Blog

Five Ways Law Firms Can Improve Data Security

Ouch! 

Law firm data breaches made international headlines in 2016: Mossack Fonesca in Panama. It has been called the – the biggest leak in history – 11.5 million documents totaling 2.6 terabytes. It resulted in the disclosure of the “Panama Papers,” airing the details of offshore financial activities of dozens of current and former world leaders, business persons, and celebrities.

Why the attackers were successful and how the breaches happened is straightforward; ‘astonishing’ low regard for security. Time and again, law firms have been targeted by attackers due to the sensitive and valuable information they hold. In short, protect your clients’ private, sensitive information or pay the price.

I have compiled a list of five ways law firms can protect themselves and their clients:

1.  THINK SMARTER. DON’T ASSUME
Recognizing information risk is the most crucial step. You must know what people have access to your data and when, what they are doing with your information, and how they are protecting it. The top-ranked security threat and your weakest link is not a missing piece of technology, it’s your employees and partners! If firms, see cybersecurity as an advantage rather than a cost factor and invest in user awareness and education they can safeguard their clients’ information and their own reputation and finances.

2. TEST YOUR SECURITY
Security assessments are quickly becoming a client requirement. A survey by the American Bar Association found, clients are increasingly focusing on the information security practices of the law firms representing them and using approaches like required third party security assessments, security requirements, and questionnaires. This increasing pressure to respect and protect personally identifiable information has led local and federal and governments, across the globe, to transform their data regulations and hammer down enforcement. Law firms must invest in and validate that their security is working. Data security and privacy protection is no longer an option in today’s connected world!

3. GO PUBLIC WITH PRIVACY
Once you recognize the risk, take firm steps to put security and privacy policies into the core of your business practices. A privacy policy, written with the intent to ensure clients they can trust you with their information, can be a competitive business strategy. Once created, privacy policies should be shared in all publicly accessed areas within your firm and a regular review of data protection best practices should be encouraged. If employees do not understand or know the policies and are not trained in data protection best practices, methods, and processes, the firm will remain vulnerable to exploits.

4. ALWAYS KEEP YOUR SOFTWARE UP TO DATE
It takes a lot of technical resources to keep computer systems up to date. Even when they are, zero-day vulnerabilities, malware, spyware and viruses are often found. Additionally, you have anti -virus and anti -spam systems which also require constant updates. More and more companies are outsourcing their security and encryption, subscribing to software-as-a-service (SaaS) from reputable security providers. These security providers hire technical staff that are highly specialized and well-trained in the areas of computing security and they meet and exceed regulatory requirements, providing up-to-date security and scalable encryption services at a reasonable cost.

5. ENCRYPT. ENCRYPT. ENCRYPT
The responsibility of securing sensitive data and communications falls on your law firm’s shoulders. When securing messages and documents, encryption should be your first go-to defense. It is a strong security measure that protects data in storage and in transit. Security professionals view encryption as a basic safeguard that should be widely deployed. In fact, policy-based encryption controls can automatically encrypt and protect data according to your sensitivity and confidentiality classifications minimizing the ‘Human factor’ by strengthening your weakest link.

Echoworx believes in preserving privacy rights and the expectation of secure digital communication. Our enterprise encryption software, OneWorld Enterprise Encryption helps firms to secure their information and communication from in and outside of their enterprise – in transit and at rest. To learn more about automated and adaptive encryption, the risks associated with weak B2C communications, and how you can get started:

Listen to our ON DEMAND WEBCAST | Protecting Clients in a Hostile World
Watch our PRODUCT DEMONSTRATION | OneWorld B2C Encryption Protection
Read our MARKET RESEARCH SURVEY | Enterprise Encryption and Authentication Usage

If you have specific questions or would like more personalized information, reach out to the experts at Echoworx.

By Chris Peel, VP Engineering, Echoworx