Everyone who has watched a courtroom drama on TV knows that all communication between an attorney and a client is privileged information that is confidential and not permitted to be used against a lawyer’s client. Confidentiality is central to the attorney-client relationship, while also an ethical responsibility. It is a thing that all lawyers promise their clients.
In fact, some attorneys go to extraordinary lengths to protect client data. Sadly, many lawyers have not kept up with securing client data in the age of digitalization, and reports of law firms being hacked or subject to ransomware are rising.
The Problems With Data Security for the Legal Profession
Regardless of size, most legal firms, from large national and international law firms to a solo practitioner, all use the internet. Some use it for communications and research, and some also use the internet as a means to store client files – the betting is that by 2020 all attorney offices will be fully computerized.
When records and data are stored on your own computer server or on a Managed Service Provider (MSP) server in the “cloud,” they can be vulnerable to cyber criminals. While record theft could lead to a breach of client confidentiality, the threat of ransomware is real and costly. Ransomware is when a cyber criminal targets attorneys’ records and operating systems, locking them out of their own data and software. To get the system and data back, victimized lawyers must pay a fee to the black hat hacker or hacker group that took their data and system hostage. When ransoms are paid, victims usually get back their data and system, but, unless the files are well-encrypted, client confidentiality might be breached.
According to the rules of the American Bar Association, Rule 1.6(c) tells lawyers that:
“A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
Reasonable efforts mean that a law firm must try to anticipate how someone could gain access to its client’s data and protect against that from happening.
How to Protect Your Legal Client Data
Following are some tips for keeping legal client data safe.
File encryption is easy to do, especially for small and midsized law firms. Whether a firm uses Apple or Windows computers, both allow for file encryption within the operating system. In addition, there are programs available for file encryption too.
Encryption does not affect the way a firm’s computer operates, except that users must know the encryption key to make sense of the files on the system.
Use a Virtual Private Network
When files are stored on a server that can be accessed from anywhere, there is a temptation to do some work over coffee where Wi-Fi can be accessed. Anything a lawyer does or writes while on a public internet Wi-Fi connection is visible to others on the network. To avoid this, only connect when you can use a Virtual Private Network (VPN). This is a secure line to the web and does not permit other users on the same network to see your stuff without your permission.
Two-factor authentication or authorization is a method for logging into a computer and a firm’s important services. It requires an additional piece of information that can be a generated code that users automatically get on their cellphone as a text message. Some firms have gone further and are using unique biological markets such as fingerprints, keycards or retina scans. While two-factor authentication is a little more work for logging into a system or program, it is a lot more secure than the standard username-password combination.
Passwords are of paramount importance for a legal practice. It is surprising how many people use a combination that is easy to guess, such as Password or 12345. Even a child’s name and birth date are not secure. A secure password is one that has a random mixture of capital and lowercase letters, some numbers and at least one symbol.
Passwords should be changed monthly to keep them secure. You can find free password generators online to do this for you. In addition, do not use the same password for other accounts – each login should have a unique password.
Services Provided by a Managed Service Provider
Security is a service offered by most MSPs. The beauty of an MSP is that you only pay for IT services you want them to provide. Most are cloud based with very strong security protecting them. It is an affordable solution to the ever-changing tactics of cyber criminals.
In Indianapolis, C.D.'s IT Consulting LLC is the go-to company for staying ahead of the latest information technology tips, tricks and news. For more information, call us at (317) 522-1362 ext 2 or send us an email to firstname.lastname@example.org.