Monday, September 30, 2019

Protecting Clients from Hackers and Data Breaches

By Andrew Malia

Attorneys are understandably concerned about the security of their clients’ data and their liability if they suffer a data breach. The need for law firm data security is more important than ever. With data breaches becoming a common occurrence, modern lawyers must consider the threat of having their information stolen or compromised. The American Bar Association’s Model Rule 1.6(c) states,

“A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”

The definition of “reasonable efforts” is left vague, so it’s up to each attorney to make sure they are doing all they can. Hackers are getting smarter all the time. Preventing data breaches and other unauthorized access to client information can be difficult. There are some simple steps you can take, however, to reduce your chances of being affected.

Document Security
You can make sure your data is protected by securing the files you send to clients. Sending sensitive data over email is risky because hackers have the potential to obtain information about your clients or your business. A phishing attack is when a hacker tricks you into entering your email password on a website they own. Accidentally giving your password to a hacker can be devastating if you are not prepared. When every file you have sent to your clients is stored in your email, a hacker has complete control if they obtain your email password. With access to this sensitive information, they can use it against you, your staff, your law firm, or your clients. They can also use your email contact list to spread their malware to your clients and coworkers.
Email impersonation is on the rise, especially for law firms. In this type of fraud, a hacker will buy a domain name that nearly matches your firm name and send documents to clients or ask them to transfer payment to a bank account. An unsuspecting client might send personal information to these hackers without realizing the scam.

An alternative to sending files through email would be to use a secure document portal. There are many types of systems to manage your documents, with the most popular options being Google Drive and Dropbox. There are also systems designed specifically for lawyers that integrate with your chosen practice management software. These portals are more secure than email, and you can grant or revoke access to files at any time. In addition, your clients will know that any documents coming from you will be accessible only on your portal and will be suspicious of any emailed documents sent by impersonators. Make sure your chosen document portal meets American Bar Association law firm data security standards.

Data Storage
One of the worst-case scenarios for your law firm would be to lose access to all your case and client data. This situation is always a possibility when you store everything on physical servers or hard drives in your office. Among the worst-case scenarios, fire or flood in your office can wipe out your physical servers, and you can lose all your firm’s data. If you do decide to use physical servers, an off-site backup is essential.

Ransomware is a relatively new threat, but it’s no less dangerous for your firm. In ransomware attacks, a hacker accesses sensitive data on your server (such as client financial information) and threatens to release or sell it until you pay a cryptocurrency ransom. Another method is for the hacker to lock your servers, holding your information hostage, and preventing work from being done until you make a payment. If you decide to use a physical server, you must maintain a talented and experienced IT professional or team who can prevent ransomware attacks.

Cloud Server
Rather than paying for expensive servers, backups, and IT staff, there is a more straightforward solution to keeping your firm’s data secure. Storing your data on the cloud can provide bank-level law firm data security without the extraordinary price tag. Small firms and solo practitioners often cannot afford to pay for top-of-the-line data management and security for physical servers. Storing data in the cloud can give attorneys the same level of protection for a fraction of the price.

Amazon Web Services is one of the top cloud computing companies. When you store data with Amazon, you’ll be getting the best combination of security and reliability available. Best of all, you don’t have to break the bank to have your data protected by the same company that manages the data of Fortune 500 companies and government agencies. Moving data to the cloud is becoming more common every year. It could be the perfect time to make that switch and protect your practice from the many risks of a physical server.

Cloud servers, however, are not without their disadvantages. Since they are accessed via the internet, you could suffer downtime if your internet connection is slow or spotty. Cloud servers also might not provide the same flexibility and control as a physical server. Your IT professional may be more comfortable working with a physical server. As with everything, do your research and make the best decision for your firm. When shopping for cloud practice management systems, ask the company for details about their cloud providers, including server location, average uptime, and data security.

Whether it’s hackers, ransomware, or physical dangers like fire and flood, the threats to law firms are more severe than ever. Cloud document and data storage can be a solution for law firms looking to provide their clients with more security. If you’re working with a reputable cloud company, cloud servers will be more secure, more reliable, and more trustworthy.

Andrew Malia is a content specialist at LEAP Legal Software. LEAP is the all-in-one practice management software for law firms in Massachusetts. LEAP’s cloud-based solution gives lawyers everything they need to make more money, including automated Massachusetts legal forms, cloud storage, document management, trust accounting, billing, reporting, and a mobile app. Find out more about LEAP at www.leap.us.