Law Firm Security Step 1: Identify Your Cyber Assets & Secure Your Sensitive Data
In today’s world of evolving technology and web-based law firm operations, data security has never been more critical. Fortunately, there are simple, manageable steps that all firms can take to help promote better data protection.
The path to a more secure office starts with creating a simple document detailing all of your firm’s IT assets. You should make sure to list all of the technology that you use at your firm, to the best of your knowledge. If you have an IT service or office manager, have them review your compiled list and fill in any missing areas/items that they know about. This inventory should include your networking infrastructure, systems and other hardware, applications, and data. It should also evaluate each user with an account on your system, as well as their capabilities.
Networking Infrastructure
Do you have wired (LAN) and Wi-Fi networks? What is connected to each? Is there a guest network? What people have the Wi-Fi passphrase(s)?
Systems and Other Hardware
What PCs, laptops, mobile devices, printers, file servers or network attached storage are present in the practice?
Applications and Data
What business software are you using, and what are those applications responsible for? What information does this software manage, and where does that data reside (both cloud-based and on premises)? Don’t forget about any backups and archives that you may have residing in different locations.
Users
Who are the users with accounts on your systems and what privileges or capabilities do those users have? For example, you might have administrative rights on your PC, but you may have created an account for your bookkeeper with access restricted to certain folders or files. Check in with all of the members of your staff to help ensure that this information is as complete as possible.
Secure Your Sensitive Data
The security and integrity of your data is of paramount importance, as practices typically have large amounts of confidential and sensitive information about clients. Not only do you have an ethical responsibility to protect this information, but often times a legal responsibility as well.
Data in Motion
When handling sensitive information within a web browser, always make sure the address starts with “https,” which indicates a secured connection. Data transmitted over a properly secured connection is encrypted and prevents an attacker from tampering with or accessing the information sent. Most browsers will highlight the address bar in green or show a closed lock to indicate that the connection is secure.
Beware of websites that may have misconfigured or outdated security. Avoid using any website that the browser flags as having an untrusted certificate, since the site or the connection may be compromised. For example, the browser might display a message stating “The site’s security certificate is not trusted” or “There is a problem with this website’s security certificate.”
Data at Rest
Data stored on your computer or a network storage device also need to be secured. Most modern operating systems support “whole drive” or “whole disk” encryption. Once enabled, you can be comfortable knowing that if your computer is ever lost or stolen, the data stored on it cannot be accessed by anyone else. To get started using whole drive encryption, search for “BitLocker” from the Start Menu on Windows Professional, or FileVault on Mac OS X.
For data that is backed up off your computer, or that needs to be transmitted to other parties, file encryption is a must. Applications such as SecureZIP and OpenPGP implementations like Gpg4win (Windows) can secure your own data for storage, as well as ensure protected communication to third parties.
Data in the Cloud
Confidential information stored in cloud services, whether for archival or operating purposes, must usually meet requirements imposed by industry governing bodies. PCI in the payments space, and HIPAA for healthcare data, mandate minimum encryption standards for data processed or stored. These standards often require ongoing audits by external parties to ensure continuing compliance. When in doubt about the ways a service provider protects your confidential information, always ask for their security practices and certifications.
Once you have identified your cyber assets and secured your sensitive data you will have taken the first steps towards becoming a more secure law firm. In our next installment, we will talk about simple but effective measures you can take to secure your various accounts.
LawPay is proud to be trusted by more than 35,000 law firms, recommended by 46 state bars, and the only payment solution offered through the ABA Advantage Program. LawPay was developed specifically to separate earned and unearned payments, giving attorneys peace of mind that their credit card transactions are always handled correctly. To learn more, call (866) 376-0950 or visit our website.
This content is advertising.
