There are many pitfalls lawyers should avoid while traveling that will help to protect your law firm’s sensitive data. In an article in the security current, they discussed a trend of hackers targeting hotel business centers. Members of a criminal gang were recently arrested in the Dallas Ft. Worth area for installing keylogger malware on computers in hotel business centers. In addition to this risk, it’s very easy for lawyers and other professional service providers to have their data compromised when using public wifi networks in hotels, airports, or coffee shops. In addition to the hassle of dealing with a loss of sensitive information, your law firm could be subject to regulatory fines and penalties or could be subject to a legal malpractice claim from one of your clients.
Some of the things you can do to protect your law firm’s information while traveling are:
- Make sure your lawyers cell phones have mobile hotspots enabled. These networks are much more secure than public wifi networks.
- Make sure your e-mail and file sharing systems are secure and encrypted.
- Educated your lawyers on the alternatives to using public wifi and the impact a breach can have on your firm.
- Maintain a comprehensive breach response strategy in the event data is compromised and understand how your legal malpractice policy will respond if at all.
There are always debates about the pros and cons of moving to the cloud and while we have been in favor of law firms making the move for the past 3 years, many others are now coming around. Recently there was an interesting article in Law Technology News, called “5 Reasons to Virtualize Law Firm Computing” (click here for the entire article) that outlined their Top 5 reasons to move to the cloud. While most of the Top 5 are things we’ve heard before like profitability, ease of use, and product offerings, security cracks the list at number four. This is a controversial one as we talk to firms frequently who feel like outsourcing makes their data less secure and reliable. We understand this sentiment but agree that virtualization and moving to the cloud makes your environment more secure.
A vendor who is in the business of providing cloud services to law firms should spend a significant amount of money on security, more than most law firms could find room in the budget for. Additionally, there are many ways you vet your potential technology vendors to find out which ones take data security seriously and which don’t. The alternative for most firms is to buy all of the equipment and hire an IT manager or outsourced IT services provider to manage the on site environment. In most cases, this leaves the keys to the IT kingdom in the hands of one individual which is a significant vulnerability for any law firm. As you’re thinking about moving to the cloud, security should be one of the first things you consider and should definitely be a positive in almost every case.
To read the entire article and see the LTN Top 5, click here.
Mobile breaches have become a growing area of concern in the law firm community. With many firms choosing to allow attorneys and employees to use their own devices, managing those devices is becoming a big challenge. According to a recent study done by Gartner, they estimate that by 2017, 75% of mobile device breaches will be a result of the faulty configuration of applications. As breaches increase and more firms move to allow attorneys to bring their own devices, how will you regulate the use of the applications?
The three steps all firms should take are:
- Create and implement a BYOD policy
- Educate your employees on the risks associated with mobile devices
- Install a mobile device management platform and require the enrollment of all mobile devices
For more information on the Gartner study, click here. Additionally, there was a great article from Law Technology News titled, “Do BYOD Risks Outweigh Benefits?” that you can read here.