Lock Down That Data
Today, some law firms store terabytes — even petabytes — of confidential e-discovery and electronically stored information. When you consider your primary responsibilities as an attorney, why should you include this data’s security?
1. You have an ethical responsibility. The ABA Model Rules of Professional Conduct state that a lawyer must “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” 1
2. You must comply with government security regulations. Sensitive information is regulated by various federal, state and industry rules.
3. You should protect your reputation. A data security breach will almost certainly result in the loss of clients and possibly generate negative publicity.
Airtight data security is hard to achieve. For small and midsize practices, the work can be overwhelming. Also, technological changes mean that security measures can become obsolete in a matter of months.
Firms can address these challenges with a step-by-step plan.
Security, Step by Step
Designate a Security Officer
Data security is only achievable if someone leads the charge. Depending on the data you store, you may even be legally required to designate a security officer.
Security vulnerability occurs via your physical work environment, network security and mobile communication. How do you guard each area? Take the following actions.
• Make workstations inaccessible to the public.
• Lock away your routers and servers.
• If possible, incorporate industry standard protocols such as magnetic doors and keycard access.
• Maintain protection against natural disasters.
• Archive data off-site.
• Replace aging physical equipment.
• Configure your firewalls correctly.
• Use strong, proven antivirus and antimalware software.
• Keep your software current.
• Password protect your network or make it invisible.
• Don’t transmit private data on public networks.
Mobile Device Weaknesses
• Make sure your device doesn’t scan for and hook up to open Wi-Fi networks.
• Instead of emailing files, transfer them via secure software, such as file-sharing apps that encrypt data.
• Enable security features such as remote wipe and automatic file deletion if you lose your phone.
• Don’t lose your phone!
Depending on the kind of data you’re storing and transferring, you could be subject to more regulations than you know. These include:
1. The Health Insurance Portability and Accountability Act (HIPAA)
2. The Consumer Financial Protection Bureau’s data security guidelines
3. Various state data security laws
4. Records disposal laws and protocols
5. Industry standards such as Payment Card Industry Data Security Standards
Set Policies and Procedures
Now that you understand what you need to do, decide how to do it. Develop a data security program, train your staff and enforce protocols according to your reasonable means. For instance, if you lack sufficient means to secure data on-site, you could look for off-site storage services that offer you features like advanced encryption methods.
Stay Ahead of the Game
If you’re going to serve your clients to the best of your ability, you have to stay current with your security. It’s not possible to eliminate risk, but you can decrease it significantly by becoming aware of your security issues, learning everything you can and being proactive in your responses.