5 Cybersecurity tips to Help Keep Your Client’s Data Safe [Guest Post]
We thank Carlos Baradat, The Baradat Group, LLC for this guest post.
Most law firms employ some sort of security tool(s) into their practice in order to protect their data. These may come in the form of spam filters, virus protection, firewalls, or anti-spyware software. These are all important tools that should be incorporated into your daily practice. But it is important to understand, that these tools alone will not make your client’s data safe from would-be hackers. Here are five tips that can help shrink that vulnerable gap between your client data and unwanted prying eyes.
Tip #1 – Don’t think that it will not happen to you. Law firms are a major target for hackers.
Banks contain financial information on a person, doctors and hospitals have their private health history, accountants know where all your money is, and lawyers . . . well, they have it all! Interestingly enough, all of the other professional sectors are protected by established required security measures (i.e., HIPPA, FDIC and SEC). Yet, law firms are still only guided by rules based on a “reasonable standard.” Thus, leaving it up to each lawyer to decided what is reasonable.
Tip # 2 – Use encryption whenever possible.
Whether you are using Microsoft Outlook’s built in encryption tool, or another third-party application, implementing the use of encryption into your daily practice can provide your firm with an elevated level of protection when dealing with confidential and/or privileged materials. These tools can be incorporated into nearly any email platform and are relatively low-cost.
Tip # 3 – Implement an office-wide password policy.
Perhaps one of the most effective and inexpensive ways to elevate your law firm data security is by enforcing and office-wide password protection policy. You may be tempted to use the same password that you use on multiple websites and/or devices, but it cannot be understated how vulnerable your data will be if that is the case. Lawyers and staff should be required to set a password that is at least 12 characters in length and contain a combination letters (upper and lower case), numbers and symbols. This password should be changed with any significant office event (i.e., employee leaving, computer virus detected, etc.), and it should be set to expire regularly.
Tip # 4 – Keep software up to date.
Hackers do not take holiday breaks. They are always working to find vulnerabilities in the software that we use daily (i.e., Microsoft Office, Adobe, QuickBooks, plug-ins, etc.). Luckily for us, all major software companies are constantly working hard to find those vulnerabilities and “patch” them as soon as possible. For that reason, it is important to ensure that all of your software and operating systems are always up to date. By doing so, you will be doing your best to stay ahead of online and targeted virus that are constantly being launched to the general public and law firms alike.
Tip #5 – Vet your vendors.
Law firms frequently out-source work to third-party vendors. Such services include accounting, eDiscovery, website management and copying, and many more. Lawyers have a duty to ensure that their vendors conduct themselves in a manner that abides by the Rules of Professional Conduct. The lawyers should have a good understanding of where the vendor will hold your data (i.e., cloud or physical server), how it manipulates that data, what happens to the data once the relationship with the vendor has ended, and what steps does the vendor take to ensure a reasonable standard of security of that data.
Although client data security can be a daunting task, the benefits of protecting that information far outweighs the potential consequences. Taking these tips into account, should help protect.
Carlos Baradat is the founding member of the Law Office of Carlos A. Baradat, P.A., where he focuses his practice on business, eDiscovery and technology related issues. He has been an adjunct professor at Hodges University since 2014, where he teaches eDiscovery, as well as Social Media & Privacy Law. With more than 15 years of professional experience working in business, administration, law and information technology, Mr. Baradat started The Baradat Group, an innovative business and IT consulting company that provides law firms with assistance in digital forensics, electronic discovery, cybersecurity, litigation preparedness and law office technology.