Securing your law firm’s data entails both preserving and limiting access to it.
Limiting Access
This entails both authentication – keeping unauthorized users from accessing your firm’s data – and encryption – preventing unauthorized users who access your data, from reading it.
Authentication
Authentication take many forms, from the code to have to enter to withdraw money from an ATM, the two-factor authentication (2FA) needed to view your bank account online, the ID card you have to swipe to gain entrance to your office building, etc. Each of these confirms that that user has permission to access the information or location they’re attempting to access.
Tools & Tips for Authentication
- Turn on 2FA where available
- Lock your phone with a PIN code
- Require a a strong password on your Computer
- Use a Password Manager, so you don’t have to memorize or write down your strong password.
Encryption
To obfuscate information that an unauthorized user might gain access to, the sending party generally encrypt it with a cipher, and the recipient(s) will decrypt it to view it. Further, data has to be encrypted both when it’s at-rest, and while it is in-transit.
1. Data at-rest
Data at-rest refers to is ‘sitting’ on your computer, phone, cloud server, practice management system, etc. It may even be in all of those places at once. If it’s confidential or sensitive information – client data, PHI, SSNs, etc. – you have to protect it in all of those places.
To protect data at-rest:
- Limit User access to files
- Encrypt Sensitive Files
- Encrypt Folders that contain Client Data
2. Data in-transit
Data in-transit is moving over your local network, or across the internet. Encrypting it will thwart any party that intercepts it.
To protect data in-transit
- Use SSL when transferring information (HTTPS websites)
- Use a VPN whenever you’re on a public network, i.e., using your laptop at Starbuck’s or the airport
- Encrypt the contents and attachments of sensitive emails.
Information Integrity
In addition to maintaining the confidentiality of client files, lawyers also must maintain the integrity of them, as well. This means not losing or corrupting the data, if it is stolen, lost or accidentally deleted.
This entails copying your firm’s data, and storing it in a secure place(s), which is/are easy for you to access (but hard for unauthorized users to access. You should maintain at least two backups, one local, i.e., a thumb or flash drive, and one off-site, i.e., a cloud storage facility.
To maintain data integrity:
- Maintain a local, real-time backup
- Use an offsite back-up
- Periodically test your back-ups
FURTHER READING
What You Need to Know About Data Security for Law Firms
How to Protect Legal Clients’ Confidential Data | Digital Guardian
How to Close Your Law Firm’s Cybersecurity Gaps & Protect Client Data