Did you know that according to Bloomberg Business, 80% of the country’s top 100 law firms have had a security breach? While this statistic may sound shocking, the reality is that many law firms (both large and small) simply don’t view security as a priority in their business.
The reason is often simple; in law firms, time is money. However, consider this:
The Growing Trend with Hackers and Law Firms
Unfortunately, while hackers used to engage in computer hacking for fun, or the challenge, their main driver is now about making money, particularly through extortion or blackmail. Law practices are particularly vulnerable due to the sensitive nature of information they deal with.
We meet with many Milwaukee area law firms who believe they are doing enough to protect their sensitive data, but once we conduct an initial audit of their network, we often find common, yet completely avoidable mistakes.
We’ve discussed on our blog, the importance of a disaster recovery and continuity plan for any business, but it is critically important that law firms have a DR plan in place in order to bounce back from an unexpected event that could leave the practice vulnerable and inoperable.
Without a plan in place, a major (or minor) disaster could result in missed court appearances, hourly/daily income loss, irreversible loss of important client and law firm data and perhaps the biggest loss of all, the loss of your valuable clients.
Many legal firms use mobile devices like laptops, mobile phones and iPads, but often these devices are not controlled or monitored by the law firm. If emails are accessible on a personal mobile device without encryption, this presents a security risk due to the sensitive nature of client data.
If this data was stolen, accessed without your knowledge or ended up in the wrong hands, it could present a serious violation of trust for your clients and permanently damage your brand.
One of the most popular IT support services Milwaukee area law firms inquire about is mobile device management, due to the flexibility and control your practice can gain over lost devices, data ownership, encryption and secure file sharing.
For example, did you know Mobile Device Management provides passcode and encryption enforcement, in addition to the ability to remotely locate, lock and wipe out sensitive company data from lost or stolen devices?
With any Mobile Device Management solution, Ontech Systems can provide assistance in defining your firm’s “bring your own device” BYOD policy. There is a fine line between maintaining employee satisfaction while securing control over sensitive data. If you don’t have a mobile device policy in place, without question, your network is at risk.
It’s no secret that Dropbox presents a security risk, as it does not meet many of the certifications (HIPAA, PCI certifications, FERPA, ISO 9001, ISO 2001, etc.) that would qualify it as a secure file sharing application.
In fact, Dropbox has endured several very public security breaches and the company admits it does not meet these security requirements. Some Milwaukee area law firms still use Dropbox for sharing large files with colleagues and clients. While IT staff can prevent the application from being downloaded, the online version is still available and as a result, the most effective way to stop its use altogether is to offer an alternative. Additionally, the next step is to educate staff throughout the firm about the security risks of consumer grade file sharing services.
At Ontech Systems, many of our clients now use Anchor, a service that supports the growing BYOD (bring your own device) trend by making it possible for employees to access their files on any device and collaborate with colleagues, clients and business partners.
Now is the time to begin a firm-wide conversation about file sharing, BYOD and security in general at your Milwaukee area law firm.
A study by strozfriedberg.com, a global leader in investigations, intelligence and risk services, revealed that 87% of Senior Managers upload business files to a personal email or cloud account.
All it takes is just one employee to send an unencrypted email with HIPAA protected information in it and your practice could suffer a hefty fine.
All employees at your law firm – partners included – need to be on the same page about security. After all, your people pose the greatest security threat to your law firm, not technology. The risks around staff are great and educating them is critical.
Many firms don’t change the original passwords that came with their desktop computers and if they do, they set up a simple password like “password” or “12345” for ease of use.
This leaves sensitive information open to physical theft and the possibility of a disgruntled employee accessing the system after termination has taken place.
When you discuss security policies with your staff, it is best practice to require a change of passwords at certain intervals, such as when a desktop is inactive.
Mobile data is at higher risk than desktop data since the device can be lost, stolen or accessed easily by anyone with access to it, even if only for a brief period of time. When discussing best practices in security with staff, be sure to establish policies that include mandates on passwords and password changes for mobile devices. Some mobile devices now offer security conveniences, such as the fingerprint reader on the latest iPhone, which helps this safety precaution become less of a burden on attorneys and staff.
If your Milwaukee or southeastern WI law firm is in need of IT consulting, security solutions, advice on establishing BYOD policies, or any other IT related issue, call our office at (262) 522-8560 or contact us by email. We’ll help your law firm operate more efficiently, remain HIPAA compliant and spend less time on IT related issues.
NO obligation. NO commitment. Put us to the test!
To see if Ontech Systems is a good fit for your practice, request a free network discovery where we will evaluate your current network and offer ways to improve the productivity and efficiency of your firm.
Your network discovery will include an audit of your current network, infrastructure, server(s), PC’s, backup, security performance and reliability, followed by a non-technical Q&A Session with our Network Consultant.
For technology questions or any other inquiry, please contact our office by email or by phone at (262) 522-8560.
Want to cut costs and increase employee productivity? Jump on the BYOD bandwagon. If you’re new to this growing trend,...