How to Run a Law Firm Securely in 2017

In 2015, 594 million people worldwide were affected by online crime. Consumers lost $158 billion to cybercrime over the same period.

In other words, cybercrime is serious, and given the sheer amount of sensitive information law firms handle, they need to be extra vigilant when it comes to cybersecurity. It can be difficult to stay on top of changes in technology and new risks, but if you’re a lawyer, keeping up to date with technology is increasingly becoming a core responsibility rather than an extra precaution.

More and more states (27 to date) have adopted the duty of technology competence. Moreover, other rules that affect how lawyers interact with technology are getting more specific—in May 2017, the American Bar Association (ABA) issued a new ethics opinion, Formal Opinion 477, which further stresses the need to take additional security precautions (e.g., encryption) in certain situations.

To stay ahead of the curve and stay compliant—and, more importantly, to protect your firm from the risk of a data breach—you need to make data security and confidentiality a top priority in 2017 and beyond.

To guide you, we’ve compiled a list of tips you can easily implement to make your law office more secure:

1. Have a bring-your-own-device policy

If your law firm lets employees use their own devices for work, but doesn’t have a proper mobile device management policy, you’re exposing yourself to a myriad of potential risks. For example, apps are a huge access point for cyberattacks. Some ask for more information than you might think and, if they’re poorly secured, can introduce viruses to mobile devices. Simple passwords and a lack of extra controls such as two-factor authentication are also a major source of risk, as simpler passwords are easier to hack.

Setting clear expectations about how employees may use their personal devices to access firm information can go a long way towards keeping your law firm more secure.

What you can do:
  • Create a bring-your-own-device (BYOD) policy, including a list of approved applications that employees may use.
  • Install Mobile Device Management (MDM) software on every device. This will allow you to remotely wipe a device in the event that it is lost or stolen.
  • Require employees to work with your IT department to create complex, strong passwords on all company-related programs.
  • Encrypt and password-protect all company data used on mobile devices

2. Check third-party vendors at the door

Working in a busy law firm usually requires outsourcing some of your daily tasks such as e-discovery, research, and other services to third-party vendors. These vendors must be chosen carefully, as you’ll need to ensure their security practices are robust enough to keep your firm data safe. Even if you have a comprehensive cybersecurity regime set up within your company, the outside vendors you work with may not have the same standards.

What you can do:
  • Assess whether individual vendors store, analyze, or come into contact with confidential data.
  • Include in all vendor contracts a requirement for proper security measures to prevent unauthorized access.
  • Review vendor contracts for indemnification clauses and liability limitations with regard to who will be responsible in the event of a breach.

3. Educate staff on the importance of cybersecurity

Thoroughly training your staff on best practices for data security is key for keeping your firm’s information safe. Security is the responsibility of every member of your legal team, but this can easily be forgotten at growing firms with lots of employees. Everyone in your office must be aware of potentially-risky activities—both in and outside of work.

What you can do:
  • Educate your staff on policies and practices the firm expects, including email and internal communications, application usage, and social media policies.
  • Regularly perform checkups on your firm’s data security policies to make sure they’re up-to-date and robust.

4. Encrypt everything

For lawyers, keeping client and firm information confidential is essential. A data breach not only reflects badly on your firm, it could count as a breach of client confidentiality and potentially lead to an ethics complaint. To protect your highly-sensitive documents, it’s best to adopt a solid encryption service for all your communications. For example, services such as Trustifi encrypt, track, and postmark your most important email communications to keep them safe, no matter what.

What you can do:
  • Find and use a trusted encryption service for all company communications, preferably one that employs two-factor authentication.
  • Turn on encryption for all firm laptops and mobile devices (and require staff to turn it on for their personal devices if you’re doing BYOD).

5. Set up a recovery strategy

On top of all the measures you need to take to prevent a data breach, you’ll still need to prepare for a potential data breach by preparing a detailed data-recovery plan. If all else fails, backing up all of your important documents can save you time, money, and most importantly, stress.

What you can do:
  • Regularly backup your firm’s data. (Clio’s data escrow service is one option to consider here.)
  • Store your backup information on secure, off-site servers for more secure protection of all your files.
  • Obtain proper cyber liability insurance, to further mitigate risk for your business in the event of a cyberattack.

Implementing these tips and strategies may seem like a lot of work, but make no mistake, that danger is real. So put these plans into action, and build better security infrastructure for your business. Your law firm, and your sanity, are definitely worth the effort.

Categorized in: Business

Get key data insights to drive law firm success

Learn what makes today's legal consumer hire and recommend you (and much more) in the 2019 Legal Trends Report.

Get Your Free Copy