Data security is essential to law firms for apparent reasons. Over the years, I’ve received plenty of emails asking how law firms can ensure their data is secure. So it’s a good time to write an article on the subject.
Back in 2014, the infamous “Heartbleed Bug” impacted roughly 66 percent of the internet. It was massive, and unfortunately, even years after — many businesses still haven’t learned the lesson:
If it happened once, it can certainly happen again.
You’re likely more impacted by it than you realize. For example: Do you host your email with GoDaddy? Many attorneys do. Heartbleed impacted GoDaddy heavily, and many attorneys felt the results of it soon after the incident.
So to prevent the same from happening to you, let’s look at four ways for attorneys to secure your firm’s data.
Data Security: A Long-Standing Problem for Attorneys
Firms have been concerned with data security for as long as there have been lawyers.
If you practiced in the 1700s, you ended the day by taking off your barrister’s wig, putting away your quill pen, and locking your documents in a file drawer. That lock served as a form of data security.
But instead of a key, today’s attorney needs to be careful about how their data is secured online.
Attorneys handle sensitive and valuable information. Unfortunately, there are plenty of people out there trying to get your data for a slew of malicious reasons.
And the worse news?
The vast majority of attorneys are behind the times in regards to security. They’re not only vulnerable, but much more vulnerable than they realize.
Following the steps I’m about to give will make your data more secure. In other words, when the shifty characters come-a-hacking’ they’ll feel like they’ve run into this guy:
Make Your Information More Secure By Utilizing The Cloud
Many lawyers I’ve talked to claim their firms are more secure because they don’t use many cloud services.
Here’s a news flash: The cloud is MORE secure than your office’s server!
In your office, you have two main types of security threats. One is the risk of employees downloading viruses/malware/keyloggers, etc., that will corrupt or steal your information.
How many law offices do you know that claim to have had problems with viruses? I could list quite a few.
The second is the risk of employees giving out passwords or other sensitive information in response to phishing scams (such as when someone gets a phony email claiming to be from a service provider, asking to reset a password, and the employee enters the information).
Migrating data to the cloud eliminates the first of these threats.
When you move your information onto web servers, you significantly reduce the risk of local viruses corrupting or stealing your data. The system security relevant to that information is now taking place at the cloud level.
I use Gmail as my email provider. If I were to get a virus on my machine, it can’t corrupt my Gmail data in the way it could the local data files associated with a program like Outlook. One problem solved.
I understand the logic behind many attorneys thinking, “what if the cloud service gets hacked?” This is a valid point as there have been plenty of high-profile hacks in the last few years.
There are two flaws with this “anti-cloud” argument:
First, you’re more likely to have local security issues, such as malware, than a cloud service is to be hacked.
Second, the server in your office can be hacked as well, and I’ll bet it’s not as secure as those run by companies like Google and Amazon.
The truth is that the “cloud” is a safer place for your data. Now, here are four tricks for securing that cloud data.
Lawyers Should Use SpiderOak for Document-Syncing
Replacing that virus-collecting, ever-crashing, money-wasting office server where you store your documents is an enormous enormous step in the right direction.
Migrating to a cloud syncing solution eliminates headaches (no more server crashes) and makes you more secure.
We’re all familiar with syncing services such as Dropbox. The best option for lawyers, however, is the syncing service provided by SpiderOak. Unlike other companies, SpiderOak encrypts data from your computer before pulling up to the company’s server.
This means that your documents are stored in an encrypted form, and they couldn’t be accessed even if someone hacked the company.
They also can’t be accessed by SpiderOak. Furthermore, the company never saves your password, so you don’t have to worry about that information ever falling into the wrong hands.
Here’s a video on the company’s security guarantee.
Plus, this service supports two-factor authentication (discussed below).
SpiderOak and two-factor security are like must-haves for those who want their data secure.
Consider Switching to a Password Service Like Lastpass or KeePass
Do you use the same password repeatedly for different websites?
Many people do. But when that password gets compromised, the people obtaining it can access many of your services.
Password managers will generate a random password for each site you log in to and remember them for you.
Lastpass is an excellent service for this. While I prefer Keepass, as it’s even more secure, it can be a bit cumbersome for non-techie attorneys. You may want to give LastPass a try.
Enable Two-Factor Authentication to Keep Your Firm More Secure
Two-factor authentication means an account can’t be accessed even if someone has the password.
If two-factor authentication is enabled, then someone trying to access your account must have a random code that is sent to your cell phone after they enter your password.
The code is only suitable for about 45 seconds before they would need a new one. In other words, someone can’t access an account unless they have your password AND they’ve stolen your cell phone.
Most services offer this as an option (or requirement), so it shouldn’t be hard to put into place.
Following these four steps — moving to the cloud, storing documents with SpiderOak, using a keyword manager, and enabling two-factor authentication will improve your security. It will be like you’re practicing law inside of this place:
What are your thoughts on moving to the cloud? Please chime in through the comment section below.
Bonus tips: Switch your Law Firm’s standard OS to Linux to make it even more secure, I’ve even written a few guides on it that you can check out here: