, or through Dropbox? Or did they take the entire office with them on a memory stick before they left? These are vulnerabilities that must be considered when formulating employee policies and cybersecurity processes.
Do you have a “Bring Your Own Device” (BYOD) policy, where attorneys are able to access the firm’s network and download client information on their own devices? Millennials love this, but this policy puts your firm at risk. What if your biggest client’s entire file is on someone’s laptop and the laptop is stolen? If the laptop cannot have all of its data cleaned remotely as soon as the loss is discovered, you’ve got a big problem.
Have you begun using a secure portal for client documents? All you need to do is read the news to know that emails are not secure. Sensitive client data must be transmitted and stored in a safe and secure manner.
Are you still running a practice on servers located in your office? If your practice is in the cloud and you are working with a reputable company, your documents are secure; you have data redundancy and data recovery options that an office-based server does not offer.
Even if you are in a firm that refuses to give up its own data center (which we hope is more than a dedicated closet with a rack and a door that’s never shut because it’s too hot), your backup should be in the cloud.