Scared by Data Stats? 3 Steps to Security

In the 2015 ABA Legal Technology Survey Report, released this past August, is a very real assessment of the ability of small law firms to avert and (if necessary recover from) data disasters. More than 1 in 10 small law firms of 1-49 attorneys know they have had a data security disaster (11.1% of solos, 16% of 2-9 attorney firms, and 14.2% of 10-49 attorney firms).

And perhaps more frightening because of its client risk implications: 10% of 10-49 attorney firms, 4.7% of 2-9 attorney firms, and a whopping 22.9% of solo firms don’t know whether or not they’ve experienced a data disaster. Of course if you don’t know about a data breach within your business, it goes without saying that you have not alerted your clients or taken steps to repair the security weakness.

Of course small firms must abide by the protection laws that govern your own and your clients’ information, regardless of the weather. Many small business owners assume that cloud technology providers already have the ability to protect and recover data. Isn’t data protection a primary benefit of cloud technology?

Yes—and no.  Most cloud providers (such as those that focus primarily on file storage or shared files) serve a wide array of industries, and not every industry needs the same high levels of data security.  The legal community does.

Rightly, in the same ABA Legal Technology Survey, 82% of solo respondents and 65% of 2-9 attorney firms said the name and reputation of the cloud computing provider was “Very Important” to their choice of the cloud they use. It’s important to know what to look for—and even more important to know that the typical cloud security standards are not adequate (legally or practically) for law firms.

1. Is your cloud Certified? Several technology governances offer a security standards ranking. Firm Central from Thomson Reuters, for example, has the SSAE SOC2, Type 2 Certification from SSAE16. The Trust Services Principles and qualifications for this certification include security, availability, process integrity, privacy, and confidentiality—making the SSAE SOC2 one of the most trusted security ratings in the industry

2. What does this cloud provider present as its primary feature/benefit? If it’s file storage, you may be looking at a “generic” solution built to serve multiple industries. This is not likely to include the legal-specific features that any lawyer needs—things like time tracking & billing, a legal deadline calculator, global legalese-enabled search, case and contact management, and legal research from within the platform.  For that matter, some cloud “solutions” don’t even provide a platform—they only provide online file storage.  Move on.

3. Scrutinize your cloud/potential cloud against a data security checklist. This one from the small law firm group within Thomson Reuters, 4 Things Law Firms Need from a Legal Cloud Services Provider, lays out clear, exact standards for cloud software security. Think of:

• Data transport security
• Physical security (it’s “in the cloud” to you, but the provider has it stored in a physical location)
• Firewall/digital intrusion security
• Client communications—such as email vs. a client portal for doc transfer

Download the complimentary Thomson Reuters checklist for a pointed, easy summary of the protection features you need as a small law firm