By Andrew Malia
Attorneys are understandably concerned about the
security of their clients’ data and their liability if they suffer a data
breach. The need for law firm data security is more important than ever. With
data breaches becoming a common occurrence, modern lawyers must consider the
threat of having their information stolen or compromised. The
American Bar Association’s Model Rule 1.6(c) states,
“A lawyer shall make reasonable efforts to
prevent the inadvertent or unauthorized disclosure of, or unauthorized access
to, information relating to the representation of a client.”
The definition of “reasonable efforts” is left
vague, so it’s up to each attorney to make sure they are doing all they can. Hackers
are getting smarter all the time. Preventing data breaches and other
unauthorized access to client information can be difficult. There are some
simple steps you can take, however, to reduce your chances of being affected.
Document Security
You can make sure your data is protected by
securing the files you send to clients. Sending sensitive data over email is
risky because hackers have the potential to obtain information about your
clients or your business. A phishing attack is when a hacker tricks you into
entering your email password on a website they own. Accidentally giving your
password to a hacker can be devastating if you are not prepared. When every
file you have sent to your clients is stored in your email, a hacker has
complete control if they obtain your email password. With access to this
sensitive information, they can use it against you, your staff, your law firm,
or your clients. They can also use your email contact list to spread their
malware to your clients and coworkers.
Email impersonation is on the rise, especially
for law firms. In this type of fraud, a hacker will buy a domain name that
nearly matches your firm name and send documents to clients or ask them to
transfer payment to a bank account. An unsuspecting client might send personal
information to these hackers without realizing the scam.
An alternative to sending files through email
would be to use a secure document portal. There are many types of systems to
manage your documents, with the most popular options being Google Drive and
Dropbox. There are also systems designed specifically for lawyers that
integrate with your chosen practice management software. These portals are more
secure than email, and you can grant or revoke access to files at any time. In
addition, your clients will know that any documents coming from you will be
accessible only on your portal and will be suspicious of any emailed documents
sent by impersonators. Make sure your chosen document portal meets American Bar
Association law firm data security standards.
Data Storage
One of the worst-case scenarios for your law firm
would be to lose access to all your case and client data. This situation is
always a possibility when you store everything on physical servers or hard
drives in your office. Among the worst-case scenarios, fire or flood in your
office can wipe out your physical servers, and you can lose all your firm’s
data. If you do decide to use physical servers, an off-site backup is
essential.
Ransomware is a relatively new threat, but it’s
no less dangerous for your firm. In ransomware attacks, a hacker accesses
sensitive data on your server (such as client financial information) and
threatens to release or sell it until you pay a cryptocurrency ransom. Another
method is for the hacker to lock your servers, holding your information
hostage, and preventing work from being done until you make a payment. If you
decide to use a physical server, you must maintain a talented and experienced
IT professional or team who can prevent ransomware attacks.
Cloud Server
Rather than paying for expensive servers,
backups, and IT staff, there is a more straightforward solution to keeping your
firm’s data secure. Storing your data on the cloud can provide bank-level law
firm data security without the extraordinary price tag. Small firms and solo
practitioners often cannot afford to pay for top-of-the-line data management
and security for physical servers. Storing data in the cloud can give attorneys
the same level of protection for a fraction of the price.
Amazon Web Services is one of the top cloud
computing companies. When you store data with Amazon, you’ll be getting the
best combination of security and reliability available. Best of all, you don’t
have to break the bank to have your data protected by the same company that
manages the data of Fortune 500 companies and government agencies. Moving data
to the cloud is becoming more common every year. It could be the perfect time
to make that switch and protect your practice from the many risks of a physical
server.
Cloud servers, however, are not without their
disadvantages. Since they are accessed via the internet, you could suffer downtime
if your internet connection is slow or spotty. Cloud servers also might not
provide the same flexibility and control as a physical server. Your IT
professional may be more comfortable working with a physical server. As with
everything, do your research and make the best decision for your firm. When
shopping for cloud practice management systems, ask the company for details
about their cloud providers, including server location, average uptime, and
data security.
Whether it’s hackers, ransomware, or physical
dangers like fire and flood, the threats to law firms are more severe than
ever. Cloud document and data storage can be a solution for law firms looking
to provide their clients with more security. If you’re working with a reputable
cloud company, cloud servers will be more secure, more reliable, and more
trustworthy.
Andrew
Malia is a content specialist at LEAP Legal Software. LEAP is the all-in-one
practice management software for law firms in Massachusetts. LEAP’s cloud-based
solution gives lawyers everything they need to make more money, including
automated Massachusetts legal forms, cloud storage, document management, trust
accounting, billing, reporting, and a mobile app. Find out more about LEAP at www.leap.us.
