For many lawyers, the prospect of deciphering cybersecurity requirements for their law firms often seems like an overwhelming prospect. That’s why many simply keep their heads in the sand rather than implement new technologies designed to maintain security. Their rationale is that sticking to the status quo is the safer, simpler choice.
Unfortunately, in 2017, that premise is simply untrue. Twenty-six states now require that lawyers stay abreast of changes in legal technology and Florida now requires that lawyers accumulate 3 CLE technology credits per biennial cycle. That’s why using even basic technology such as email without understanding and implementing necessary security procedures and tools is unethical at best — and at worst can even amount to malpractice.
The good news is that there are steps you can take to implement security procedures that will protect your law firm’s data and help to keep client data confidential and secure.
Password protection
First and foremost, secure your devices with strong passwords. Use a password manager such as Lastpass or 1Password. These low-cost, multi-platform tools store your passwords via encrypted files and automatically populate sites with the correct passwords when you visit them. They can also generate secure passwords for you which you can then access from any device.
Along those same lines, it’s imperative that you ensure that all of your smartphones and other devices are password protected. Importantly, do not use the fingerprint unlock feature, since recent cases indicate that law enforcement can force you to provide your fingerprint to unlock the phone, whereas password protected phones often receive greater protection. And, make sure to use the most complex password combinations available. That way, if you lose or misplace your device, the data it contains will be inaccessible to whomever finds it.
Speaking of misplacing a device, if you have an iPhone, consider investing in an Apple Watch. In addition to its many reminder features and apps that are useful for lawyers, the Watch has a feature that helps you find a misplaced phone by causing the phone to emit a sound, a feature that I’ve used on many occasions. Also, the Watch face indicates if the phone that it is connected with is located more than 30 feet away. On more than one occasion, that indicator has served to remind me that my Watch was no longer connected to my phone since I’d inadvertently left it behind as I was leaving a building.
Stop using email
Email is an outdated mode of communication and it’s inherently unsecure. Emails are akin to sending postcards written in pencil through the post office, making it incredibly easy for those who have the know-how to intercept emails — and their attachments — and read them.
Sure, email was given the green light by bar associations in the late 1990s, but times have changed. There are more secure alternatives for client communication, something bar associations have recently begun to acknowledge. In fact, some have issued opinions warning against using email in some cases, indicating that lawyers must balance the sensitivity of the information being discussed via electronic means with the security offered by the specific technology being used. (See, for example, ABA Formal Opinion 11-459 (2011) and Texas Ethics Opinion 648).
The good news is that there are better, more secure communication methods now available, with web-based client portals being one of the most popular alternatives to email. This is because these portals allow lawyers to communicate and securely share case-related information with their clients, all in one convenient location. The cumbersome back and forth process of unsecure, threaded emails is avoided and is instead replaced by the ability to securely communicate in an encrypted, controlled online environment.
Security in the cloud
Which brings me to my final recommendation: ditch your local server and move your law firm’s client files into the cloud. Your data will undoubtedly be more secure in the cloud than it is on your law firm’s old servers that likely haven’t been maintained or updated with security patches in years.
And, yes, I work for a company that provides cloud computing software and online storage for lawyers, but that’s got nothing to do with my recommendation. In fact, I started suggesting that lawyers use cloud computing because it was a more secure option years before I was hired by MyCase in 2012. For example, I explained why cloud computing is a more secure option for solo and small-firm lawyers in this article written in 2009:
(T)he security risks posed by cloud computing platforms are far less than the systems currently in place in most U.S. law offices. If the majority of law offices began using cloud computing services in their practice, client data would be far more secure than it is now…
(N)early 95 percent of New York lawyers work in very small law offices. The vast majority of those small firms don’t have IT support on staff, and most lawyers in those firms don’t know the first thing about computers.
Undoubtedly those attorneys continue to use systems and software from the late 1990s —at least, that’s the case in many law offices I’ve visited. Their anti-virus software is antiquated and their practice management software, if they even have it, has never been updated because most attorneys are too busy practicing law to bother with that “computer stuff.” Many don’t understand the importance of updating software and the security issues created when security patches are not installed.
Those same arguments hold true today. For many law firms, things haven’t changed much since 2009, and that’s why cloud computing software is the most secure, affordable option: it offers better security, including data redundancy and disaster recovery options, than the outdated, traditional on-premise storage solutions used by many law firms. Simply put, for most solo and small law firms, cloud computing provides the most secure way to store and protect confidential client data.
While not an exhaustive list, those are a few steps you can take today to improve your law firm’s cybersecurity practices. Why not start the year off right and make sure that your law firm’s data is secure? It’s the smart — and ethical — thing to do.
Editor’s Note – this article was republished with the permission of the author from her posting on Above the Law.