Sure, I believe in aliens<\/a>.\u00a0 I love \u2018The X-Files’<\/a>.\u00a0 I\u2019ve even been to Roswell<\/a>.<\/p>\n But, you know what\u2019s alien to a not insignificant number of small law firms?\u00a0 Effective data controls.<\/p>\n To that end, I intend to examine three potential security loopholes, and then the methods to close them.<\/p>\n Logging In.<\/strong>\u00a0 There are a number of ways you may be failing to properly secure your hardware and software — the chief access points for the majority of your law firm data.\u00a0 The good news (if this is bad news for you) is that tweaking some of your existing protocols can go a long way to beefing up your existing protections against data breach.\u00a0 The most obvious method is to create more secure passwords, and require your team to do the same<\/a>.\u00a0 People use simplistic passwords because they\u2019re easy to remember; but, those same passwords are easy to crack.\u00a0 Many lawyers operate on the thesis that, if one simple password is easy to remember for one<\/em> program or device, then that same simple password will be similarly easy to remember across multiple<\/em> programs and devices.\u00a0 If you\u2019re using the same password across a number of programs and devices, you\u2019re exposing a large swath of your data in what would otherwise be a single, controlled breach — there\u2019s a reason jailors have massive key rings and for each cell being tied to a single key.\u00a0 If you\u2019re having trouble remembering the multitudes of passwords you must recall, try a password manager<\/a>.\u00a0 This is a good guide for crafting more complex passwords<\/a>\u00a0<\/strong>— which don\u2019t, by the way, have to<\/em> include a bunch of special characters<\/a>.\u00a0 Beyond passwords, adding a second factor of authentication<\/a>, where available, will better secure your accounts.\u00a0 The most common second factor (in addition to a password) is a texted access code.\u00a0 The theory behind this measure is that, even if a hacker does figure out your password, that same hacker is not very likely to also possess your phone — though, there are potentially stronger options available<\/a>.<\/p>\n Screening.<\/strong>\u00a0 Controlling access to internal systems is also important, especially given the rising use of case management programs\u00a0by law firms<\/a>.\u00a0 While this is often an issue viewed through the prism of ethics, there are other concerns at play, as well.\u00a0 A driving theory behind data management is that access should be given to those who require it to perform a job, to the exclusion of others.\u00a0\u00a0 Limiting engagement on matters only to those who need<\/em> to access those matters limits the possibility of breach by limiting the number of parties who could easily effectuate it.\u00a0 Reducing associate access to only those matters on which associates are directly working offers less exposure to your complete client lists and contacts, which would otherwise be more easily accessible by a break-off firm.\u00a0 Effectively screening support staff from accounting features and reports could save you from becoming the victim of embezzlement.\u00a0 It may go without saying that eliminating access for departing staff as soon as practicable is a protective measure that law firms would be negligent in waiting on employing.<\/p>\n Let\u2019s Get Physical<\/a>.<\/strong>\u00a0 Even at this late date, most law firms are not entirely paperless, such that access controls should extend to the paper files that law firms maintain — even where there exist a limited number of those files.\u00a0 Paper files are not subject to global exposure, like electronic data is; but, paper files are far easier to remove from a physical space, and are much harder to track if lost, mislaid or stolen.\u00a0 Lawyers tend to leave paper files that they work on out on their desks.\u00a0 Those documents are prime targets for being swiped; so, file all your paper documents before going home for the night.\u00a0 Use file cabinets that lock, and actually lock them.\u00a0\u00a0 Make sure that associates and staff are aware of the need for securing confidential paper-based data, too; create a policy respecting the firm\u2019s treatment of such documents.<\/p>\n It\u2019s easy to overlook information security — until you\u2019ve had a breach.\u00a0 Not every breach is preventable; but, if you can stop those that are, and install a response and recovery plan for those that aren\u2019t, you will have shown your commitment to your clients, and will have met your ethical and legal obligations.<\/p>\n . . .<\/p>\n Liner Notes<\/em><\/p>\n Speaking of aliens . . .<\/p>\n
![Sure, I believe in aliens<\/a>.\u00a0](\"\/\/i1.kym-cdn.com\/photos\/images\/facebook\/000\/158\/329\/9189283.jpg\"){kind=link}