Network security requirements for law firms are similar to that of other businesses, with the exception of attorney-client confidentiality. It's important for clients to feel safe when transferring, or verbalizing, privileged information to their lawyer. Files stored should be secure, and best practices for IT security should be a top priority for firm CIOs, CTOs, and partners. In fact, according to the ABA Model Rule 1.6(c) “[a]lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” In this post we'll cover three IT best practices your law firm might be missing.
1. Information Technology Should Be Everyone's Problem
Offloading responsibility for IT security to the IT Manager seems like a standard practice; however, everyone in the firm is responsible for keeping client information secure, and preventing a network breach. All employees should complete IT security awareness training, and renew their training annually.
Department managers handling human resources, finance, office management, operations and communications should also bear responsibility for understanding IT security and how to prevent a breach. Office managers may be responsible for transmitting paper files correctly, while the operations manager may have to properly dispose of a networked copier or printer hard drive. Human resources will need to review IT policies with newly hired employees, while the communications manager should have a media crisis plan in place in the event of a breach. Everyone in the firm has a role in preventing cybercrime.
2. Get Hacked
If your firm is catering to high profile clients you're most certainly vulnerable to a direct hack to your network. By scheduling an Ethical Hack you can discover the holes in your network. Ethical hacking is a way for certified ethical hackers (these are the good guys) to review your network and tell you where your network vulnerabilities are. Ethical hackers will use a series of methods to try to penetrate your network including: internet searches, social engineering, network scanning, open port detection, and more.
3. Clean Out Those Closets
Many law firms rely on on-premise IT infrastructure to manage their day-to-day network operations. Often servers are stored in small rooms, or even closets. Physical servers could pose a threat to your network if they're not properly stored, monitored, and kept at a cool 68 degrees Fahrenheit.
Review your current network design and determine if your hardware and software is outdated. Take a look at your server area and review the policies you have in place for physically accessing servers. If your servers are physically accessible by all employees then your firm is already vulnerable. Consider adding key fob access to your server room, or better yet — move your entire network to the cloud. Find a managed services provider (MSP) that is certified to host your network and take back your server area for something more fun, like a coffee bar.
Identifying vulnerabilities to your network may appear overwhelming at first, but with the right steps you can create a fortress of data security in your firm and prevent hackers from designing a breach that could cost you a fortune in litigation and remediation. For tips on how to design a secure network download our Layered IT Security Model eBook below.