Is Your Data Secure?
With great power comes great responsibility. Folks in the legal field are required to keep certain communications and information a secret from non-clients. You need to understand, given your position of trust, that the convenience and speed of e-mail, computers, mobile devices, and the Internet come with a price. The price is your ongoing responsibility to take prudent steps to safeguard your clients’ information and communications.
Prudence, ethics, reasonableness and the law require you to have an increasing level of competence about, among other things, cybersecurity: e-mail security, backing up of digital files, secure disposal of saved information and how to reduce the risks inherent with the increasing connectivity of computers and devices.
While hackers certainly pose a security risk to your practice, so do lost mobile devices, emails mistakenly sent to the wrong party, unrecoverable data due to faulty or non-existent backups, and use of free wifi at your local Starbucks.
Following are top security tips so that you can start to implement better security safeguards in your practice today.
#1 Strong Passwords. A strong password can drastically reduce the risk of unauthorized access to your firm’s data. It’s probably the single most important step you can take now to protect your data ( If you need any convincing, try out a few of your current passwords on this site:https://howsecureismypassword.net.)
What are the essential elements of a strong password?
It is unique; used for one service only .
It is long and uses multiple characters.
It is not a common word or phrase (i.e. “password” or “monkey”); or, one of the passwords on this list of common passwords.
The best password is one that is randomly generated. A password manager can generate random passwords, as well as store and organize all your passwords, requiring only one master password to access your safe. Thus, you need not remember all your passwords nor do you need to keep them on sticky notes next to your computer (not exactly the safest option). Some of the top password manager programs include 1Password,LastPass, KeePass, and Dashlane.
#2 Two-Factor Authentication. When you store data in the cloud, you lose some control over that data. Thus, you want to take extra steps to protect that data. Using two-factor authentication provides that extra protection.
A basic example of two-factor authentication is the use of your ATM card to retrieve money from an ATM – first, you must swipe your card, then you must enter your PIN number. Two-factor authentication access requires something you know (i.e. PIN or password), in addition to something you have in your physical possession (i.e. your ATM card or cell phone), resulting in a stronger security barrier. Popular cloud-services, such as Google, Dropbox, and Evernote, all provide two-factor authentication for users.
#3 Backups. A scenario more likely to hit your law office than a breach is the loss of data due to some disaster or computer failure. You should have a redundant backup system as a failsafe. Ideally, electronic data should be backed up regularly through a combination of physical hard drives and cloud providers. Seagate, Western Digital, and Drobo are some of the top external hard drive brands. A few cloud back-up providers include Mozy,Carbonite, Crashplan, and Backblaze .
Further, there are services that offer combo packages for physical plus cloud components, such as SpaceMonkey. Don’t confuse cloud storage services like Dropbox and Google Drive with a dedicated backup cloud service. Using a cloud storage service as your backup is akin to having a real estate attorney draft a special needs trust. The purpose of Dropbox and Google Drive services is to sync files across systems, not to act as a backup system.
If you delete a file on one device, it will be deleted on all other devices (including in the cloud). And, you shouldn’t count on it remaining in your trash folder (ex. Dropbox permanently deletes files in the trash after 30 days). Once you’ve secured your backups, remember that they won’t do you any good unless you test them by conducting periodic restores of non-essential data. In the event of an unexpected data loss, you should know precisely how to access and restore your data in just a few simple steps .
#4 Computer Updates. Your computer and mobile devices should be running the most up-to-date systems, software, and anti-virus programs. Developers constantly update software to both increase performance and to enhance security. Set your computer to automatically check for system and software updates, and then install those updates when prompted. This applies to your mobile devices as well. Pay attention to notifications on your device and install updates when they become available.
#5 Secured Networks. Ensure that your wireless network is set up securely. Change your router’s default password and enable WPA or WPA2 encryption. Confirm that your router is running the most up-to-date firmware.
For extra protection, configure your router to whitelist all your office computers and devices (using their MAC address – Media Access Control Address) so that even if a hacker was within range of your network it would need to break the encryption in addition to have the MAC address of one of your devices listed.
When you are out of your office, don’t use unsecured networks (ex: free wifi). If you must, at the very least set up your computer’s firewall protection. Alternatives to using free wifi include setting up your own private VPN connection with a service such as Cloak, using a portable router to establish a private connection, such as with the D-Link DIR-510L, buying a MiFi device from a mobile carrier, or activating your mobile phone’s tethering plan.
#6 Encryption. Encryption is one of the best methods of protecting your electronic data.It takes the contents of a document and scrambles it such that it is rendered unreadable. What can and should be encrypted? New York State enacted the Personal Privacy Protection Law (Public Officers Law, Article 6-A, sections 91-99) in 1984 to recognize public concern about privacy and the relationship between government and the people.
Certain personal information that travels wirelessly must be encrypted. That might encrypt and attach a document to an email. Fortunately, it is not difficult to encrypt electronic information. You can encrypt documents with tools native to a Mac computer and with programs such as Adobe Acrobat for a PC. Both Mac and PC computers also have tools (FileVault and BitLocker, respectively) to enable full-disk encryption, that is, encryption of your entire hard drive and attached external drives such as a USB device or external backup drive.
#7 Policy and Training. Your firm should have a policy that sets out how your it safeguards confidential information, which might include necessary training for staff on how to manage firm-wide network security as well as training for individual staff computer use (i.e. passwords, computer updates, log-off requirements), encryption procedures, protocols for protecting mobile devices that access firm information, handling of third-party access to data (i.e. cloud storage providers), and remediation procedures in the event of a data breach.