Clients trust you with personal, financial, and legal information that needs to be kept confidential. A security breach may let out secrets and proprietary information that can damage your clients’ reputation, business, or finances. Worse, such an issue may not only lead to a termination of your relationship with the affected client but others who learn about it as well.
With so much data stored digitally today, most firms tend to focus their security efforts on stopping hackers and others from getting in. Unfortunately, your biggest security risk may not come from the outside, but the inside, in the form of current and former partners and employees.
How so? A 2014 survey by Intermedia and Osterman Research found that 89% of workers were able to access sensitive information through Dropbox, email, SharePoint, or other information-sharing applications. And 45% said that the information they access was “confidential” or “highly confidential.”
Now imagine what happens when those employees move on from your law firm. How do you police sensitive data that may be on numerous devices–home computers, laptops, smartphones, tablets–some that are not even your firm’s property? The best way to prevent a security breach crisis is to be proactive in following best practices and policies.
Control Your Employees’ Access To Data From The Beginning
One of the best ways to prevent data leaks after people leave is simply not to give them access in the first place. Everyone who works for you should only have access to the files and data that are necessary to do their jobs. Sure, you’ll still have worries if a partner or someone else higher up leaves, but it’s easier to retrieve data from just a few people than from everyone at the firm.
Use Only Firm-Based Devices and Systems
As mentioned above, this can be a tough one with the various ways we access information in this day and age–but it can be done. How?
Do not let your employees use their own personal email. This may be obvious, but it is extremely important. By insisting that everyone only use work email, your firm can control an employee’s access to what they receive and send throughout the workday. It also makes removing your employee from your firm’s information database easy.
If you have the budget to provide your employees with a firm-owned mobile device, this can alleviate issues with them putting sensitive data on their personal phone. Then, when they leave, you simply take back the phone, and all of the data contained on it. It’s also easier to install security measures on firm-owned devices that can help you locate them or wipe the data if necessary.
Use the Cloud
This is another great way to gain a huge amount of control over your firm’s data. Keep all firm and client data on the cloud, and constantly update passwords to make sure only the right people have access. Cloud servers are offsite and tend to have an extremely high level of security that the vast majority of law firms would not be able to afford on their own. Moreover, cloud services are encrypted and monitored by a team of experts who can inspect and identify any malicious traffic. And finally, there are software solutions available that make it easy for you to specify who has access to what and to remove permissions after employees leave.
Require Wiping Technology To Be Added To Personal Devices
Want your employees to have the flexibility of using their own devices? Talk to security experts about your options incorporating “wiping” technology that can erase firm data from personal devices without removing the individual’s personal information. With the right solution, this can be done remotely–and only target the data related to your law firm. This means you can take action fast after an employee leaves, because you don’t have to wait for them to turn in the device to IT for the data to be removed.
Put a Plan in Place
If your firm consistently keeps security as a top priority, it will be easier to identify a breach of information and address it quickly.
According to a 2013 American Bar Association study, 70% of law firms said they were not sure if their firm’s security had ever been breached. Knowing when your information is in the wrong hands will help you get that information back and identify the culprits.
- Educate your employees on how to keep their information safe and know when they have been the victims of stolen information. This can be done through workshops, educational videos, or phishing drills.
- Review your security policies with each client, and constantly communicate if or when you may need to share certain pieces of personal information.
- Keep track of who has and has shared confidential information about your clients or your firm and for what purpose. If that information is later shared with an unauthorized individual, you will have a better idea of where the breach happened.
Having these measures in place is not just a good way to protect and store data, it also proves to clients and partners that your firm is serious, forward thinking, and committed to the safety and security of everyone you work with.