Security tips for lawyers need not be a list of complex technical IT setup. Simple set of actions could prevent some major breaches. With their professional ethics requiring high confidentiality and information security for their clients, lawyers definitely need a secure, leak-proof way of storing their clients’ case details and other vital and delicate information. To […]
Security tips for lawyers need not be a list of complex technical IT setup. Simple set of actions could prevent some major breaches. With their professional ethics requiring high confidentiality and information security for their clients, lawyers definitely need a secure, leak-proof way of storing their clients’ case details and other vital and delicate information.
To do this, common practices such as password-protecting files and the computer are employed. Despite this, legal firms have still experienced loss of client data and in extreme cases, leakage of damaging information. As a matter of fact, in 2014, a string of data breaches within law firms led the Information Commissioner's Office (ICO) to issue a public warning to barristers and solicitors. The ICO insisted that more needed to be done to ensure that client information was kept as safe and confidential as possible.
A while back, in 2010, Rob Lee, an information security specialist who investigated data breaches for Mandiant, a security company, estimated that 10% of his time was spent investigating law firm data breaches. A year earlier, in 2009, the FBI actually issued an advisory warning to law firms stating that they were specifically being targeted by hackers.
As a result of this streak of data breaches, clients have gone as far as threatening not to pay for services in law firms whose data security ‘stinks’. To protect themselves, law firms should consider bolstering their security systems.
Usually, law firm owners are tempted to believe the word of their IT managers on matters regarding file security. While this is good, it is better to check the system yourself and also hire a third party to help you ascertain the security levels of your systems.
So, what are the top practical security tips to prevent data breaches?
Practical Security Tips For Lawyers to Prevent Data Breaches
Generally, here are a few tips on what you should do:
Normally, people are advised to have an 8-character alphanumeric password because it is apparently strong and safe enough. However, it has been proven that 8 is no longer the number, with regards to measuring the strength of your password.
In a hacking experiment for Ars Technica, a tech website, a team of hackers managed to crack more than 14,800 cryptographically hashed passwords. In fact, a 16-character password (for example qeadzcwrsfxv1331) was hacked in less than an hour.
In a different study by Trustwave Global Security, it was revealed that 88% of passwords can be hacked within 14 days. What this means to law firms, which as indicated are an attractive victim, is that they need to strengthen their file security by improving the quality of their passwords.
Generally, these should not be obvious passwords and should not be repeated in other documents. In addition, you should refrain from keeping a file named ‘passwords’ in your computer.
A study by eSecurity Planet found out that the leading cause of data breaches has been loss or theft of unencrypted laptops and USB devices. Unfortunately, this is a playing field for hackers because penetrating a stolen laptop is easier than cracking a database.
To curb this, law firms are advised to protect their devices with whole disk encryption. This can be boosted with biometric access, such as fingerprint swipe.
The self-hosted or public cloud works as your backup media and also a safer place to store your most sensitive files. One of the leading self-hosted Cloud solution is Filecloud. Unlike public cloud-based file sharing solutions that run on third-party servers, filecloud is an on-premises Enterprise File Sharing and Sync (EFSS) solution, which is self-hosted and managed by your own trusted administrators, safely running on your infrastructure. Better yet, it is regulated by your corporate IT security policies, ensuring that you receive the highest form of possible protection.
Author: Davis Porter