Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /home2/redcavel/public_html/wp-content/plugins/revslider/includes/operations.class.php on line 2364

Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /home2/redcavel/public_html/wp-content/plugins/revslider/includes/operations.class.php on line 2368

Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /home2/redcavel/public_html/wp-content/plugins/revslider/includes/output.class.php on line 3169

Warning: Cannot modify header information - headers already sent by (output started at /home2/redcavel/public_html/wp-content/plugins/revslider/includes/operations.class.php:2364) in /home2/redcavel/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831

Warning: Cannot modify header information - headers already sent by (output started at /home2/redcavel/public_html/wp-content/plugins/revslider/includes/operations.class.php:2364) in /home2/redcavel/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831

Warning: Cannot modify header information - headers already sent by (output started at /home2/redcavel/public_html/wp-content/plugins/revslider/includes/operations.class.php:2364) in /home2/redcavel/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831

Warning: Cannot modify header information - headers already sent by (output started at /home2/redcavel/public_html/wp-content/plugins/revslider/includes/operations.class.php:2364) in /home2/redcavel/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831

Warning: Cannot modify header information - headers already sent by (output started at /home2/redcavel/public_html/wp-content/plugins/revslider/includes/operations.class.php:2364) in /home2/redcavel/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831

Warning: Cannot modify header information - headers already sent by (output started at /home2/redcavel/public_html/wp-content/plugins/revslider/includes/operations.class.php:2364) in /home2/redcavel/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831

Warning: Cannot modify header information - headers already sent by (output started at /home2/redcavel/public_html/wp-content/plugins/revslider/includes/operations.class.php:2364) in /home2/redcavel/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831

Warning: Cannot modify header information - headers already sent by (output started at /home2/redcavel/public_html/wp-content/plugins/revslider/includes/operations.class.php:2364) in /home2/redcavel/public_html/wp-includes/rest-api/class-wp-rest-server.php on line 1831
{"id":1636,"date":"2019-02-07T11:54:51","date_gmt":"2019-02-07T11:54:51","guid":{"rendered":"http:\/\/redcavelegal.com\/?p=1636"},"modified":"2019-02-07T15:33:30","modified_gmt":"2019-02-07T15:33:30","slug":"data-security-law-firms","status":"publish","type":"post","link":"https:\/\/redcavelegal.com\/2019\/02\/07\/data-security-law-firms\/","title":{"rendered":"Watch It Now: Data Security for the Modern Law Firm"},"content":{"rendered":"\n

Remember\nwhen George Jetson was tooling around in his mini-spacecraft with his boy\nElroy?<\/a>  That seemed pretty sweet, right?  Well,\n21st century lawyers don\u2019t have it nearly so easy.  It turns out that\nprogress rides along with information security concerns.  Not only that,\nbut regulators (federal, state, courts and ethics authorities) are catching up\nto the fact that lawyers, like any other small business owners, should\neffectively vet software providers for reasonable security applications, and\nalso share responsibility in maintaining their law firm data (really, their\nclients\u2019 data) in a reasonably secure manner.<\/p>\n\n\n\n

Why,\nthen, was \u2018The Jetsons\u2019 all one big lie?<\/a>  Why has your childhood been destroyed?  And, what\ncan you do about it?<\/p>\n\n\n\n

I suppose that curling up into the fetal position and crying\nuncontrollably for several days is one option.  Another is to embrace your\ndata security responsibilities, and determine to kick ass at managing your\nclients\u2019 data better than your rival law firms, and to use that as a\ncompetitive advantage.  That latter choice seems like the better\nopportunity to me.<\/p>\n\n\n\n

Let\u2019s then discuss the practical responsibilities you should be\ncrushing, so you can present yourself as a modern and secure law firm, in order\nto slake the thirst of a consumer public hungry for lawyers that understand and\napply data security tactics.<\/p>\n\n\n\n

Putting Software\nProviders to the Test<\/strong><\/strong><\/p>\n\n\n\n

Some\nstates, like my home commonwealth of Massachusetts, require small business\nowners, including law firms, to vet software providers for effectiveness of\ndata security<\/a>.  But, even if you\u2019re not required to do so by\nstate or federal law, you may be required to do so by your local ethics rules\nor ethics opinions related to the use of cloud-based software \u2014 or, at least,\nthe implication that you must do so will arise.  And,\neven if it\u2019s not a requirement, it\u2019s still probably a good idea<\/a>.  Choose the wrong software vendor, don\u2019t do enough to\nsecure your data, and your professional reputation is at stake.  And, the\nmaintenance of your professional reputation is likely even more important than\nany short-term fines or penalties you may have to pay for a data breach, since\nthat black mark on your effectiveness as a business owner is likely to last\nforever.<\/p>\n\n\n\n

So, the necessary first step, before you look to additional\nmeasures for securing your data, is to find a software provider that already<\/em> provides a highly secure\nenvironment for your law firm information.  To that end, here is a list of\nquestions you should ask of your potential software vendors:<\/p>\n\n\n\n

(1) Does the provider offer two-factor authentication<\/a> for login?<\/p>\n\n\n\n

