Law firms are targeting rich environments for cyber criminals. This post offers ways to protect law firms from data breaches.
Where and how lawyers, paralegals, and legal support staff work is rapidly changing from office-based to working from remote locations. The American Bar Association tells us that, according to their 2015 Legal Technology Survey, 20% of attorneys work from home and only 63% work in traditional office situations. Also, lawyers spend about one-quarter of their work time outside of their actual workplace.
Attorneys and the people that work with them use portable devices in the courtroom for trial resources and trial notes, on-the-go for checking email, and to create and keep up client files.
Much of the change stems from lawyers trying to maximize productivity – laptops, and other portable devices help in this regard. However, practicing law in this manner opens a greater potential for data breaches.
Why You Must Protect Against Data Breaches
Did you know that in 2015, law firms were the 7th highest target of cyber criminals? This demonstrated almost a 50% increase in law firms being targeted by hackers compared to the previous year. Since 2009, the FBI and other law enforcement agencies warned the legal industry of the potential for cyber-attacks.
- Law firms are targets because of the sensitivity of client information that includes:
- Personal identifying information that makes for clients becoming targets for identity theft
- Corporate client information is rich in confidential business information that if breached can affect new product launches, planned patent filings, intellectual property, and more
- Payment information including credit card information and secret PIN numbers
There are ways to increase your security that is equally affordable for solo lawyers and large law firms.
Ways to Protect Your Law Firm from Data Breaches
The expenses associated with data breach protection are scalable based on a firm’s size. The costs related to legal firms can be as high. Besides, firms can be fined by one of the following agencies of the federal government. They are the Federal Trade Commission, the Consumer Financial Protection Bureau, and the Office of Civil Right for the Center for Medicare and Medicaid.
Firewalls and Other Infrastructure
Firewalls are your firm’s first line of defense when it comes to security. There are excellent software choices for firewalls. But, there are also some good firewalls that are available as hardware for your system. When properly designed and specified they work well together.
Most firms have adopted “portals” for clients and staff. They should never be combined, and separate portals for clients and legal workers is a must. While members of the firm should be allowed access to the client portal to answer emails and other requests, under no circumstances should clients be able to access the staff portal. Some experts suggest separate servers.
Develop good password hygiene with a different 12-character password for various segments of your files. They should frequently be changed, and login credentials for separating employees should be revoked and made unusable. Don’t store passwords on your computer in a file called passwords and don’t keep a list of passwords under your keyboard or your desk drawers.
Encrypt your backup files (also thumb drives you may use). Backups should be done at least nightly.
- Keep your server room locked
- Use a pin to access smartphones
- Make sure WiFi networks are secure
Many solo, small and medium sized law firms find that using a managed IT security service makes sense. A managed service provider is an excellent value, so good, that even mega law firms use them.