5 Common Law Firm IT & Data Security Mistakes

On September 1st, 2015, posted in: Security Threats by Comments Off on 5 Common Law Firm IT & Data Security Mistakes

Did you know that according to Bloomberg Business, 80% of the country’s top 100 law firms have had a security breach? While this statistic may sound shocking, the reality is that many law firms (both large and small) simply don’t view security as a priority in their business.

Milwaukee law firm IT Data Security

The reason is often simple; in law firms, time is money. However, consider this:

  • If the computers in your practice become infected with malware, slow down as a result and cause other annoying issues that affect productivity, your firm is losing money.
  • According to teachprivacy.com, “After the HITECH Act of 2009, HIPAA now enables direct enforcement by the U.S. Department of Health and Human Services (HHS) over business associates of covered entities under HIPAA.
    What this means is that if a law firm receives patient data from a client healthcare provider, such as a hospital, the law firm is a business associate and will be subject to many of HIPAA’s privacy and security requirements. The firm can face fines and audits by HHS and state attorneys general.These fines can be up to $1.5 million per provision of HIPAA violated, and often HHS finds quite a number of provisions violated.”
  • In 2013, Microsoft released 37 critical updates for Windows Server 2003. After July 14th, 2015, NO new updates will be released. If you fail to update your Windows Server® 2003, your entire network could be compromised. Just imagine how that would affect time, productivity and ultimately your bottom line.

Law firm data protection & security Milwaukee

The Growing Trend with Hackers and Law Firms

Unfortunately, while hackers used to engage in computer hacking for fun, or the challenge, their main driver is now about making money, particularly through extortion or blackmail. Law practices are particularly vulnerable due to the sensitive nature of information they deal with.

We meet with many Milwaukee area law firms who believe they are doing enough to protect their sensitive data, but once we conduct an initial audit of their network, we often find common, yet completely avoidable mistakes.

These are the Top 5 IT Security Mistakes Law Firms Make – and How You can Avoid Them

1. No Plan for Disaster Recovery and Continuity

We’ve discussed on our blog, the importance of a disaster recovery and continuity plan for any business, but it is critically important that law firms have a DR plan in place in order to bounce back from an unexpected event that could leave the practice vulnerable and inoperable.

Without a plan in place, a major (or minor) disaster could result in missed court appearances, hourly/daily income loss, irreversible loss of important client and law firm data and perhaps the biggest loss of all, the loss of your valuable clients.

2. No Mobile Device Management (MDM) Policy or Control Over Devices

Many legal firms use mobile devices like laptops, mobile phones and iPads, but often these devices are not controlled or monitored by the law firm. If emails are accessible on a personal mobile device without encryption, this presents a security risk due to the sensitive nature of client data.

If this data was stolen, accessed without your knowledge or ended up in the wrong hands, it could present a serious violation of trust for your clients and permanently damage your brand.

Mobile Device Security Solutions For Milwaukee Area Law Firms

One of the most popular IT support services Milwaukee area law firms inquire about is mobile device management, due to the flexibility and control your practice can gain over lost devices, data ownership, encryption and secure file sharing.

For example, did you know Mobile Device Management provides passcode and encryption enforcement, in addition to the ability to remotely locate, lock and wipe out sensitive company data from lost or stolen devices?

With any Mobile Device Management solution, Ontech Systems can provide assistance in defining your firm’s “bring your own device” BYOD policy. There is a fine line between maintaining employee satisfaction while securing control over sensitive data. If you don’t have a mobile device policy in place, without question, your network is at risk.

3. Staff Relies on Consumer-Grade File Sharing (Like Dropbox)

It’s no secret that Dropbox presents a security risk, as it does not meet many of the certifications (HIPAA, PCI certifications, FERPA, ISO 9001, ISO 2001, etc.) that would qualify it as a secure file sharing application.

In fact, Dropbox has endured several very public security breaches and the company admits it does not meet these security requirements. Some Milwaukee area law firms still use Dropbox for sharing large files with colleagues and clients. While IT staff can prevent the application from being downloaded, the online version is still available and as a result, the most effective way to stop its use altogether is to offer an alternative. Additionally, the next step is to educate staff throughout the firm about the security risks of consumer grade file sharing services.

At Ontech Systems, many of our clients now use Anchor, a service that supports the growing BYOD (bring your own device) trend by making it possible for employees to access their files on any device and collaborate with colleagues, clients and business partners.

4. Poor Staff Education about Best Practices in IT Security

Now is the time to begin a firm-wide conversation about file sharing, BYOD and security in general at your Milwaukee area law firm.

A study by strozfriedberg.com, a global leader in investigations, intelligence and risk services, revealed that 87% of Senior Managers upload business files to a personal email or cloud account.

All it takes is just one employee to send an unencrypted email with HIPAA protected information in it and your practice could suffer a hefty fine.

All employees at your law firm – partners included – need to be on the same page about security. After all, your people pose the greatest security threat to your law firm, not technology. The risks around staff are great and educating them is critical.

5. Weak or Non-Existent Passwords on Desktops or Mobile Devices

Many firms don’t change the original passwords that came with their desktop computers and if they do, they set up a simple password like “password” or “12345” for ease of use.

This leaves sensitive information open to physical theft and the possibility of a disgruntled employee accessing the system after termination has taken place.

When you discuss security policies with your staff, it is best practice to require a change of passwords at certain intervals, such as when a desktop is inactive.

Warning: Mobile Device Security is a High Risk for Law Firms

Mobile data is at higher risk than desktop data since the device can be lost, stolen or accessed easily by anyone with access to it, even if only for a brief period of time. When discussing best practices in security with staff, be sure to establish policies that include mandates on passwords and password changes for mobile devices. Some mobile devices now offer security conveniences, such as the fingerprint reader on the latest iPhone, which helps this safety precaution become less of a burden on attorneys and staff.

While there are many other security vulnerabilities that put your network at risk, these are the top 5 mistakes we typically see when conducting a Free Network Discovery for law firms.

If your Milwaukee or southeastern WI law firm is in need of IT consulting, security solutions, advice on establishing BYOD policies, or any other IT related issue, call our office at (262) 522-8560 or contact us by email. We’ll help your law firm operate more efficiently, remain HIPAA compliant and spend less time on IT related issues.

Request a No-Fee, 100% Free Network Discovery

NO obligation. NO commitment. Put us to the test!

To see if Ontech Systems is a good fit for your practice, request a free network discovery where we will evaluate your current network and offer ways to improve the productivity and efficiency of your firm.

Your network discovery will include an audit of your current network, infrastructure, server(s), PC’s, backup, security performance and reliability, followed by a non-technical Q&A Session with our Network Consultant.

For technology questions or any other inquiry, please contact our office by email or by phone at (262) 522-8560.

Read previous post:
Mobile Device Management Solutions MDM Milwaukee
8 Risks & Rewards of Mobile Device Management (MDM) Solutions

Want to cut costs and increase employee productivity? Jump on the BYOD bandwagon. If you’re new to this growing trend,...