(2) Does the provider restrict IP addresses?<\/p>\n\n\n\n

(3) Does the provider include features related to the setting of user roles and permissions within the software?<\/p>\n\n\n\n

(4) Does the provider \u2018lock\u2019 the login process after multiple failed attempts?<\/p>\n\n\n\n

(5) Does the provider utilize 256 bit SSL encryption<\/a>?<\/p>\n\n\n\n

(6) Does the provider encrypt data both when it is in transit and when it is at rest?<\/p>\n\n\n\n

(7) Is the software HIPAA-compliant<\/a>?<\/p>\n\n\n\n

(8) Does the provider utilize a geo-redundant server architecture with real-time data backup?<\/p>\n\n\n\n

(9) Does the provider maintain \u2018five 9s<\/a>\u2019 uptime?<\/p>\n\n\n\n

Asking these questions of any potential vendor, and getting a\n\u2018yes\u2019 for all of them, is a beautiful start to your new life as a data\nsecurity-aware lawyer.<\/p>\n\n\n\n

Protecting Yourself . . .\num, from Yourself <\/a><\/strong><\/strong><\/p>\n\n\n\n

Of course, that\u2019s only a start because, even if your chosen\nsoftware vendor provides you with all the tools possible to run a secure and\nstable law firm, user error is the most common entry point for a data\nbreach.  Consider that, even if your software vendor is able to answer all\nof the above questions in the affirmative, that your secretary who chooses \u2018password123\u2019\nfor her password remains a security breach waiting to happen.  So, in\norder to effectively secure your law firm data, it\u2019s not just about relying on\nyour software partners, it\u2019s also about training your staff, and maintaining\nsecurity rules within your law office.<\/p>\n\n\n\n

To that end, here are some tips for better securing your law\noffice data, and preventing user error, also known as boneheadedness:<\/p>\n\n\n\n

(1) Make sure you have a password for your computers that is complex, and preferably that requires capitalization, numbers and\/or special characters.<\/p>\n\n\n\n

(2) Make sure your password hint is not an obvious giveaway for your actual password.<\/p>\n\n\n\n

(3) Make sure that your computer is set to \u2018auto-lock\u2019 after two minutes of inactivity.<\/p>\n\n\n\n

(4) Make sure to manually lock your computer every time you leave your desk.  (For Windows machines, press the Windows button + L simultaneously.  And, for Macs, use Control + Shift + Power simultaneously.)<\/p>\n\n\n\n

(5) Make sure you encrypt your hard drive.  (Here\u2019s how to do it on Windows<\/a>; and, here\u2019s how to do it on a Mac<\/a>.)<\/p>\n\n\n\n

(6) Make sure to have two-factor authentication actually<\/em> enabled on all software, including your law practice management software, productivity software, accounting software and CRM.<\/p>\n\n\n\n

(7) Do not use the same password for every login.  (If your passwords are becoming overburdensome, consider a password management tool<\/a>.)<\/p>\n\n\n\n

(8) Beware of \u2018phishing\u2019 emails<\/a> that ask you to download a file \u2014 even when those emails appear to come from clients or colleagues you have worked with before.  (Remember that email addresses can be masked.)<\/p>\n\n\n\n

(9) Moreover, never download a file that comes from a questionable source. <\/p>\n\n\n\n

(10) Make sure to regularly run your system updates on all of your computers.<\/p>\n\n\n\n

(11) Use reputable antivirus and malware software, with up-to-date virus definitions.<\/p>\n\n\n\n

. . .<\/p>\n\n\n\n

If you\u2019re looking for a technology partner who\u2019s as concerned\nabout law firm data security as you are, consider Practice\nPanther<\/a> for law practice management.  If you want to\nfind out what they\u2019re all about, schedule a product demo via this\nlink<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Law firms are required to keep their online data secure. This seems like a daunting process, but we\u2019be got some practical tips to help you improve your data protection systems.<\/p>\n","protected":false},"author":1,"featured_media":1637,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","footnotes":""},"categories":[445,46],"tags":[98,64,60,451,91,450],"jetpack_featured_media_url":"https:\/\/redcavelegal.com\/wp-content\/uploads\/2019\/02\/Data-Security.jpg","_links":{"self":[{"href":"https:\/\/redcavelegal.com\/wp-json\/wp\/v2\/posts\/1636"}],"collection":[{"href":"https:\/\/redcavelegal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/redcavelegal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/redcavelegal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/redcavelegal.com\/wp-json\/wp\/v2\/comments?post=1636"}],"version-history":[{"count":2,"href":"https:\/\/redcavelegal.com\/wp-json\/wp\/v2\/posts\/1636\/revisions"}],"predecessor-version":[{"id":1640,"href":"https:\/\/redcavelegal.com\/wp-json\/wp\/v2\/posts\/1636\/revisions\/1640"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/redcavelegal.com\/wp-json\/wp\/v2\/media\/1637"}],"wp:attachment":[{"href":"https:\/\/redcavelegal.com\/wp-json\/wp\/v2\/media?parent=1636"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/redcavelegal.com\/wp-json\/wp\/v2\/categories?post=1636"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/redcavelegal.com\/wp-json\/wp\/v2\/tags?post=1636"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}