Security: Are you putting your documents at risk?

December 4, 2014
Salt Lake City, UT

Data security is top of mind for law firms worldwide as cyber threats continue to expand and security needs continue to be more sophisticated.  Google defines due diligence as "reasonable steps taken by a person in order to satisfy a legal requirement."  Undoubtedly, the majority of us have done proper due diligence on our personal information, including bank account access and medical records, but as legal professionals, have proper due diligence been performed on sensitive client information?  The obligation of the legal industry to increase security on client data generally exceeds the same obligations of other industries.  So, let's take a look at some ways that your data is being exposed to threats.

Do you save documents in a shared drive?

If your files are being stored on a shared network server, there are multiple reasons to worry.  Not only are files at more risk of being misfiled and lost in an array of subfolders and sub-sub folders, but private information can be more easily exposed through malicious viruses or attachments.  If your office has access to remote into the office network from home, that connection can also be very vulnerable to interception.  Finally, the biggest threat to saving documents on a shared network is human error.  Accidental deletions, virus-laced attachments, or external sharing of private documents all contribute to law firm vulnerability.

Do you email documents as attachments?

Email was not designed with privacy or security in mind.  Since we access email on so many different devices, it opens up more opportunities for network vulnerabilities.  Our cell phones and tablets were designed to help us work outside the office, not to scan attachments for potential viruses.  Sending confidential attachments through email opens up the firm to risk.

Does everyone in your firm have access to documents?

Although the ability to assign some access rights is available on shared network drives, it is very basic and does not offer the level of security that your clients require or expect.  When everyone has access to all documents, the risk of inadvertent deletion or sharing increases substantially.