Law firms are stewards of their client’s sensitive data such as Social Security numbers, financial information, medical and other private data. It is crucial that you take proper cybersecurity measures to protect this sensitive data. After all, it takes only one breach for your firm to suffer a severe impact to your reputation and erode your client’s trust.
Whether you work on all cases in-house or outsource some or all of your work to an external litigation support provider, here are six key cybersecurity factors to consider.
- Data encryption. Make sure your data is encrypted at rest as well as when being transmitted. Encryption software encodes the data so that only those with the “key” can unlock it. If someone intercepts data while it’s being transmitted or even if a hard drive is physically stolen, encrypted data cannot be read. It’s also important that the proper security protocols are set up on mobile devices such as company-issued or personal laptops, tablets and smartphones. Sound mobile device management enables users to securely access corporate email and documents while preventing unauthorized intrusion and potential loss of data.
- Firewalls. A firewall can be hardware or software and is the data guardian at the internet gate. The firewall inspects all network traffic and connections (to the internet) and prevents unauthorized users from accessing a private network. All incoming and outgoing data passes through the firewall, which vets each message and blocks those that do not meet the specified security criteria.
- Strong passwords. Do you and your vendor(s) adhere to password management best practices such as two-factor authentication and complex passwords? Strong passwords make it almost impossible for a “bot” that automatically generates passwords to penetrate your network. Remember to keep your passwords safe and do not store them unprotected on computers or worse, printed out and tucked in a desk drawer.
- The human firewall. Email phishing, executive impersonation and spoofing are the weakest links in cybersecurity today and these techniques are the easiest way to steal sensitive data. Therefore, it’s vital to improve the human firewall by training your people to be more aware of these scams. Learning to recognize these malicious emails and knowing how to not respond keeps you from falling prey to hackers—and keeps your valuable data safe.
- Audits. Do you have internal and external audit procedures in place to make sure that your IT processes and computer network(s) are being properly protected? Do you constantly monitor your network for unusual activity and keep your software up to date and apply all security patches as they are issued? Do you have an independent auditor perform regular intrusion testing and inspect your network for vulnerabilities such as out of date software and missing security patches? It’s very important to identify issues and remediate them before they leave you exposed to a hacker.
- Backup and business continuity plan. How resilient are your systems? Is it easy for a hardware failure or a hacker to disrupt your system and take your services down? How quickly can you recover if your systems go down? In order to minimize network downtime and data loss, it’s critical for your system to be backed up—fully and frequently. Where do you store your backup? How fast can you restore your data and restore access to your systems? How old is the backup you restored from (how much data did you lose)? Do you have hardware redundancy (power supplies, disk drives, firewalls, etc.) in order to continue to operate with minor hardware failure? Do you have connectivity failover protocols in case you lose your network provider access? The answers to all of these questions will indicate how resilient you are and how fast you can recover while losing minimal data and be there when your existing and new clients are looking for your assistance.
Hackers are persistent and creative, and legal professionals involved in mass torts and claims settlements are attractive targets due to the concentration of personal data in their possession. Therefore, being good stewards of your firm’s data and your clients’ privacy means that you must ensure that proper cybersecurity measures are in place, monitored and updated frequently. You should make sure that not only your firm, but any vendor or partner with whom you do business, has implemented a comprehensive cybersecurity policy that is solid, current and enforced. This should allow you to rest better and both you and your clients feel secure about the information being stored and shared.