In law firms, anything going on in the office that doesn’t have to do with a case often needs to take a back seat. This means anything to do with IT, like user accounts, access, or security, is often set aside. Especially in a smaller firm, there might be a secretary, office manager, or small helpdesk to assist with these types of issues—or help could be non-existent. This is why it is important that law firms have some form of identity and access management policies or solutions in place. This allows practice leaders the opportunity to not focus on account and password management but rather on important projects and cases.
The following are three common account and password issues in law firms and how they can mitigate them with IAM policies and solutions.
Access Rights to Highly Secure Law Applications
The first common issue is that law firms often deal with highly secure client information, and need to ensure that this information is kept safe from both outside hackers and unauthorized employee access inside the company. One way to ensure this is to have proper access management in place. This means that some type of policy to provision accounts and manage access is put into place with the possibility of a solution to assist.
There needs to be a guideline or policy of how accounts should be set up, named, and exactly what positions in the organization should have access to which resources. This allows the firm to ensure that when an account is set up, the newly hired employee has the exact resources and access rights that they need without being accidentally given too many, or too few, access rights.
An automated account management solution with role-based access control (RBAC) can also be of assistance so that this policy can be ensured and so that an employee does not need to manually perform account provisioning changes. For example, an employee starts at the organization as a junior attorney and needs all the appropriate accounts created for them. With an automated account management solution, they are simply entered into the HR systems and, based upon their position, accounts are created, for instance in Mycase (legal billing software) and West Law (a law database). This allows the employee to be up and running quickly, without the firm needing to deal with setting up correct access and accounts and ensuring that everything is secure and correct.
Managing Temporary and Contract Employee Accounts
Another common account issue is that firms often work with temporary employees, such as specialists on cases, who may need access to specific systems that the firm uses. The firm needs to ensure that these accounts are created correctly and then disabled as soon as the person is no longer working with the firm. Sometimes with larger cases, the firm might also need to share files and information with other firms who are assisting. In this case also, temporary access might need to be created. While this seems simple, it is all too common for these temporary accounts to be left active, leaving the firm’s network vulnerable.
This issue can also be easily solved with the use of an automated account management solution. This allows an administrator to easily create an account with a specified expiration date to ensure that the person no longer has access after that date. If the date is unknown, when it comes time to disable the account the admin simply has to disable it in the source system and all connected accounts are automatically disabled, rather than manually disabling the account in each system. The simpler the process is for managing these accounts, the easier it is for the firm to makes these changes and ensure security.
Cloud and Remote Access
Lastly, an issue that is increasingly becoming a problem is the use of mobile devices and working outside of the office using cloud applications. Lawyers, and those working in the firm, often meet with clients outside of the office and use their mobile devices, such as cell phones, tablets and laptops to access information. This process also needs to be secure, as well as efficient so that they can easily access the applications they need on the go, but not interfere with the security of this information.
Many automated account management solutions work seamlessly with both in-house and cloud applications so any change made to the account is carried out across all systems and applications. This means cloud applications and access to them can easily be provisioned and managed just as with in-house applications. Once these accounts are provisioned, how can they securely be accessed from mobile devices on the go?
Password management solutions can also be of benefit for firm employees working remotely. One of these solutions is single sign-on. While this solution has been around for a while, there have been advancements to allow SSO to work with virtually all devices and applications. The employee simply needs to enter their credentials one time and can then securely access all of their authorized applications wherever and whenever they want.
These are just a few of the account and password issues that law firms often experience that identity and access management solutions can assist with. IAM practices and solutions allow law firms to easily handle these issues so that lawyers and other employees in the office can focus on cases, rather than performing account and password changes, all while making the network and data access more secure.