Cybersecurity – Sometimes The Problem Is You
The weak link is often not the software you use to store your files; it’s you and your policies (or lack of policies) for accessing files.
Last Friday, Above the Law held its inaugural Academy for Private Practice in New York. There were several great panels and workshops focusing on what solos and small law firm attorneys can do to have a better law practice. I spoke about cybersecurity and ediscovery, and had a number of people come up to me throughout the day ask me something like, “I am a total novice when it comes to cybersecurity. What is the best platform for me to store my files securely?” There are certainly a lot of platforms to choose from and some are better than others, but usually the platform is the least of your worries.
Imagine you store your client files in that one room from Mission: Impossible 1. Would Tom Cruise need to fake a fire and crawl through the ventilation shaft with some weird pulley system if the NOC list was accessible remotely via one of the employee’s cell phones?
Most of the time, if you are looking at increasing your firm’s security, the weak link is not the software you use to store your files – it’s you and your policies (or lack of policies) for accessing files. Here’s what I’m talking about:
How AI Is The Catalyst For Reshaping Every Aspect Of Legal Work
Mobile Access
A lot of cloud service providers have mobile apps to access your files remotely. Of course, a lot of phones allow you to access your email from your phone too. So, on most business phones, there are at least confidential emails. An unsecured phone is a much easier route to that information than going in to hack the server. A good portion of data breaches from unsecured phones come from phones that are just lost or misplaced too.
So, aside from the simple solution of locking your phone with a password, there are other solutions that you can employ to help keep your information safe. First though, consider the physical characteristics of your phone. Hold your phone up to the light and turn to look across the surface of it. Can you see the outline of your trace pattern to unlock your phone (Android), or can you see finger smudges over the password keys? If so, using a password might not be the best solution for securing your phone. Companies can also dictate what the minimum security level is to have access on that phone. For example, I had a client that dealt with health records. They had server controls that did not allow email to be synced to an employee’s phone if the employee did not have a strong lock system, such as a password or fingerprint lock on their phones.
Several cloud apps also allow you to configure a password to access complete cloud directories in the mobile app. Without that, if someone does get your phone, they have access to all of the documents in your cloud drive.
Sponsored
How AI Is The Catalyst For Reshaping Every Aspect Of Legal Work
Profit Powerhouse: Elevating Law Firm Financial Performance
Document Automation For Law Firms: The Definitive Guide
Profit Powerhouse: Elevating Law Firm Financial Performance
Some phones also allow for remote locking and remote wipe. That way, if you can’t find your phone, and you don’t know if it’s lost or stolen, you can remotely lock it or remotely wipe the phone’s memory.
In sum, lock your phones using the most secure method available. If you are concerned, enable controls on your server that block users who do not lock their phones. Look into whether you can remotely lock or remotely wipe your phone’s memory if you think it might be stolen or misplaced.
Securing Your Computers
If computers are set up to remotely access files, they are one of the easiest ways to get a company’s data. Again, aside from the simple solution of putting a password on your computer, here are a few more ways to make your computers safer.
If your computer has a password, it does not help if the computer does not get to the password login screen. Configure your computers so they go to sleep after a few minutes of inactivity and require a password at wake up. I have two levels of settings for my work computers. I have them set to lock with a password after just a few minutes of inactivity when they are plugged in, and a much longer period if they are not plugged in. The rationale there is if my computer is on and plugged in, it’s probably at my desk, and if I have not hit any keys for a few minutes, I’m probably not at my desk. Conversely, if my computer is not plugged in, it’s because I have it with me, and am probably doing some kind of a presentation or using it in court, and I might have a longer gap in between slides as I explain something on the screen, so I would not want it to turn off after just a few minutes. Otherwise, I would be constantly reconnecting to the projector and waking my computer up during a presentation.
Sponsored
Early Adopters Of Legal AI Gaining Competitive Edge In Marketplace
Are Small Firms Going Big On Legal Tech?
If you have work laptops, try setting up cloud syncing of files, as opposed to requiring employees to download and create multiple copies of files. Many cloud providers allow you to unlink a computer and remotely wipe the files from the missing or stolen laptop.
Conclusion
Before you begin looking at making big changes in your file storage solutions, take a look at your policies and procedures in the office to see if the weak link is going to be from within or whatever platform you choose to store files.
Jeff Bennion is Of Counsel at Estey & Bomberger LLP, a plaintiffs’ law firm specializing in mass torts and catastrophic injuries. Although he serves on the Executive Committee for the State Bar of California’s Law Practice Management and Technology section, the thoughts and opinions in this column are his own and are not made on behalf of the State Bar of California. Follow him on Twitter here or on Facebook here, or contact him by email at jeff@trial.technology.